IE Task Scheduler Vulnerability

A vulnerability exists in an optional component of Internet Explorer 5 that could allow a malicious user to gain additional privileges on a Windows NT machine that allowed him or her to create or change files.

Issue

IE 5 includes an Offline Browsing Pack that is not installed by default. The Offline Browsing Pack provides a Task Scheduler that replaces the native Windows NT Schedule Service (the schedule service is also known as the "AT Service"). A vulnerability in the Task Scheduler poses a privilege elevation risk and could allow normal users to execute code on the local machine in System context. (The Windows NT Schedule Service does not have this vulnerability).

The IE 5 Task Scheduler controls who can create and submit "AT jobs." The utility that is used to create AT jobs can only be run by an administrator, and the Task Scheduler will only execute AT jobs that are owned by administrators. However, if a malicious user had change access to an existing file owned by an administrator (it would not need to be an AT job), he or she could modify it to be a valid AT job and place in the appropriate folder for execution. This would bypass the control mechanism and allow the job to be executed.

This vulnerability would primarily affect machines that allow normal users to interactively log onto them. The patch eliminates this vulnerability by digitally signing all AT jobs at creation time, and verifying the signature at execution time.

Affected Products

• Internet Explorer 5 on Windows NT 4.0

Download

Patch: http://www.microsoft.com/msdownload/iebuild/ie501_win32/en/ie501_win32.htm

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: November 29, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<