4 matches found
Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call Exploit
This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours...
Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/exploit/exe' require 'msf/core/post/windows/registry'...
CVE-2020-1313
creationtimestamp| type| source ---|---|--- 2020-07-30 10:48:02+00:00| published-proof-of-concept| https://t.me/cKure/1569 2020-09-25 21:17:49+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve20201313systemorchestrator.rb 2024-10-26...
CVE-2020-1313
CVE-2020-1313 is a Windows elevation-of-privilege flaw in the Windows Update Orchestrator Service. The vulnerability stems from improper handling of file operations in the USO/UniversalOrchestrator components, allowing an unprivileged caller to schedule work that can execute with SYSTEM context v...