Micropatch Obstructs Zero-Day Vulnerability in Windows Task Scheduler

On August 29, 2018, a proof-of-concept use for a zero-day vulnerability in Windows Task Scheduler was circulated on GitHub by a safety researcher.

The weakness had not earlier been disclosed to Microsoft, and therefore, no repair has been released to tackle the fault. If misused, a malevolent actor might elevate consents of malevolent code running on a compromised appliance from guest or user level to administrator level with complete system access.

The fault is not likely to be tackled by Microsoft before September Patch, even though the cybersecurity company Acros Security has created a workaround – a micropatch – that avoids the abuse of the weakness. The repair will safeguard weak 64-bit Windows types until Microsoft issues a repair to rectify the fault.

The abuse for the zero-day weakness in Windows Task Scheduler was only verified to work on 64-bit types of Windows. Nevertheless, two safety scientists proposed the abuse might be tweaked to work on 32-bit Windows types. Those tweaks are comparatively minor.  32-bit Windows types are therefore also weak and will likely remain so until Microsoft tackles the problem.

The micropatch was made available for 64-bit Windows 10 v1803 types on August 30, 2018 with a micropatch for Windows Server 2016 released the next day together with detailed information regarding how the repair avoids the weakness from being abused. The source code has also been released.

Businesses need to connect the micropatch through the opatch Agent client. By providing the source code, businesses are able to apply the repair to their systems without using the opatch agent.

Even though the zero-day has been publicly available for many days, there are no reports of the weakness being used by threat actors in the wild. Nevertheless, that is not likely to remain the case for long. It is therefore strongly desirable to apply the micropatch to avoid abuse of the flaw. Microsoft must release an official repair in its September 11, 2018 round of updates.