Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MS14-054: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)

🗓️ 10 Sep 2014 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 38 Views

Vulnerability in Windows Task Scheduler. Privilege escalation

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2014-4074
10 Sep 201401:00
cve
Cvelist		CVE-2014-4074
10 Sep 201401:00
cvelist
EUVD		EUVD-2014-4005
7 Oct 202500:30
euvd
Kaspersky		KLA10601 Multiple vulnerabilities in Microsoft products
11 Nov 201400:00
kaspersky
NVD		CVE-2014-4074
10 Sep 201401:55
nvd
OpenVAS		Microsoft Windows Task Scheduler Privilege Escalation Vulnerability (2988948)
10 Sep 201400:00
openvas
Prion		Security feature bypass
10 Sep 201401:55
prion
securityvulns		Microsoft Windows multiple security vulnerabilities
15 Sep 201400:00
securityvulns
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77574);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2014-4074");
  script_bugtraq_id(69593);
  script_xref(name:"MSFT", value:"MS14-054");
  script_xref(name:"MSKB", value:"2988948");

  script_name(english:"MS14-054: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)");
  script_summary(english:"Checks the version of Schedsvc.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by a privilege escalation
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by a privilege escalation
vulnerability. The vulnerability is due to improperly conducted
integrity checks on tasks by Windows Task Scheduler. An authenticated
attacker can exploit this vulnerability to execute arbitrary code in
the context of the local system user.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-054");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 8, 2012, 8.1, and
2012 R2.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-054';
kb = '2988948';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 8.1 / Windows Server 2012 R2
  hotfix_is_vulnerable(os:"6.3", sp:0, file:"Schedsvc.dll", version:"6.3.9600.17276", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 8 / Windows Server 2012
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"Schedsvc.dll", version:"6.2.9200.17068", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"Schedsvc.dll", version:"6.2.9200.21188", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Nov 2018 20:50Current
6.2Medium risk
Vulners AI Score6.2
CVSS 27.2
EPSS0.01722
windowstask schedulerprivilege escalationvulnerabilityelevation of privilegems14-054cve-2014-4074schedsvc.dllpatchsecurity bulletin
38