CVE-2024-49039 - Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Project:Microsoft
Product:Windows
Date Added:2024-11-12Due Date:2024-12-03
Vulnerability Name
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Description
Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
https://nvd.nist.gov/vuln/detail/CVE-2024-49039
Related News Articles
Mozilla warns Windows users of critical Firefox sandbox escape flawMarch 27, 2025
Firefox and Windows zero-days exploited by Russian RomCom hackersNovember 26, 2024
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated CyberattacksNovember 26, 2024
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler BugsNovember 13, 2024