Summary: Cybersecurity researchers have identified four vulnerabilities in the Windows task scheduling service that allow local attackers to gain privilege escalation and erase critical audit logs. These vulnerabilities relate to the “schtasks.exe” binary, which can be exploited through methods like Batch Logon authentication. This can lead to unauthorized access and data theft while enabling attackers to cover their tracks effectively.
Affected: Microsoft Windows Task Scheduler
Keypoints :
- Four vulnerabilities discovered in “schtasks.exe,” impacting scheduled task management.
- User Account Control bypass allows execution of SYSTEM commands without user consent.
- Attackers can leverage Batch Logon authentication to escalate privileges and erase audit trails.
- Potential for critical logs to be overwritten, hindering detection of malicious activities.
Source: https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html