ESET Research
In the meantime, our continued analysis of the exploit revealed a second vulnerability. An undocumented Windows Task Scheduler RPC interface allows applications to be elevated to medium level integrity without checking the caller’s level of privileges. 4/7
