Description Preview
The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, allowing local users to bypass intended restrictions on launching executable files via a crafted task.
Overview
This vulnerability in the Task Scheduler feature of various Windows operating systems allows local users to execute arbitrary code by bypassing the intended security restrictions. By exploiting this vulnerability, an attacker could potentially gain elevated privileges on the affected system.
Remediation
To remediate this vulnerability, Microsoft released a security update as part of the MS15-028 bulletin. Users and administrators are advised to apply the necessary security patches provided by Microsoft to mitigate the risk of exploitation. Additionally, it is recommended to review and restrict user permissions to minimize the impact of potential attacks leveraging this vulnerability.
References
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing
- Health Care & Social AssistanceHealth Care & Social Assistance
- Transportation & WarehousingTransportation & Warehousing
- Finance and InsuranceFinance and Insurance
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- UtilitiesUtilities
- Educational ServicesEducational Services
- InformationInformation
- Public AdministrationPublic Administration
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Wholesale TradeWholesale Trade
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- ConstructionConstruction
- MiningMining
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
