Windows Task Scheduler Zero-Day Exploit Available in the Wild: Caution Urged

Paul Davis

Updated September 11: Microsoft released the patch for this vulnerability (CVE-2018-8440) today as part of its monthly security update known as Patch Tuesday. Customers are advised to apply this security update as soon as possible.

Updated September 5: Public exploits of this vulnerability have been seen by researchers at ESET. The Solution section of the CERT page offers the best known workaround until Microsoft releases a patch, which is planned for September 11.

Background

On August 27, a security researcher made waves by releasing a working exploit on Github for a previously unknown, serious local privilege escalation (LPE) vulnerability in Microsoft Windows Task Scheduler.

The zero-day exploit, which was released via a Twitter post, allows a privileged attacker to obtain full SYSTEM access on fully patched Windows 10 and Windows Server 2016 systems. Other platforms may also be affected.

Twitter user SandboxEscaper announces Microsoft Zero-Day exploit

Vulnerability details

This public exploit impacts the Advanced Local Procedure Call (ALPC) interface in the Microsoft Windows Task Scheduler. It has been verified by Tenable and Will Dormann from CERT Research to work on fully patched Windows 10 and Windows Server 2016 systems. Because exploits like this are extremely dangerous in the wrong hands, Microsoft maintains a bug bounty program and has been known to pay researchers handsomely for responsible disclosure.

Impact assessment

Security professionals should track this situation and respond as soon as a patch or mitigation is available. This exploit not only gives standard Windows users the ability to raise their privileges, but malware authors will no doubt be leveraging this capability to enhance their toolkit.

Urgently required actions

Users should remain alert and use security best practices such as a robust password policy, malware mitigation, access control and network segmentation. Apply Microsoft patches as soon as they become available. Monitoring for unusual processes on the system, as well as anomalous behavior of users, might also help identify compromised systems.

Tenable is closely monitoring this situation and will provide updated protection as soon as patches become available.

Learn more:

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Aug 28, 2018

People also viewed

Channel Sales Engineer

Santiago Santiago Chile Santiago, Chile Sales Engineering Sales
Your Role:The Channel Sales Engineer will support and will be working with production, engineering, and research and development, as well as external sales firms to determine how Tenable products and services could be designed or modified to best ...

Engineering Manager - UI

Los Angeles California United States West Jefferson Boulevard, Playa Vista, Los Angeles, California, United States, 90066 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Engineering Manager - UI

San Jose California United States E Santa Clara St., San Jose, California, United States, 95113 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Engineering Manager - UI

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 20146 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Commercial Territory Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 20146 Sales Sales
Your Role:The Commercial Territory Manager will meet and exceed quarterly sales quota by developing new opportunities within specific geographical territory.  Researching and identifying potential accounts; outbound cold calling to soliciting new ...

Recruiter - UK

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Human Resources Human Resources
Your Role:Tenable is seeking a talented Recruiter who will source, screen and ultimately close exceptional sales, marketing and professional services talent. You’ll partner with Tenable’s Sales leadership to create and maintain a talent pipeline, ...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.