all InfoSec news
Micropatches Released For Windows Task Scheduler Elevation of Privilege (CVE-2023-21541)
Malware Analysis, News and Indicators - Latest topics malware.news
January 2023 Windows Updates brought a fix for CVE-2023-21541,
a local privilege elevation in Task Scheduler. The vulnerability was reported to Microsoft by Ben Lincoln of Bishop Fox.
In April, Ben published a detailed analysis of this issue, which allowed us to reproduce the issue and create a micropatch for Windows computer that haven't received an official fix from Microsoft.
The
vulnerability is easy to understand: if a scheduled task contains an environment variable in its executable path, …
analysis april ben bishop fox cve fix fox issue january local micropatch microsoft privilege scheduler task task scheduler updates vulnerability windows windows updates