Windows 10 Zero-day Vulnerability in Task Scheduler

SandboxScaper, a security researcher and revealer of exploits has released details of a Window 10 zero-day that affects Task Scheduler. This time the exploit could enable the attacker to grab the full control of Window 10 or Window server files. The findings were shared on GitHub also on the Blogspot blog of the SandboxEscaper.

For the one who has not known heard about zero days, here is short detail what it is:

“Zero-day is nothing but a flaw in software or hardware or firmware. It may be termed as vulnerability or an attack that has zero days between the time the vulnerability is discovered and the first attack. It is known by the company or the party responsible for patching or fixing that flaw.”

This is the fifth time the hacker releases a Windows zero-day. This time, the zero day vulnerability is located in Task Scheduler which enables users to perform routine task on their computers. The flaw has occurred on one of the component called SchRpcRegisterTask which register task with the server. Due to the flaw, the component could not check for the permission and is set to provide an automatic permission to arbitrary DACL or Discretionary access control list.

Attacker thus can run a malformed .JOB file to obtain the complete access to the targeted machine. A proof-of-concept video is there that describe how it happens in real time. The flaw has later tested and confirmed by Will Dormann Vulnerability analyst at the CERT/CC on the updated version of Window 10, both 32 bit and 64 bit as well as on Windows 2016 and 2018.

There is no patch for this vulnerability as the update for this month has already. Users have to wait for the next update for the patch. Microsoft will release the fix may before the next month.