Windows 10 Task Scheduler Zero-Day Vulnerability Exploit Leaked, Can Help Gain Admin-Level Access

The flaw is open for exploitation and remains unpatched.

Advertisement
By Nadeem Sarwar | Updated: 22 May 2019 14:28 IST
Highlights
  • The exploit can be tweaked to work on older versions of Windows
  • A proof-of-concept video has also been made public
  • Microsoft is yet to acknowledge the LPE vulnerability and fix it

The same researcher unearthed a zero-day vulnerability last year as well.

Windows 10 has been hit by yet another zero-day vulnerability that can allow malicious parties to gain admin-level privileges. The yet unnamed zero-day vulnerability can be exploited to break into a system and gain full control over it. The newly discovered threat to Microsoft's operating system can be classified as a Local Privilege Escalation (LPE) that can help hackers change the privilege level of an account to admin level, and it is associated with the native Task Scheduler process. The exploit can reportedly work on previous versions like Windows XP and Windows Server as well.

The vulnerability was spotted by a security researcher going by the name SandboxEscaper, the same person who also discovered another zero-day vulnerability affecting the Microsoft Data Sharing service last year. SandboxEscaper shared the demo exploit code for the vulnerability on Github, which is a little ironic since Github is owned by Microsoft, alongside a proof-of-concept video detailing the process of exploiting the flaw.

Advertisement
Windows Discussion
Explore More...

As mentioned above, the vulnerability is associated with the Windows Task Scheduler process wherein bad actors can run a malicious command to promote the account level from low-privilege to admin control level. Once admin access is achieved, the malicious party can gain control over the entire system and target other system files. Will Dormann, a vulnerability analyst at CERT, has confirmed that the exploit is functional even on the latest Windows 10 May 2019 build. The exploit affects 32-bit and 64-bit versions of Windows 10, Windows Server 2016 and Windows Server 2019.

Theoretically, the flaw can reportedly be exploited on all versions of Windows such as Windows XP, and dating all the way back to Windows Server 2003. The vulnerability is yet to be patched, which means it is open to exploit. SandboxEscaper also claims to have discovered four more unpatched Windows bugs, with three of them being LPEs and the last one being associated with the Sandbox process.

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Windows, Windows 10, Zero Day Vulnerability, Task Scheduler
Oppo A7 4GB RAM Variant, Oppo R17 Pro Price in India Cut by Up to Rs. 10,000
Huawei OS Reportedly Coming as Early as Fall 2019, but Is Said to Be Far From Ready
Advertisement

Related Stories

How to Use Your Android Phone as a Webcam on Your Windows 11 PC: A Step-By-Step Guide
24 May 2026
CloudZ RAT Malware Could Exploit Microsoft Phone Link App to Access Messages and OTPs, Researchers Warn
6 May 2026
Microsoft Rolls Out Xbox Mode on Windows 11 PCs in Select Markets
1 May 2026
Microsoft Revamps Windows Insider Experience With New Beta and Experimental Channels
27 April 2026
Microsoft's Recall Feature Faces Criticism After TotalRecall Reloaded Tool Regains Access to Data
16 April 2026
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Motorola Edge 70 Pro+ With 6,500mAh Battery Debuts in India at This Price
  2. LIVE: Xiaomi 17T & Xiaomi TV FX Mini LED Series Launch | Get Closer to Every Detail
  3. Samsung Revamps Health App With New Features Ahead of Galaxy Watch 9 Launch
  4. Xiaomi 17T Launches in India With Leica-Tuned Triple Rear Cameras
  5. Cryptocurrency Market Remains Under Pressure as Bitcoin's Price Slides
  6. Xiaomi 18, 18 Pro and 18 Pro Max Specifications Leaked Ahead of Debut
  7. Samsung Galaxy A27 Reportedly Bags US FCC Certification, May Launch Soon
#Latest Stories
  1. Xiaomi TV FX Mini LED Series With Up to 75-Inch Screens Launched in India: Price, Features
  2. 007 First Light Sequels Will Published by Amazon Games, Company Confirms
  3. Samsung Revamps Health App Brings Vitals and Heart Health Score Ahead of Galaxy Watch 9 Launch
  4. Cryptocurrency Market Remains Under Pressure as Bitcoin Price Slides Toward $64,000
  5. Google Begins Testing New Tools to Let Website Owners Opt Out of AI Overviews, AI Mode in Search
  6. OnePlus Turbo 6X China Launch Confirmed for June as Tipster Leaks Specifications
  7. Amazfit Balance 3, Balance Ultra Launched With Hyrox Tools, Up to 30-Day Battery Life: Price, Features
  8. Xiaomi 17T Launched in India With Leica-Tuned Triple Rear Cameras, Dimensity 8500-Ultra SoC: Price, Specifications
  9. Xiaomi 18 Pro Max Leak Reveals Key Specifications Including Dual 200-Megapixel Rear Camera Setup
  10. Onimusha: Way of the Sword Launches September 25, Playable Demo and Pre-Orders Now Live
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.