A vulnerability in Microsoft Windows task scheduler could allow a local user to gain elevated (SYSTEM) privileges.
The privilege escalation vulnerability is in the task scheduler's Advanced Local Procedure Call (ALPC) interface and can allow a local user to obtain SYSTEM privileges, according to the Aug 27 Cert advisory
“Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges,” the advisory said. “We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems.”
There is currently no practical solution to address the vulnerability.
Justin Jett, Director of Audit and Compliance for Plixer told SC Media the vulnerability signals a need to be extra vigilant regarding network users' behavior.
“The PoC released by “researcher” SandboxEscaper on Twitter gives malicious actors leverage needed to break into organizations to steal valuable information,” Jett said. “Network traffic analytics should continue to be used to detect anomalous traffic going across the network and to spot where users are behaving in a way that they historically don't.”
Jett added that such behavior could be a strong indicator that the glitch may already have been actively exploited. Ultimately, he said, will have to wait for Microsoft's response to the vulnerability but stressed that if they were to wait until the scheduled September 11 Patch Tuesday release, threat actors would have a two-week window to exploit the vulnerability.