We are now able to disclose our Microsoft Windows Task Scheduler 0day Local Privilege Escalation. All versions of windows 7 → 10 are affected. https://youtu.be/z2C-IykCfbk According to Microsoft, this functionality is considered "By Design" & have no intent to service this issue.
-
-
Replying to @EngineeringNeo
Are you saying that a *non-admin* user can create a task that will be executed as SYSTEM upon next login?
2 replies 0 retweets 2 likes -
Replying to @mkolsek @EngineeringNeo
I can’t reproduce this. The “At logon of any user” button is grayed out and not accessible if you aren’t running the task scheduler in an elevated, HI context.
1 reply 0 retweets 2 likes -
Additionally, you can’t assign SYSTEM (or any interesting account) as the user account to run the task as if you aren’t running the task scheduler in an elevated context. I think you might have tested as a LA and the task scheduler MSC snap-in auto-elevated for you.
3 replies 0 retweets 7 likes
I think that's the most plausible explanation, showing the groups instead of the privs would have made it clearer (e.g. whoami /groups).
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.