Thursday, April 17, 2025
HomeComputer SecurityHacker Leaked New Unpatched Windows 10 Task Scheduler Zero-day POC Exploit Online

Hacker Leaked New Unpatched Windows 10 Task Scheduler Zero-day POC Exploit Online

Published on

SIEM as a Service

Follow Us on Google News

An anonymous hacker leaked a new Windows zero-day Proofs-of-concept online that exploit the vulnerability resides in the Windows Task Scheduler.

Sanboxescaper, a pseudonym of an unknown hacker who is known for frequently leaking Windows zero-day bugs online, and this is a fifth zero-day bug (1, 2, 3, 4 ) that has been leaked in a year since August 2018.

In this leak, Exploit published for Task Scheduler vulnerability let attackers perform a local privilege escalation (LPE) and gain complete control of fully patched current version of Windows 10.

- Advertisement - Google News

Task Scheduler is a component of Microsoft Windows that provides the ability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals.

Sanboxescaper concentrated with the Task Scheduler and exploited the bug in Windows 10 by calling an RPC Function SchRpcRegisterTask( a method registers a task with the server) which is exposed by the task scheduler service.

Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer on a network without having to understand the network’s details.

It can be achieved by import legacy task files (“.job” file format) with arbitrary DACL Writes from other systems to Windows 10 Task Scheduler.

Arbitrary DACL writes allow a low-privileged user to change the system permissions, eventually, a local user gains complete control of the system.

Sandbox escaper explains, “For example, In the old days (i.e windows xp) tasks would be placed in c:\\windows\\tasks in the “.job” file format.

“If on windows 10 you want to import a .job file into the task scheduler you have to copy your old .job files into c:\windows\tasks and run the following command using “schtasks.exe and ‘schedsvc.dll” copied from the old system”

“I assume that to trigger this bug you can just call into this function directly without using that schtasks.exe copied from windows xp.. but I am not great at reversing”

Will Dormann, a Security researcher from US Cert Tested the exploit and confirms that the exploit is 100% working against fully patched Windows 10.

Mitja Kolsek, Co-Founder of 0patch, tested this zero-day and confirmed that “this 0day from SandboxEscaper to work on fully updated Windows 10. The DACL of any chosen file gets altered so that the provided user can arbitrarily modify it.”

This is not an end of Zero-day Leak

SandboxEscaper also warned that She found more Zero-day’s and it’s coming on the way.

“Oh, and I have 4 more unpatched bugs where that one came from.
3 LPEs (all gaining code exec as a system, not lame delete bugs or whatever), and one sandbox escape.”

Also, she said “If any non-western people want to buy LPEs, let me know. (Windows LPE only, not doing any other research nor interested in doing so). Won’t sell for less than 60k for an LPE.”|

“I don’t owe society a single thing. Just want to get rich and give you fucktards in the west the middle finger.”

There is no patch available for this Zero-day Vulnerability at this moment, But we can expect Microsoft to patch this flaw and release an update in next patch Tuesday update on June 12, 2019.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Managing Burnout in the SOC – What CISOs Can Do

The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for...

The Future of Cybersecurity Talent – Trends and Opportunities

The cybersecurity landscape is transforming rapidly, driven by evolving threats, technological advancements, and a...

Mobile Security – Emerging Risks in the BYOD Era

The rise of Bring Your Own Device (BYOD) policies has revolutionized workplace flexibility, enabling...

Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems

A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

The Future of Cybersecurity Talent – Trends and Opportunities

The cybersecurity landscape is transforming rapidly, driven by evolving threats, technological advancements, and a...

Mobile Security – Emerging Risks in the BYOD Era

The rise of Bring Your Own Device (BYOD) policies has revolutionized workplace flexibility, enabling...

Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems

A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard...