After configured FFS to work with Windows Task Scheduler in domain environment, odd situation happened: FFS copied all files running under scheduler context(run under specified account), including those unauthorized which are access-forbbiden during normal desktop run.
I set up some other scenario and successfully breached administrator priviledge to have copied files from adminstrator's desktop from a less priviledged windows domain user account.
I believe this is a leak of windows task scheduler. Has anyone every experienced this?
A windows shell copy command would not succeed this way.FFS is so far the only program that i've tested and would successfully make it.I guess this is possiblly related to the multi-thread IO of FFS and these threads may have acquired higher IO priviledge under task scheduler context somehow due to unknown leaks or bugs.
Found a Windows Task Scheduler security leak combines with FreeFileSync may allow copying unauthorized files
- Posts: 1
- Joined: 30 Apr 2019
