Posted on

VU#906424: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface

The Microsoft Windows task scheduler SchRpcSetSecurity API contains a vulnerability in the handling of ALPC,which can allow an authenticated user to overwrite the contents of a file that should be protected by filesystem ACLs. This can be leveraged to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. We have also confirmed compatibility with 32-bit Windows 10 with minor modifications to the public exploit code. Compatibility with other Windows versions is possible with further modifications. This vulnerability is being exploited in the wild.

What are your thoughts?