I can confirm that these actions do appear to prevent the Windows Task Scheduler LPE exploit code from working. However, it's not clear at this point what sort of collateral damage one might experience by making these changes...https://twitter.com/karsten_nilsen/status/1034406706879578112 …
-
-
Replying to @wdormann
I wouldn’t recommend it, some user side scheduled tasks get made by tools (eg Gotomeeting etc).
2 replies 0 retweets 1 like -
Replying to @GossiTheDog
It is MUCH less intrusive mitigation than disabling the Task Scheduler service (which I definitely don't recommend). With the icacls set, the existing scheduled tasks appear to continue to function properly. And it even also allows me to schedule a new task w/o problem.
1 reply 0 retweets 1 like -
Replying to @wdormann
Yah, I’m just saying in an Enterprise I wouldn’t recommend it - it will break stuff.
1 reply 0 retweets 1 like
I don't dispute that *something* would break. I'm just curious as to *what* might break. Given that limited users can still schedule their own tasks after setting the ACLs, there may not be too much collateral damage. I'd like to know a specific example of something that breaks
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.