Title

Microsoft Task Scheduler Elevation of Privilege Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in the Microsoft Windows Task Scheduler service. Task Scheduler is a Windows service that enables the automation of routine tasks. To exploit this vulnerability, an attacker would gain access to an affected system and run a malicious application. If successfully exploited, this vulnerability would allow an attacker to elevate privileges on the affected system. At this time, there are known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Task Scheduler Vulnerability - (CVE-2010-3338): An elevation of privilege vulnerability exists in the way that the Windows Task Scheduler improperly validates whether scheduled tasks run within the intended security context. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-092 (2305420). Vulnerable Applications/Systems: Windows Vista SP 1 and SP 2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP 2 (x86*, x64* and Itanium) Windows 7 (x86 and x64) Windows Server 2008 R2 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Taskschd.dll Windows Vista SP1 / 2008 6.0.6001.18551 or 22791 Windows Vista SP2 / 2008 SP2 6.0.6002.18342 or 22519 Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 6.1.7600.16699 or 20830

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25862

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.