Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Task Scheduler vuln

From: David Harley <david.a.harley () gmail com>
Date: Wed, 20 Oct 2010 17:50:17 +0100
"the Task Scheduler exploit will get Local\SYSTEM
regardless of what user it is run under. You do not have to be in the
local administrator's group."

Sad but true: seems to  have been an erroneous conclusion caused by a
bug in PoC code. The code has been corrected, and we've updated the
paper (same URL) to remove the misleading conclusion, though it's just
an interim patch. ;-)

Thanks to Dave (and Bruce) for pointing it out.

-- 
David Harley
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: