#VU3075 Privilege escalation in Windows and Windows Server
Vulnerability identifier: #VU3075
Vulnerability risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: Yes
Vulnerable software:
Windows
Operating systems & Components /
Operating system
Windows Server
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a local user obtain elevated privileges on vulnerable system.
The vulnerability exists in Windows Task Scheduler when running scheduled tasks within the intended security context. A local user can create a specially crafted task and execute arbitrary code on vulnerable system with privileges of the local system account.
Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.
Note: this vulnerability is being actively exploited.
Mitigation
Install update from Microsoft website:
Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=48F10251-34D8-4149-B4B2-BF3EC28F5846
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=099CCC5F-B92F-4D06-BCB5-92E35C49F613
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=BDC9564A-4091-4CDE-963A-239513DB6C17
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=DFF39BFE-0799-4912-AE22-392562178AE6
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=CF341A35-32EA-4FF7-ACA9-1A4683C100EE
Windows 7 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=CF85CDB6-58C7-4144-82F6-F01A6A4F9C3A
Windows 7 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=0597018D-39F5-4CA9-B437-63D9E68F264D
Windows Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=28C832FB-4937-4652-8799-EAB6C76D05FB
Windows Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=3AD64D5C-2D81-4AC8-934E-8917B2FCF961
Vulnerable software versions
Windows: Vista, 7
Windows Server: 2008 - 2008 R2
External links
http://technet.microsoft.com/library/security/ms10-092
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
