0Patch-Experten festgelegten die Löcher, die legendäre SandboxEscaper in Windows-Sicherheits links

0patch experts have released an unofficial patch designed to fix a 0-day vulnerability in Windows 10 affecting Task Scheduler.

EINn exploit for this security issue was published at the end of May by an extravagant specialist known by the online pseudonym “SandboxEscaper“.

SandboxEscaper demonstrated exploiting this vulnerability with a malicious .JOB Datei.

According to 0patch experts, only previous versions of schtasks.exe can be used to increase privileges in the system. The current Task Scheduler will require user to modify task file in order to have access to make changes in this file.

«Our analysis revealed that the problem affects only past versions of schtasks.exe. It is possible that older versions of schtasks.exe did not directly call _SchSetRpcSecurity<, but other RPC functions, which led to a call to _SchSetRpcSecurity using RPC», — write 0patch experts.

Researchers released a micropatch that is available for Windows systems running the 0patch Agent.

To install the 0patch Agent you need to register on the official website.

The patch from 0patch is suitable for Windows 10 Ausführung 1809 x86, Windows 10 Ausführung 1809 x64, Windows Server 2019.

Recall that SandboxEscaper has also published a number of exploits for vulnerabilities in Microsoft products. This time, security concerns affect the Windows component and the Internet Explorer 11 Browser.

Quelle: https://blog.0patch.com

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

MageCart auf der Heroku Cloud Platform

Die Forscher fanden mehrere MageCart Web Skimmer Auf Heroku Cloud Platform

Forscher an Malwarebytes berichteten über mehr MageCart Web-Skimmer auf der Heroku Cloud-Plattform zu finden, …

Android Spyware CallerSpy

CallerSpy Spyware Masken als Android-Chat-Anwendung

Trend Micro Experten entdeckt die Malware CallerSpy, die Masken als Android-Chat-Anwendung, und, …

Hinterlasse eine Antwort