Windows 10 Task Scheduler Zero-Day Vulnerability Exploit Leaked, Can Help Gain Admin-Level Access

The flaw is open for exploitation and remains unpatched.

Advertisement
By Nadeem Sarwar | Updated: 22 May 2019 14:28 IST
Highlights
  • The exploit can be tweaked to work on older versions of Windows
  • A proof-of-concept video has also been made public
  • Microsoft is yet to acknowledge the LPE vulnerability and fix it
Windows 10 Task Scheduler Zero-Day Vulnerability Exploit Leaked, Can Help Gain Admin-Level Access

The same researcher unearthed a zero-day vulnerability last year as well.

Windows 10 has been hit by yet another zero-day vulnerability that can allow malicious parties to gain admin-level privileges. The yet unnamed zero-day vulnerability can be exploited to break into a system and gain full control over it. The newly discovered threat to Microsoft's operating system can be classified as a Local Privilege Escalation (LPE) that can help hackers change the privilege level of an account to admin level, and it is associated with the native Task Scheduler process. The exploit can reportedly work on previous versions like Windows XP and Windows Server as well.

The vulnerability was spotted by a security researcher going by the name SandboxEscaper, the same person who also discovered another zero-day vulnerability affecting the Microsoft Data Sharing service last year. SandboxEscaper shared the demo exploit code for the vulnerability on Github, which is a little ironic since Github is owned by Microsoft, alongside a proof-of-concept video detailing the process of exploiting the flaw.

As mentioned above, the vulnerability is associated with the Windows Task Scheduler process wherein bad actors can run a malicious command to promote the account level from low-privilege to admin control level. Once admin access is achieved, the malicious party can gain control over the entire system and target other system files. Will Dormann, a vulnerability analyst at CERT, has confirmed that the exploit is functional even on the latest Windows 10 May 2019 build. The exploit affects 32-bit and 64-bit versions of Windows 10, Windows Server 2016 and Windows Server 2019.

Theoretically, the flaw can reportedly be exploited on all versions of Windows such as Windows XP, and dating all the way back to Windows Server 2003. The vulnerability is yet to be patched, which means it is open to exploit. SandboxEscaper also claims to have discovered four more unpatched Windows bugs, with three of them being LPEs and the last one being associated with the Sandbox process.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Windows, Windows 10, Zero Day Vulnerability, Task Scheduler
Oppo A7 4GB RAM Variant, Oppo R17 Pro Price in India Cut by Up to Rs. 10,000
Huawei OS Reportedly Coming as Early as Fall 2019, but Is Said to Be Far From Ready
Advertisement

Related Stories

Microsoft Testing New AI Features in MS Paint, Snipping Tool and Notepad
23 May 2025
Signal’s New Update Prohibits Microsoft’s AI-Powered Recall Feature From Taking Screenshots
22 May 2025
Microsoft Introduces Edit, an Open-Source Command Line Text Editor for Windows at Build 2025
20 May 2025
Microsoft's Phone Link Panel Arrives on Start Menu With Support for Android Devices: Report
19 May 2025
Microsoft Surface Pro, Surface Laptop With Arm-Based Processors Tipped to Launch in 2026
16 May 2025

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Vijay Sales Apple Days Sale Brings Discounts on These iPhone, Mac Models
  2. Samsung Galaxy A26 Review
  3. Samsung Tri-Fold Smartphone Price Leaked, Might Launch in Q3 2025
  4. Xiaomi Pad 7 Ultra With XRING 01 SoC and 12,000mAh Battery Launched
  5. Xiaomi 15S Pro With With In-House XRING 01 SoC, 6,100mAh Battery Launched
  6. Honor Pad 10 With Snapdragon 7 Gen 3 SoC, 10,100mAh Battery Launched
  7. Infinix GT 30 Pro 5G India Launch Date, Colours, Key Features Confirmed
  8. Anthropic CEO Believes AI Models Hallucinate Less Than Humans
  9. Noise Buds F1 With Up to 50-Hour Playback Time Debuts at This Price Tag
  10. Acer Swift Neo Debuts in India With Intel Core Ultra 5 CPU: Check Price
#Latest Stories
  1. Trump Threatens 25 Percent Tariffs on Apple If iPhones Not Made in US
  2. iPhone 16 Pro Max, iPhone 15, MacBook Air (M4) and More Get Discounts During Vijay Sales Apple Days Sale
  3. Anthropic CEO Dario Amodei Says AI Models Hallucinate Less Than Humans: Report
  4. UK Government Updates Crypto Reporting Guidelines, Mandates Collection of Crypto Transaction Data
  5. Acer Swift Neo WIth Intel Core Ultra 5, Up to 32GB RAM Launched in India: Price, Specifications
  6. Elden Ring Film Adaptation in the Works at A24 With Alex Garland Set to Direct
  7. Noise Buds F1 TWS Earbuds With IPX5 Rating, Up to 50-Hour Total Playback Time Launched in India
  8. News Media Alliance Issues Statement on Google’s AI Mode, Calls It ‘Definition of Theft’
  9. Honor Pad 10 With Snapdragon 7 Gen 3 SoC, 10,100mAh Battery Launched: Price, Specifications
  10. Lava Bold N1, Lava Bold N1 Pro India Launch Teased; Pricing, Specifications Revealed
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.