LASER_oneXM

Level 33
Verified
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft's monthly cycle of security updates.
This exploit is the fifth in a string that started in late August last year. It achieves local privilege escalation, granting a limited user full control over files reserved for full-privilege users like SYSTEM and TrustedInstaller.
 

DeepWeb

Level 23
Verified
I could have told you about that exploit 2 years ago. It's so easy and the Group policy objects surrounding Task Scheduler are spotty. It's insanity that a standard user account can just set or edit a task with a SYSTEM token. Plus if the task points at a file or folder, you can just delete that folder/file and replace it with with a folder/file with the same name and extension. Task Scheduler does not check if it's legitimate.
It's the reason why I got Kaspersky Total Security last year because it can monitor and restrict file and folder permission changes.
 

Andy Ful

Level 44
Verified
Trusted
Content Creator
...
It's insanity that a standard user account can just set or edit a task with a SYSTEM token.
...
It cannot (normally). You have to use the legal files (signed by Microsoft) from the old Windows XP system: schtasks.exe and schedsvc.dll . So, the insanity here is rather why M$ allows to run important system files from already unsupported system on Windows 10?:emoji_thinking:
 
Last edited: