Full title: Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call Exploit 
Category: remote exploits
Platform: windows
This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours.

# 0day.today @ http://0day.today/