← back
CVE-2019-1069

Task Scheduler Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 6.2%● KEVCWE-59
In short

Task Scheduler in Windows has a vulnerability that allows someone with basic access to gain full admin control. An attacker can exploit how the system validates file operations to elevate their privileges without authorization.

Technical detail

CVE-2019-1069 is a privilege escalation vulnerability in Windows Task Scheduler's file operation validation mechanism (CWE-59: Improper Link Resolution Before File Access). An attacker with unprivileged code execution can manipulate file operations to bypass security checks and achieve SYSTEM-level privileges. The vulnerability was remediated by implementing proper file operation validation controls.

Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 1507Microsoft · Windows 10 Version 1607Microsoft · Windows 10 Version 1703Microsoft · Windows 10 Version 1709Microsoft · Windows 10 Version 1709 for 32-bit SystemsMicrosoft · Windows 10 Version 1803Microsoft · Windows 10 Version 1809Microsoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows Server 2016Microsoft · Windows Server 2016 (Server Core installation)Microsoft · Windows Server 2019Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server, version 1803 (Server Core Installation)Microsoft · Windows Server, version 1903 (Server Core installation)
public PoCs found1
githubgithub.com/S3cur3Th1sSh1t/SharpPolarBear37
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.htmlhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1069https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069https://www.kb.cert.org/vuls/id/119704