This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.
Local users can elevate their privileges.
The registry key SYSTEM\CurrentControlSet\Services\Schedule is
writeable by users who are not in the admin group.
Since the scheduler runs with SYSTEM privileges, this allow a
malicious user to gain these privileges on this system.
Use regedt32 and set the permissions of this key to :
- admin group : Full Control
- system : Full Control
- everyone : Read
Risk factor :
High / CVSS Base Score : 7.2