New Windows TaskManager Vulnerabilities Allows Command Execution as SYSTEM User

Cybersecurity researchers have demonstrated that by crafting malicious XML files with manipulated metadata, such as author tags filled with oversized buffers, attackers can poison task event logs and even overflow security logs like Security.evtx. These techniques allow attackers to cover their tracks by overwriting logs, making detection difficult. Critical Windows TaskManager involving schtasks.exe binary, which could enable malicious actors to execute commands with SYSTEM-level privileges, bypassing User Account Control (UAC) prompts and erasing audit logs. By exploiting RPC interfaces, malicious actors can inject poisoned XML data into task logs, overwrite audit trails, and even corrupt entire security logs, effectively erasing evidence of malicious activities. Typically, creating a scheduled task with a password (Batch Logon) requires explicit credentials, but attackers can exploit this process to elevate their privileges without user approval. However, Cymulate researchers have identified multiple vulnerabilities that can be exploited to bypass security controls and gain SYSTEM privileges.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 18:05:09 +0000

Cyber News related to New Windows TaskManager Vulnerabilities Allows Command Execution as SYSTEM User

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com

New Windows TaskManager Vulnerabilities Allows Command Execution as SYSTEM User - Cybersecurity researchers have demonstrated that by crafting malicious XML files with manipulated metadata, such as author tags filled with oversized buffers, attackers can poison task event logs and even overflow security logs like Security.evtx. ...
2 months ago Cybersecuritynews.com

Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
8 months ago Bleepingcomputer.com

Microsoft is bringing the Linux sudo command to Windows Server - Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. Superuser do, or sudo, is a Linux console program that allows low-privileged users to execute a ...
1 year ago Bleepingcomputer.com

Cyber Security News Letter: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Attackers are actively exploiting critical vulnerabilities in on-premises Microsoft Exchange and SharePoint servers, using advanced NTLM relay and credential theft techniques for persistent access. Researchers have detected a new JScript loader ...
2 months ago Cybersecuritynews.com CVE-2025-24054

Windows 10 KB5035845 update released with 9 new changes, fixes - Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. After installing this mandatory Windows 10 cumulative update, the March 2024 Patch Tuesday security updates ...
1 year ago Bleepingcomputer.com

Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com

Microsoft unveils new 'Sudo for Windows' feature in Windows 11 - Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. The company is also working on open-sourcing the new tool and recommends Gerardo Grignoli's ...
1 year ago Bleepingcomputer.com

New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
2 months ago Therecord.media

East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com

Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses - As threat actors adapt their techniques, Microsoft has responded with significant security enhancements while organizations navigate a complex threat environment dominated by privilege escalation attacks and driver vulnerabilities. This Windows ...
1 month ago Cybersecuritynews.com CVE-2025-0289

Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com

How to Download the Windows 11 KB5022360 Preview Update with 15 Improvements? - Are you looking to download the Windows 11 KB5022360 Preview update with 15 improvements? Microsoft has recently released the preview of the Windows 11 KB5022360 update that contains several improvements and fixes, including nine security updates, to ...
2 years ago Bleepingcomputer.com

Microsoft introduces flighting for Windows Server insiders - Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. Starting today, admins will also have the option to have new Insider builds installed automatically after checking for updates ...
1 year ago Bleepingcomputer.com

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com

75% of new vulnerabilities exploited within 19 days - Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes - averaging 600 new vulnerabilities per week, according to Skybox Security. The report highlights a critical gap in ...
11 months ago Helpnetsecurity.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com

Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com

Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com

Why CVEs Are an Incentives Problem - I've been thinking about some of these unintended consequences in the context of a growing problem faced by all of us in cybersecurity: how a fast-rising tide of software vulnerabilities tracked as common vulnerabilities and exposures - are reported ...
1 year ago Darkreading.com

Microsoft: Windows 11 24H2 now ready to rollout to everyone - The Windows 11 2024 Update also rolled out to all eligible PCs running Windows 10 22H2 in late January 2025 as part of the broad deployment stage, less than a week after the company announced that it would start force-installing Windows 11 24H2 on ...
1 month ago Bleepingcomputer.com

DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
8 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124

Windows 11 update KB5033375 released with upgraded Copilot AI-assistant - Microsoft has published a new update for Windows 11 versions 23H2 and 22H2 to fix security vulnerabilities and improve Copilot. 2861 and adds new features like Copilot for multiple displays and Alt-Tab. You can grab the Patch by going to Start > ...
1 year ago Bleepingcomputer.com

Windows 11 KB5033375 update released with upgraded Copilot AI-assistant - Microsoft has published a new update for Windows 11 versions 23H2 and 22H2 to fix security vulnerabilities and improve Copilot. 2861 and adds new features like Copilot for multiple displays and Alt-Tab. You can grab the Patch by going to Start > ...
1 year ago Bleepingcomputer.com