Technical Information

Brief overview of the risk:
The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run. An attacker who successfully exploited this vulnerability could bypass access control list (ACL) checks and run privileged executables.

Detailed Information on the risk:

A security feature bypass vulnerability exists when Windows Task Scheduler fails to properly validate and enforce impersonation levels. The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run.
An attacker who successfully exploited this vulnerability could bypass ACL checks and run privileged executables. The update addresses the vulnerability by correcting how Task Scheduler validates impersonation levels.

Further information on this exploit is available at : MS15-028

Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 
Windows 8 for 32-bit Systems 
Windows 8 for x64-based Systems 
Windows 8.1 for 32-bit Systems 
Windows 8.1 for x64-based Systems 
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2 
Server Core installation option
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 
Windows Server 2012 (Server Core installation) 
Windows Server 2012 R2 (Server Core installation)