Endpoint Vulnerability

Microsoft: Task Scheduler Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists in Task Scheduler when a user creates a task that uses UNC paths. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit the vulnerability, a locally authenticated attacker could use Windows Task Scheduler to schedule a new task with a specially crafted UNC path. This security update addresses the vulnerability by correcting how Task Scheduler handles specially crafted UNC paths.

Affected Products

Windows 10,Windows Server 2016

References

CVE-2016-7222,