Security researchers have recently discovered a security flaw in Windows Task Scheduler. The flaw is so severe that it can lead hackers the access to Windows system. The security issue was first pointed out by a user named SandboxEscaper, on Twitter. SandboxEscaper expressed her dissatisfaction on the Microsoft bug Bounty program.
The main security issue is that the bug provides elevated admin privileges to any local user using the computer. It has also been found that the security flaw works on on 64-bit Windows 10 and Windows Server 2016 systems. This is not the first time Microsoft is facing such a security flaw. Back in June, a critical error in Cortana provided admin privileges of executing PowerShell commands to local users. At that time, the bug was identified by McAfee security team.
This time it is The United States Computer Emergency Readiness Team (US-CERT). According to them, the security bug lies in the handling of the Advanced Local Procedure Call (ALPC) interface. ALPC is provided by the Microsoft Windows kernel and is responsible for aiding a client process in communicating with a server process.
However, right now, there is no bug fixes available yet. Definitely Microsoft will work out a way. But as of now, the security flaw continues im your Windows 10 machine.