Rapid7 Vulnerability & Exploit Database

MS15-037: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)

Back to Search

MS15-037: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
04/14/2015
Created
07/25/2018
Added
04/14/2015
Modified
06/26/2020

Description

An elevation of privilege vulnerability exists in Task Scheduler due to a known invalid task being present on certain systems. An attacker who successfully exploited the vulnerability could cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution(s)

  • WINDOWS-HOTFIX-MS15-037-602447fa-f5e2-4c2e-a310-df3f11de647e
  • WINDOWS-HOTFIX-MS15-037-715ede7d-c660-479c-999d-2a361f959626
  • WINDOWS-HOTFIX-MS15-037-76a2496e-5916-47d7-926b-c122d750d586
  • WINDOWS-HOTFIX-MS15-037-8f30d731-2bc6-429e-817c-5827affa645d
  • WINDOWS-HOTFIX-MS15-037-ab584c2a-9d35-4a29-bb3d-5eead8b05519
  • WINDOWS-HOTFIX-MS15-037-ed46d995-c9fb-41e2-94df-146d97d47d07

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;