New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Feb 4, 2016
2,516
15,625
3,578
53
Germany / Poland
Content source
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug-in-windows-10-task-scheduler/
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft's monthly cycle of security updates.
This exploit is the fifth in a string that started in late August last year. It achieves local privilege escalation, granting a limited user full control over files reserved for full-privilege users like SYSTEM and TrustedInstaller.
Click to expand...
 
  • Like
  • Wow
  • +Reputation
Reactions: g4nu5, Der.Reisende, CyberTech and 11 others
I could have told you about that exploit 2 years ago. It's so easy and the Group policy objects surrounding Task Scheduler are spotty. It's insanity that a standard user account can just set or edit a task with a SYSTEM token. Plus if the task points at a file or folder, you can just delete that folder/file and replace it with with a folder/file with the same name and extension. Task Scheduler does not check if it's legitimate.
It's the reason why I got Kaspersky Total Security last year because it can monitor and restrict file and folder permission changes.
 
  • Like
Reactions: Der.Reisende, CyberTech, oldschool and 8 others
DeepWeb said:
...
It's insanity that a standard user account can just set or edit a task with a SYSTEM token.
...
Click to expand...
It cannot (normally). You have to use the legal files (signed by Microsoft) from the old Windows XP system: schtasks.exe and schedsvc.dll . So, the insanity here is rather why M$ allows to run important system files from already unsupported system on Windows 10?:emoji_thinking:
 
Last edited:
  • Like
Reactions: upnorth, oldschool, bribon77 and 6 others
You must log in or register to reply here.

You may also like...