• Details on the Task Scheduler ALPC zero-day

    Posted on August 28, 2018 at 07:59 CDT by Comment in the Forums

    Kevin Beaumont (@GossiTheDog) just published an excellent overview of the newly touted ALPC zero-day in Task Scheduler. Complete with working exploit code.

    The flaw is that the Task Scheduler API function SchRpcSetSecurity fails to check permissions. So anybody — even a guest — can call it and set file permissions on anything locally.

    It’s a privilege escalation bug, allowing an offending program to leapfrog itself from running in user mode to take over the machine.

    Catalin Cimpanu on Bleeping Computer posted the initial revelation from @SandboxEscaper, who posted original exploit code on GitHub, then deleted their Twitter account.

    Nothing to worry about yet, but expect to see a fix for all versions of Windows before too long.

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the AskWoody Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    March 2023
    S M T W T F S
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.