Back
SandboxEscaper is back with a new Windows Zero-Day in Task Scheduler
- By Elite CIO
May 29, 2019
9
SandboxEscaper is back with a new Windows Zero-Day in Task Scheduler
The zero is what security researchers call a local privilege escalation (LPE).
LPE vulnerabilities can’t be used to break into systems, but hackers can use the mat later stages in their attacks to elevate their access on compromised hosts from low privileged to admin level accounts.
According to a description of the Zero day posted on GitHub, this vulnerability resides in the Windows Task Scheduler process.
Attacker scan run a malformed.job file that exploits a flaw in the way the Task Scheduler process changes DACL (Discretionary Access Control List) permissions for an individual file.
When exploited, the vulnerability can elevate a hacker’s low privileged account to admin access, which, in turn, grants the intruder access over the entire system.
The Zero-day has only been tested and confirmed to work on Windows 10 32 bit systems
SandboxEscaperstrikes again
The researcher who released this Zero-day is named SandboxEscaper and has a reputation for releasing Windows Zero-day online without notifying Microsoft.