0패치 전문가들은 Windows에서 0 데이 취약점을 해결하기위한 비공식 패치를 발표했다 10 작업 스케줄러에 영향을 미치는.에이n exploit for this security issue was published at the end of May by an extravagant specialist known by the online pseudonym “SandboxEscaper".
SandboxEscaper demonstrated exploiting this vulnerability with a malicious .JOB 파일.
0patch 전문가에 따르면,, 의 이전 버전 schtasks.exe can be used to increase privileges in the system. The current Task Scheduler will require user to modify task file in order to have access to make changes in this file.
«Our analysis revealed that the problem affects only past versions of schtasks.exe. It is possible that older versions of schtasks.exe did not directly call _SchSetRpcSecurity<, but other RPC functions, which led to a call to _SchSetRpcSecurity using RPC», — write 0patch experts.
Researchers released a micropatch that is available for Windows systems running the 0patch Agent.
To install the 0patch Agent you need to register on the official website.
The patch from 0patch is suitable for Windows 10 번역 1809 x86, 윈도우 10 번역 1809 x64, 윈도우 서버 2019.
Recall that SandboxEscaper has also published a number of exploits for vulnerabilities in Microsoft products. This time, security concerns affect the Windows component and the Internet Explorer 11 브라우저.