PT-2020-2344 · Microsoft · Windows Task Scheduler+1

Published

2020-05-12

Updated

2020-09-28

CVE-2020-1113

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Task Scheduler (affected versions not specified)

Description A security feature bypass issue exists in the Windows Task Scheduler service, related to its failure to properly verify client connections over RPC. This can allow a remote attacker to bypass security features, potentially leading to privilege escalation or the execution of arbitrary code. The issue is related to the relaying of NTLM authentication over RPC.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-295

Related Identifiers

BDU:2020-02312

CVE-2020-1113

Affected Products

Windows

Windows Task Scheduler

PT-2020-2344 · Microsoft · Windows Task Scheduler+1

CVE-2020-1113

Weakness Enumeration

Related Identifiers

Affected Products

References · 10