cnvd-2015-02485
Vulnerability from cnvd
Title
Microsoft Task Scheduler权限提升漏洞
Description
Windows是一款由美国微软公司开发的窗口化操作系统。 Microsoft Task Scheduler用于任务调度。 由于某些系统中存在无效任务,Task Scheduler在实现上存在权限提升漏洞。允许攻击者利用此漏洞可使Task Scheduler在System帐户上下文中执行任意命令。
Severity
Patch Name
Microsoft Task Scheduler权限提升漏洞的补丁
Patch Description
Windows是一款由美国微软公司开发的窗口化操作系统。 Microsoft Task Scheduler用于任务调度。 由于某些系统中存在无效任务,Task Scheduler在实现上存在权限提升漏洞。允许攻击者利用此漏洞可使Task Scheduler在System帐户上下文中执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://technet.microsoft.com/security/bulletin/MS15-037

Reference
http://technet.microsoft.com/security/bulletin/MS15-037
Impacted products
Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows 7 SP1', 'Microsoft Windows 7']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "73989"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0098"
    }
  },
  "description": "Windows\u662f\u4e00\u6b3e\u7531\u7f8e\u56fd\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u7a97\u53e3\u5316\u64cd\u4f5c\u7cfb\u7edf\u3002 Microsoft Task Scheduler\u7528\u4e8e\u4efb\u52a1\u8c03\u5ea6\u3002\r\n\r\n\u7531\u4e8e\u67d0\u4e9b\u7cfb\u7edf\u4e2d\u5b58\u5728\u65e0\u6548\u4efb\u52a1\uff0cTask Scheduler\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4f7fTask Scheduler\u5728System\u5e10\u6237\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://technet.microsoft.com/security/bulletin/MS15-037",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02485",
  "openTime": "2015-04-17",
  "patchDescription": "Windows\u662f\u4e00\u6b3e\u7531\u7f8e\u56fd\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u7a97\u53e3\u5316\u64cd\u4f5c\u7cfb\u7edf\u3002 Microsoft Task Scheduler\u7528\u4e8e\u4efb\u52a1\u8c03\u5ea6\u3002\r\n\r\n\u7531\u4e8e\u67d0\u4e9b\u7cfb\u7edf\u4e2d\u5b58\u5728\u65e0\u6548\u4efb\u52a1\uff0cTask Scheduler\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4f7fTask Scheduler\u5728System\u5e10\u6237\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Task Scheduler\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows 7 SP1",
      "Microsoft Windows 7"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/MS15-037",
  "serverity": "\u9ad8",
  "submitTime": "2015-04-16",
  "title": "Microsoft Task Scheduler\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.