CVE-2024-49039

Name of the Vulnerable Software and Affected Versions Windows Task Scheduler versions prior to the fixed version in November Patch Tuesday

Description The vulnerability is an elevation-of-privilege issue in the Windows Task Scheduler, allowing attackers to elevate their privileges to Medium Integrity level and gain the ability to execute RPC functions restricted to privileged accounts. This vulnerability has been exploited in the wild, with the RomCom group executing malicious code outside the Firefox sandbox and launching malware from C&C servers. The attack can be performed from an AppContainer restricted environment.

Recommendations To resolve the issue, apply the patch released in November Patch Tuesday for Windows Task Scheduler. As a temporary workaround, consider restricting access to the Task Scheduler until a patch is applied. Avoid using the Task Scheduler to execute RPC functions that are restricted to privileged accounts until the issue is resolved. Apply the latest security updates to prevent exploitation of this vulnerability.