SAN Beijing time on May 23 morning news, according to US technology media BleepingComputer reports, Microsoft monthly security update cycle just after the past week, vulnerability developer SandboxEscaper quietly released a Windows system, a new zero-day vulnerabilities.
This vulnerability since the end of August last year, the fifth loophole, to achieve local elevation of privilege, allow a restricted user to obtain full access to the file, perform various operations. The user was only obtained full rights, such as the SYSTEM user to do so.
SandboxEscaper again use the Task Scheduler tool in Windows 10, use the tool to import tasks from other legacy systems. In the Windows XP era, the task exists in .JOB format, and these tasks can still be added to the updated version of the operating system.
Importing a task scheduler with any DACL (discretionary access control list) the control authority JOB file, you can take advantage of this loophole. In the absence of DACL, the system still will give all users full access to the file. (Li Li)
This switched: https://www.linuxprobe.com/windows-10-task.html