#VU3075 Privilege escalation in Windows and Windows Server - CVE-2010-3338

Cybersecurity Help s.r.o.

Published: 2017-01-02 | Updated: 2017-02-03

Vulnerability identifier: #VU3075

Vulnerability risk: Medium

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2010-3338

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a local user obtain elevated privileges on vulnerable system.

The vulnerability exists in Windows Task Scheduler when running scheduled tasks within the intended security context. A local user can create a specially crafted task and execute arbitrary code on vulnerable system with privileges of the local system account.

Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.

Note: this vulnerability is being actively exploited.

Mitigation
Install update from Microsoft website:

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=48F10251-34D8-4149-B4B2-BF3EC28F5846

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=099CCC5F-B92F-4D06-BCB5-92E35C49F613

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=BDC9564A-4091-4CDE-963A-239513DB6C17

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=DFF39BFE-0799-4912-AE22-392562178AE6

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=CF341A35-32EA-4FF7-ACA9-1A4683C100EE

Windows 7 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=CF85CDB6-58C7-4144-82F6-F01A6A4F9C3A

Windows 7 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=0597018D-39F5-4CA9-B437-63D9E68F264D

Windows Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=28C832FB-4937-4652-8799-EAB6C76D05FB

Windows Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=3AD64D5C-2D81-4AC8-934E-8917B2FCF961

Vulnerable software versions

Windows: Vista, 7

Windows Server: 2008 R2 - 2008

External links
https://technet.microsoft.com/library/security/ms10-092

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Privilege escalation in Windows Task Scheduler