Sampei.Nihira Posted May 22, 2019 Share Posted May 22, 2019 https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/ Quote However, ZDNet was told today that, in theory, the zero-day should also work, with some fine-tuning, on all Windows versions -- going back to XP and Server 2003 -- although this might require some testing and further confirmation over the coming days. Can not run. There is no Schtask.exe in System32. In XP, it's mstask.exe. Link to comment Share on other sites More sharing options...
jaclaz Posted May 22, 2019 Share Posted May 22, 2019 1 hour ago, Sampei.Nihira said: https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/ Can not run. There is no Schtask.exe in System32. In XP, it's mstask.exe. Sure there is (please read as "you have a "queer XP" ) it is schtasks.exe https://www.robvanderwoude.com/schtasksxp.php and it is the command line program to manage tasks, the whole stuff is then delegated to the related task scheduler service, mstask.exe is windows 9x/Me: https://en.wikipedia.org/wiki/Windows_Task_Scheduler jaclaz Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted May 22, 2019 Author Share Posted May 22, 2019 Link to comment Share on other sites More sharing options...
NojusK Posted May 22, 2019 Share Posted May 22, 2019 (edited) 3 minutes ago, Sampei.Nihira said: Edited May 22, 2019 by Nojus2001 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted May 22, 2019 Author Share Posted May 22, 2019 (edited) In my opinion in XP Home the file is absent. My PC with XP Home is therefore safe from the exploit. Edited May 22, 2019 by Sampei.Nihira Link to comment Share on other sites More sharing options...
FranceBB Posted May 22, 2019 Share Posted May 22, 2019 Yep, in Windows XP Professional is there: 2 Link to comment Share on other sites More sharing options...
jaclaz Posted May 24, 2019 Share Posted May 24, 2019 On 5/22/2019 at 8:56 PM, Sampei.Nihira said: In my opinion in XP Home the file is absent. My PC with XP Home is therefore safe from the exploit. Yes, it is not in Home edition. jaclaz Link to comment Share on other sites More sharing options...
Windows 2000 Posted May 24, 2019 Share Posted May 24, 2019 On 5/23/2019 at 1:49 AM, FranceBB said: Yep, in Windows XP Professional is there: It seems to also be present in Windows XP x64 Professional. Link to comment Share on other sites More sharing options...
i430VX Posted May 24, 2019 Share Posted May 24, 2019 I disabled the task scheduler service and deleted all the tasks. Does this mitigate the vulnerability? Link to comment Share on other sites More sharing options...
Tripredacus Posted May 24, 2019 Share Posted May 24, 2019 I'm not sure if this counts as a bug in XP or in Windows 10. The PoC uses schtasks.exe and schedsvc.dll from a Windows XP system on a Windows 10 system. Files from XP work on Windows 10, but when they do, they use priveledge escalation. https://web.archive.org/web/20190522011933/https://github.com/SandboxEscaper/polarbearrepo/tree/master/bearlpe 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted May 24, 2019 Author Share Posted May 24, 2019 (edited) A possible future vulnerability based on that code. It may be that it doesn't even work on Windows XP. Interesting is the possibility offered by Novirusthanks OSA which has 2 specific rules: Edited May 24, 2019 by Sampei.Nihira 3 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now