An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Windows_10_1507 | Microsoft | - (including) | - (including) |
Windows_10_1607 | Microsoft | - (including) | - (including) |
Windows_10_1703 | Microsoft | - (including) | - (including) |
Windows_10_1709 | Microsoft | - (including) | - (including) |
Windows_10_1803 | Microsoft | - (including) | - (including) |
Windows_10_1809 | Microsoft | - (including) | - (including) |
Windows_10_1903 | Microsoft | - (including) | - (including) |
Windows_server_1803 | Microsoft | - (including) | - (including) |
Windows_server_1903 | Microsoft | - (including) | - (including) |
Windows_server_2016 | Microsoft | - (including) | - (including) |
Windows_server_2019 | Microsoft | - (including) | - (including) |