He has run the attack against many generations of Windows machines and found the attack vector to be extremely reliable.
"I have tested it from XP to Windows 10 and Windows Server 2003 to Windows Server 2012. It creates a stealthy access on the target, only by using OS resources, meaning no noisy extra files are needed to take advantage of security issues."
The exploit, security researcher Sebastián Castro says, does something really dangerous: It allows the attacker to hijack someone's account and secretly maintain the victim's privileges within the computer even if the victim's account gets disabled.
We'll let Castro, who lives in Colombia, show you the exploit himself. It's both fascinating and frightening, and we'll be waiting for word of a Microsoft patch.