CVE-2015-0084
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability."
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-028
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | - | affected | |
| windows | r2 | affected | |
References
- http://www.securityfocus.com/bid/72913
- http://www.securitytracker.com/id/1031893
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-028
- http://www.securityfocus.com/bid/72913
- http://www.securitytracker.com/id/1031893
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-028
CWEs
CWE-254
Verify integrity in audit chain (admin only). AS-IS.