Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
The Microsoft Windows task scheduler SchRpcSetSecurity API contains a vulnerability in the handling of ALPC, which can allow an authenticated user to overwrite the contents of a file that should be protected by filesystem ACLs. This can be leveraged to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. We have also confirmed compatibility with 32-bit Windows 10 with minor modifications to the public exploit code. Compatibility with other Windows versions is possible with further modifications.
This vulnerability is being exploited in the wild.
An authenticated local user may be able to gain elevated (SYSTEM) privileges.
Apply an update
Deploy Microsoft Sysmon Detection Rules
This issue was publicly disclosed by SandboxEscaper.
This document was written by Will Dormann.
|Date First Published:||2018-08-28|
|Date Last Updated:||2018-09-13 13:05 UTC|