Micropatch Blocks Zero-Day Vulnerability in Windows Task Scheduler

On August 29, 2018, a proof-of-concept exploit for a zero-day vulnerability in Windows Task Scheduler was published on GitHub by a security researcher.

The vulnerability had not previously been disclosed to Microsoft, and consequently, no patch has been released to address the flaw. If exploited, a malicious actor could elevate permissions of malicious code running on a compromised device from guest or user level to administrator level with full system access.

The flaw is unlikely to be addressed by Microsoft before September Patch Tuesday, although the cybersecurity firm Acros Security has developed a workaround – a micropatch – that prevents the exploitation of the vulnerability. The patch will protect vulnerable 64-bit Windows versions until Microsoft releases a patch to correct the flaw.

The exploit for the zero-day vulnerability in Windows Task Scheduler was only confirmed to work on 64-bit versions of Windows. However, two security researchers suggested the exploit could be tweaked to work on 32-bit Windows versions. Those tweaks are relatively minor.  32-bit Windows versions are therefore also vulnerable and will likely remain so until Microsoft addresses the problem.

The micropatch was made available for 64-bit Windows 10 v1803 versions on August 30, 2018 with a micropatch for Windows Server 2016 released the following day along with detailed information about how the patch prevents the vulnerability from being exploited. The source code has also been released.

Companies need to install the micropatch through the opatch Agent client. By providing the source code, companies are able to apply the patch to their systems without using the opatch agent.

Even though the zero-day has been publicly available for several days, there are no reports of the vulnerability being used by threat actors in the wild. However, that is unlikely to remain the case for long.

It is therefore strongly advisable to apply the micropatch to prevent exploitation of the flaw. Microsoft should release an official patch in its September 11, 2018 round of updates.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news