BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Windows Task Scheduler Service Privilege Escalation

Disclosed November 20, 2010    Fully Patched

Vulnerability Description:

The Microsoft Windows Task Scheduler service contains an access validation error. Users are allowed to edit a valid XML file via the Component Object Model (COM) interface, bypassing the CRC32 integrity checks. This allows users to execute arbitrary code with System privileges. This vulnerability is used by the Stuxnet malware family.

Vendors:

Microsoft

Vulnerable Software/Devices:

Windows Vista, 2008, 7, and 2008 R2

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Elevation of Privilege
Local elevation of privileges to System rights Attackers exploiting this vulnerability would be seeking to gain kernel-level access to a machine. It would need to be used in combination with some other exploit to initially gain access to the system, since this privilege escalation vulnerability is only locally exploitable. After exploiting the vulnerability, the attacker would have gained the ability to execute code with Kernel level privileges.

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
    • Retina Audit 13839 - Microsoft Windows Task Scheduler Service Privilege Escalation (2305420)

Mitigation:

Install the appropriate MS10-098 patch.

Links:

CVE(s):

None

Leave a Reply