0

Using the Windows Task Scheduler allows non-administrator users to gain access to administrative rights. Normally, Windows prevents execute applications which need to have more rights. A message appears where the user has to confirm it. There is an easy way to exploit the UAC dialog with just few easy steps. Here for example is a tutorial how to do that: http://www.raymond.cc/blog/task-scheduler-bypass-uac-prompt/

To be honest, this is so easy that everyone can do that without having a strong knowledge of security. I know that this security issue is there for a while now. That makes me wonder! This security issue is there and everyone knows it, and it so so easy. Why does this security issue exist? Is there a official statement from Microsoft?

System.Data
  • 183
  • 1
  • 6
  • no where in that article does it mention non-admin, I think you are misreading. – HostBits Jul 18 '12 at 00:04
  • First of all, what's the actual question here? Secondly, that article is about bypassing UAC (which is a turd anyway), not a privilege escalation exploit to administrative rights from normal user rights. I'll be nice and leave the more scathing thoughts out of this comment, but if you're confusing the UAC prompt with administrative privileges, that's... very bad. What do you want to happen? Someone to have to pmanually click "Yes" on the UAC dialogue every time a scheduled task is run? Not much of a scheduled task in that case, is it? – HopelessN00b Jul 18 '12 at 00:13
  • @HopelessN00b As I read it, "*Why does this security issue exist? Is there a official statement from Microsoft?"* seems to be the main question. The OP is looking for a description of *why* this is possible [see Evan's answer below] or clarification from MS-sourced documentation – jscott Jul 18 '12 at 00:22

1 Answers1

2

Your basic premise is incorrect: The "Task Scheduler" doesn't allow non-Administrator users to gain privilege. You can "bypass" UAC by doing what the blog post talks about, but you'd have to be an "Administrator" user already to "exploit" this "vulnerability". There is no privilege escalation. Bypassing UAC, for better or for worse, is not considered crossing a security boundary by Microsoft.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331