This Just In! - News, X-Pert Advice

Criminals Exploiting Flaw in Windows 10 Task Scheduler

Four Marketing Pillars to Build a Business, Compromised Email Accounts Revealed, scammers, New Ransomware Target Identified, Networking Etiquette, Is Your Home Router Hackable?, Cerber Ransomware Uses Dropbox to Avoid Detection, Almost Perfect Phishing Technique Now Active, Two-Factor Authentication Now Compromised, World Wide Ransomware, Microsoft Defends Against WannaCry Ransomware, OneLogin Secure Signin Service Breached, Petya Ransomware Flooding the World, Cogeco Phishing Attack Targets Subscribers, Home Renovation Tips, WPA2 wireless security, Windows Requirements for Meltdown and Spectre Updates, 4 Reasons A Small Business Owner With A CFO Mindset Can Succeed, WordPress Update Breaks Automatic Update Capability, RCMP Warn Wi-Fi Users to be Aware of Honeypots, CYBER FRAUD PREVENTION AND PROTECTION, Small Businesses Overspending on Cybersecurity Experts Say, Top Questions the CRA Gets at Tax Time, Windows 10 April 2018 Update Coming Soon, VPNFilter Malware has Affected Over 1 million Routers, 4 Ways Businesses Can Survive Disruptions Beyond Your Control, Criminals exploiting flaw in Windows 10 Task Scheduler

A recently reported flaw in the Windows 10 Task Scheduler has already been exploited due to irresponsible reporting by security researcher

In late August, a researcher reported to Microsoft a security flaw in the Windows 10 Task Scheduler.  Security researchers (called white-hat hackers) spend their time trying to find vulnerabilities in systems.  They then report their findings to the owners of the affected systems, provide a “proof of concept” example (to prove to the owners that there is, indeed, a vulnerability) and collect a reward.  That’s how researchers earn a living.

The affected systems are usually fixed by the company before the public ever finds out about the issue.  Only after the fix is in place is the research published.  That’s how it’s supposed to work.

Sometimes, however, a researcher may publish the “proof of concept” prematurely, and criminals (called black-hat hackers) will feverishly work on trying to “reverse engineer” the proof of concept and create an exploit before the company can fix it.  This reverse engineering takes time, and more often than not, the fix is in place before the exploit can be perfected.

In this particular instance, however, the researcher announced the flaw via Twitter, released the “proof of concept” and also published the exact recipe for creating it (i.e. the source code)!  As a result, as soon as the research was published, it was instantly available to be used by the criminals.

Because there is no fix for this flaw, you should be particularly careful NOT to open any email attachments unless you are certain they are safe.  If a malicious attachment is opened, your computer can be infected with a “back door” which will allow criminals to take full control of your computer.  As of this writing, there is no way to detect whether your computer has been compromised.

I will update this article as more information becomes available.

Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one.