Lucene search
+L

4 matches found

0day.today
0day.today
added 2020/09/29 12:0 a.m.65 views

Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call Exploit

This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours...

7.8CVSS0.1AI score0.39967EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/09/28 12:0 a.m.337 views

Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/exploit/exe' require 'msf/core/post/windows/registry'...

6.8CVSS0.39967EPSS
Exploits5
Circl
Circl
added 2020/07/30 10:48 a.m.11 views

CVE-2020-1313

creationtimestamp| type| source ---|---|--- 2020-07-30 10:48:02+00:00| published-proof-of-concept| https://t.me/cKure/1569 2020-09-25 21:17:49+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve20201313systemorchestrator.rb 2024-10-26...

7.8CVSS7.1AI score0.39967EPSS
Exploits5References3
CVE
CVE
added 2020/06/09 7:44 p.m.154 views

CVE-2020-1313

CVE-2020-1313 is a Windows elevation-of-privilege flaw in the Windows Update Orchestrator Service. The vulnerability stems from improper handling of file operations in the USO/UniversalOrchestrator components, allowing an unprivileged caller to schedule work that can execute with SYSTEM context v...

7.8CVSS7.7AI score0.39967EPSS
Exploits5References2Affected Software2
Rows per page
Query Builder