Daniel Hckmann

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP **Description** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. Note that this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. **Recommendations** For Microsoft Windows XP, consider restricting access to the Task scheduler to minimize the risk of exploitation. As a temporary workaround, limit the privileges of scheduled processes to prevent local users from gaining elevated permissions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.