module
Windows Update Orchestrator unchecked ScheduleWork call
| Disclosed |
|---|
| Nov 4, 2019 |
Disclosed
Nov 4, 2019
Description
This exploit uses access to the UniversalOrchestrator ScheduleWork API call
which does not verify the caller's token before scheduling a job to be run
as SYSTEM. You cannot schedule something in a given time, so the payload will
execute as system sometime in the next 24 hours.
which does not verify the caller's token before scheduling a job to be run
as SYSTEM. You cannot schedule something in a given time, so the payload will
execute as system sometime in the next 24 hours.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.