Attacker Value
Moderate
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Task Scheduler S4U Logon Elevation of Privilege

Last updated March 03, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The windows task scheduler allows a split token administrator to register a task which runs as a batch job from a limited privilege context. This doesn’t require a user’s password to accomplish as the task will be run non-interactively and so doesn’t need access to the password in order to access remote resources. Due to the way that batch logons work in the latest versions of Windows for a split token admin user this actually creates the fully privileged token to execute the task under.

Add Assessment

3
Ratings
Technical Analysis

This exploit does not appear to need admin credentials in order to trigger: https://www.rapid7.com/db/vulnerabilities/WINDOWS-HOTFIX-MS14-054, https://www.tenable.com/plugins/nessus/77574

Any privilege escalation using built in Windows components is a valuable tool for attackers.

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    Low
Technical Analysis

Details

This is possibly another ‘getsystem’ technique for UAC bypass.
The effort required to exploit this vulnerability is higher because it requires
a particular set of circumstances that are not universal.

From the report:

My 2c: You’re already an admin, it’s not letting you do anything you couldn’t already do, it’s just not giving you a heads up (UAC warning).

General Information

Additional Info

Technical Analysis