Most times when security researchers need to disclose a vulnerability, they let the company know and wait for them to fix it. @SandboxEscaper did not do that…
It is a privilege escalation exploit that affects basically every version of Windows that runs Windows Task Scheduler. The best part: it has no patch yet.
What is the flaw?
The Task Scheduler API function doesn’t check permissions. AT ALL. The function
SchRpcSetSecurity (more info) can be misused to alter permissions. A hard link can be created to call a print job using the XPS service and inject a malicious DLL as the System user. All this gets spawned using the print spooling process (
What does that mean?
Basically, this exploit tricks your computer into thinking its printing something, but then runs some code instead.
How do we fix it?
Wait for Microsoft to fix it.