Windows 10 Task Scheduler Zero-Day Vulnerability Exploit Leaked, Can Help Gain Admin-Level Access

The flaw is open for exploitation and remains unpatched.

Advertisement
By Nadeem Sarwar | Updated: 22 May 2019 14:28 IST
Highlights
  • The exploit can be tweaked to work on older versions of Windows
  • A proof-of-concept video has also been made public
  • Microsoft is yet to acknowledge the LPE vulnerability and fix it

The same researcher unearthed a zero-day vulnerability last year as well.

Windows 10 has been hit by yet another zero-day vulnerability that can allow malicious parties to gain admin-level privileges. The yet unnamed zero-day vulnerability can be exploited to break into a system and gain full control over it. The newly discovered threat to Microsoft's operating system can be classified as a Local Privilege Escalation (LPE) that can help hackers change the privilege level of an account to admin level, and it is associated with the native Task Scheduler process. The exploit can reportedly work on previous versions like Windows XP and Windows Server as well.

The vulnerability was spotted by a security researcher going by the name SandboxEscaper, the same person who also discovered another zero-day vulnerability affecting the Microsoft Data Sharing service last year. SandboxEscaper shared the demo exploit code for the vulnerability on Github, which is a little ironic since Github is owned by Microsoft, alongside a proof-of-concept video detailing the process of exploiting the flaw.

As mentioned above, the vulnerability is associated with the Windows Task Scheduler process wherein bad actors can run a malicious command to promote the account level from low-privilege to admin control level. Once admin access is achieved, the malicious party can gain control over the entire system and target other system files. Will Dormann, a vulnerability analyst at CERT, has confirmed that the exploit is functional even on the latest Windows 10 May 2019 build. The exploit affects 32-bit and 64-bit versions of Windows 10, Windows Server 2016 and Windows Server 2019.

Advertisement

Theoretically, the flaw can reportedly be exploited on all versions of Windows such as Windows XP, and dating all the way back to Windows Server 2003. The vulnerability is yet to be patched, which means it is open to exploit. SandboxEscaper also claims to have discovered four more unpatched Windows bugs, with three of them being LPEs and the last one being associated with the Sandbox process.

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Windows, Windows 10, Zero Day Vulnerability, Task Scheduler
Oppo A7 4GB RAM Variant, Oppo R17 Pro Price in India Cut by Up to Rs. 10,000
Huawei OS Reportedly Coming as Early as Fall 2019, but Is Said to Be Far From Ready
Advertisement

Related Stories

Microsoft Announces Windows 11 Baseline Security Mode to Limit Unsigned Apps and Drivers
12 February 2026
Microsoft Paint Can Now Create AI-Generated Colouring Books, Notepad Updated With New Markdown Features
23 January 2026
Windows 11 Update Causes Classic Outlook to Become Unresponsive; Users Urged to Use Webmail
23 January 2026
NexPhone Unveiled With 64-Megapixel Camera and Support for Android 16, Linux and Windows 11
22 January 2026
Lenovo Legion Go 2 SteamOS Version Revealed at CES 2026, Will Be Available From June 2026
7 January 2026
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Samsung Galaxy S26+ Reportedly Listed for Sale Online Ahead of Launch
  2. AI Impact Summit: From Registration to Schedule, All You Need to Know
  3. Vivo X300 FE Reportedly Bags IMDA and TUV Certifications Ahead of Launch
  4. Xiaomi 17 Series Leak Hints at Imminent Launch Ahead of MWC at These Prices
  5. PS6 Could Reportedly be Delayed to 2029 Due to RAM Shortage
  6. Poco X8 Pro Spotted on Geekbench With This Dimensity 8000 Series Chipset
  7. Deals on iPhone 17, Google Pixel 10 and More During Flipkart Sale
#Latest Stories
  1. Sony Could Reportedly Delay PS6 to as Late as 2029 Due to RAM Shortage
  2. iPhone 18 Series to Drop SIM Card Slot in Europe to Make Room for Slightly Larger Battery: Report
  3. Poco X8 Pro Spotted on Geekbench With MediaTek Dimensity 8500 Ultra SoC, Android 16
  4. Xiaomi 17, Xiaomi 17 Ultra Global Price Details, Launch Date and Colour Options Leaked
  5. X Building Smart 'Cashtags' to Let Users Check Cryptocurrency Prices in Real-Time
  6. Samsung Galaxy A27 5G Listing on IMEI Database Suggests a Galaxy A26 Successor Is on the Way
  7. Anthropic Inaugurates First Indian Office in Bengaluru, Starts Hiring Local Talent
  8. Apple Tipped to Adopt Samsung's Privacy Display Technology for MacBook Models by 2029
  9. Oppo Find X10 Series Tipped to Launch in H2 2026 With Built-In Magnets for Wireless Charging
  10. AMD and TCS to Co-Develop Helios AI Data Centre Architecture, Deliver 200MW Data Centre Blueprint
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.