CVE-2015-0084

Name of the Vulnerable Software and Affected Versions Microsoft Windows 7 SP1 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description A security issue exists where the Task Scheduler in Microsoft Windows does not properly constrain impersonation levels. This allows local users to bypass intended restrictions on launching executable files via a crafted task. The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run, potentially bypassing ACL checks and running privileged executables.

Recommendations For Microsoft Windows 7 SP1, update the system to apply the necessary security patches. For Microsoft Windows Server 2008 R2 SP1, apply the recommended security updates. For Microsoft Windows 8, install the latest security fixes. For Microsoft Windows 8.1, update the system with the available patches. For Microsoft Windows Server 2012 Gold and R2, apply the security updates to resolve the issue. For Microsoft Windows RT Gold and 8.1, install the necessary security patches.