Researchers revealed four vulnerabilities in Windows' task scheduling service that could let attackers escalate privileges and delete logs, helping cover their tracks. These vulnerabilities involve "schtasks.exe," which allows task management, and enable a UAC bypass, letting unauthorized users gain high-level access without consent. Attackers can exploit these flaws if they acquire passwords through methods like cracking NTLMv2 hashes. Once compromised, low-privileged users can impersonate members of higher privilege groups, posing significant risks of unauthorized access and data breach.
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities.
By exploiting this weakness, attackers can elevate their privileges and run malicious payloads with Administrators' rights, leading to unauthorized access, data theft, or further system compromise.
Collection
[
|
...
]