Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group

A proof-of-concept (PoC) exploit code for CVE-2024-49039, a zero-day vulnerability in Windows Task Scheduler, has been publicly released, raising concerns about increased attacks. This vulnerability, with a CVSS score of 8.8, allows attackers to escalate privileges and execute code at a higher integrity level.

Vulnerability Details:

CVE-2024-49039 enables attackers to bypass security restrictions and execute arbitrary code with elevated privileges. This flaw resides in the Windows Task Scheduler service, a critical component responsible for scheduling and automating tasks. By exploiting this vulnerability, attackers can gain a foothold in the system and potentially take complete control.

Exploitation in the Wild:

The RomCom cybercrime group, known for its sophisticated attacks, has been observed actively exploiting this zero-day vulnerability in recent campaigns targeting Firefox and Tor Browser users across Europe and North America. These attacks involve chaining CVE-2024-49039 with another zero-day (CVE-2024-9680) in Firefox to achieve code execution outside the browser’s sandbox.

Technical Analysis:

The vulnerability likely stems from a flaw in the WPTaskScheduler.dll component, which is integral to Task Scheduler since Windows 10 version 1507. Analysis suggests that this vulnerability allows attackers to bypass security measures like Restricted Token Sandbox and child-process restrictions, effectively elevating their privileges to a Medium Integrity level.

PoC Availability and Impact:

The release of PoC code on Github further amplifies the risk, as it provides malicious actors with a readily available tool to exploit CVE-2024-49039. This situation necessitates immediate action from users and organizations to mitigate potential threats.

Mitigation:

Microsoft addressed this vulnerability with a security update released on November 12th. Users are strongly urged to apply this update as soon as possible to protect their systems. Additionally, maintaining updated software and exercising caution when opening suspicious emails or clicking on unknown links can help prevent falling victim to such attacks.

do son

Leave a Comment Cancel Reply

London, GB

9:46 am, Jun 10, 2025

18°C

L: 17° | H: 18°

Feels like 17°C° overcast clouds

Humidity: 76 %

Pressure: 1016 mb

Wind: 15 mph WSW

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 100%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 4:43 am

Sunset: 9:16 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

17° | 18°°C 0.2 mm 20% 11 mph 76 % 1020 mb 0 mm/h

Tomorrow 10:00 pm

12° | 23°°C 0 mm 0% 12 mph 88 % 1021 mb 0 mm/h

Thu Jun 12 10:00 pm

15° | 22°°C 1 mm 100% 11 mph 91 % 1016 mb 0 mm/h

Fri Jun 13 10:00 pm

15° | 26°°C 1 mm 100% 10 mph 95 % 1019 mb 0 mm/h

Sat Jun 14 10:00 pm

17° | 24°°C 1 mm 100% 11 mph 96 % 1019 mb 0 mm/h

Today 10:00 am

17° | 18°°C 0 mm 0% 11 mph 76 % 1016 mb 0 mm/h

Today 1:00 pm

18° | 20°°C 0.2 mm 20% 10 mph 74 % 1016 mb 0 mm/h

Today 4:00 pm

21° | 22°°C 0.2 mm 20% 9 mph 62 % 1017 mb 0 mm/h

Today 7:00 pm

21° | 21°°C 0 mm 0% 6 mph 47 % 1018 mb 0 mm/h

Today 10:00 pm

16° | 16°°C 0 mm 0% 4 mph 64 % 1020 mb 0 mm/h

Tomorrow 1:00 am

15° | 15°°C 0 mm 0% 4 mph 78 % 1021 mb 0 mm/h

Tomorrow 4:00 am

12° | 12°°C 0 mm 0% 4 mph 88 % 1020 mb 0 mm/h

Tomorrow 7:00 am

15° | 15°°C 0 mm 0% 4 mph 76 % 1021 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€95,656.38	3.41%
Ethereum(ETH)	€2,343.10	7.52%
Tether(USDT)	€0.88	0.00%
XRP(XRP)	€2.00	1.94%
Solana(SOL)	€138.37	4.75%
USDC(USDC)	€0.88	0.00%
Dogecoin(DOGE)	€0.166612	4.96%
Shiba Inu(SHIB)	€0.000011	4.12%
Pepe(PEPE)	€0.000011	10.48%
Peanut the Squirrel(PNUT)	€0.253557	12.17%

Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us