New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft's monthly cycle of security updates.
This exploit is the fifth in a string that started in late August last year. It achieves local privilege escalation, granting a limited user full control over files reserved for full-privilege users like SYSTEM and TrustedInstaller.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I could have told you about that exploit 2 years ago. It's so easy and the Group policy objects surrounding Task Scheduler are spotty. It's insanity that a standard user account can just set or edit a task with a SYSTEM token. Plus if the task points at a file or folder, you can just delete that folder/file and replace it with with a folder/file with the same name and extension. Task Scheduler does not check if it's legitimate.
It's the reason why I got Kaspersky Total Security last year because it can monitor and restrict file and folder permission changes.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,042
...
It's insanity that a standard user account can just set or edit a task with a SYSTEM token.
...
It cannot (normally). You have to use the legal files (signed by Microsoft) from the old Windows XP system: schtasks.exe and schedsvc.dll . So, the insanity here is rather why M$ allows to run important system files from already unsupported system on Windows 10?:unsure:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top