A zero-day vulnerability has been discovered in Microsoft’s most recent operating systems. The exploit can allow malware and logged-in users to gain administrator level privileges on Windows 10 which allows them to gain full control of the computer. The exploit code was shared online on 21st May 2019 and currently no patch exists to prevent it.
The Windows 10 exploit was identified on GitHub and works by using the schtasks tool that is used to operate programs at specific times.
The Task Scheduler is a Windows service and operates with System Privileges. It uses a file named schedsvc.dll that has a function called tsched::SetJobFileSecurityByName(). This function sets the permissions of job files within the tasks directory.
When the SetSecurityInfo() is called the schtasks has full user access permissions to files that can only be controlled by the SYSTEM.
The exploit code uses the schtasks.exe and schedsvc.dll code from Windows XP to use the high privilege to migrate used job files to Windows 10 from previous Windows versions to the tasks directory. Along with the System directory this migration can be used to grant full permissions of protected files to any user on the Windows 10 system.
This exploit has been confirmed as functioning reliably on Windows 10 and Windows Server 2016.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.