Winsage
December 4, 2024
A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability in the Windows Task Scheduler, designated as CVE-2024-49039, which has a high CVSS score of 8.8. This privilege escalation flaw allows attackers to execute arbitrary code on affected systems with potential for zero-click exploitation. The exploitation of this vulnerability has been traced back to the Russia-aligned threat actor RomCom. Between October 10 and November 4, 2024, potential victims were mainly in Europe and North America, with some regions having up to 250 affected targets. The PoC exploit, available on GitHub, targets the WPTaskScheduler.dll component and demonstrates the ability to bypass restricted token sandboxes. Microsoft has released a patch for CVE-2024-49039, modifying the RPC Interface Security in WPTaskScheduler.dll to require at least Medium Integrity for access. Security experts recommend that Windows users and administrators apply the latest updates and adopt defense-in-depth strategies.