Microsoft Windows Task Management Multiple Vulnerabilities

1. An elevation of privilege vulnerability exists when Microsoft Windows fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security checks and gain elevated privileges on a targeted system.

To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges. The security update addresses the vulnerability by correcting how Windows validates impersonation events.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

2. An elevation of privilege vulnerability exists in Windows Task Scheduler when it improperly verifies certain file system interactions. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system. The security update addresses the vulnerability by correcting how Task Scheduler verifies file system interactions.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

3.  An elevation of privilege vulnerability exists when Microsoft Windows fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security checks and gain elevated privileges on a targeted system.

To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges. The security update addresses the vulnerability by correcting how Windows validates impersonation events.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.