|
Microsoft 'IE Task Scheduler' Vulnerability patch
-
Version
1
IE 5 includes an Offline Browsing Pack that is not installed by default. The Offline Browsing Pack provides a Task Scheduler that replaces the native Windows NT Schedule Service (the schedule service is also known as the 'AT Service'). A vulnerability in the Task Scheduler poses a privilege elevation risk and could allow normal users to execute code on the local machine in System context. (The Windows NT Schedule Service does not have this vulnerability). This vulnerability would primarily affect machines that allow normal users to interactively log onto them. The patch eliminates this vulnerability by digitally signing all AT jobs at creation time, and verifying the signature at execution time.
|