Microsoft Windows Task Scheduler Vulnerability Revealed by SandboxEscaper

Last updated September 23, 2021
Written by:
Nitish Singh
Nitish Singh
Tech News Writer
Image Courtesy of Nermins Blog

A critical vulnerability residing in the Windows task Scheduler was revealed on Monday by security researcher SandboxEscaper on Twitter. A GitHub link containing the Proof of Concept was also posted showcasing the vulnerability.

After the vulnerability was disclosed CERT/CC vulnerability analyst Will Dormann verified the bug and stated that the zero-day flaw was found to be functional even on fully patched versions of 64-bit Windows 10 systems. The vulnerability has been described as an escalation security flaw that takes advantage of local privileges. It takes advantage of how the Windows Task Scheduler handles errors of ALPC (Advanced Local Procedure Call) systems.

https://twitter.com/SandboxEscaper/status/1034125195148255235

CERT/CC revealed after a formal investigation “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges. If an attacker can get a target to download and run an app, local privilege escalation gets the malware out of the user context up to (in this case) system privilege.”

If attackers are able to exploit the vulnerability, they can obtain system privileges. The public disclosure is definitely concerning for Microsoft as most security researchers choose to submit their findings of exploits and bugs to the developer instead of making them public. Currently, there are no workarounds available to secure yourself from the Windows vulnerability. Microsoft revealed that the company would “proactively update impacted devices as soon as possible."

The next batch of Microsoft Windows updates is scheduled for September 11, which will bring patches to fix the exploit. It is also likely that the tech giant will go out of schedule to fix the vulnerability to avoid cybercriminals from exploiting the operating system. SandboxEscaper’s Twitter account was deactivated shortly after the tweet was posted.

What do you think about the new Day 0 exploit found by SandboxEscaper? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: