CVE-2010-3338

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP1 and SP2 Microsoft Windows Server 2008 Gold, SP2, and R2 Microsoft Windows 7

Description The Windows Task Scheduler does not properly determine the security context of scheduled tasks, allowing local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists due to the improper validation of scheduled tasks' security context. This could allow an attacker to run arbitrary code in the security context of the local system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Vista SP1 and SP2, update to a version that properly validates the security context of scheduled tasks. For Microsoft Windows Server 2008 Gold, SP2, and R2, apply the necessary patch to fix the improper validation issue. For Microsoft Windows 7, ensure that the Windows Task Scheduler is updated to a version that correctly determines the security context of scheduled tasks.