How to fix CVE-2010-3338?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is Windows affected by CVE-2010-3338?

CVE-2010-3338 presents moderate security risk, a input validation vulnerability rated CVSS 7.2. Exploitation could compromise the security of affected deployments. With an EPSS score of 63%, this vulnerability faces very high likelihood of exploitation.

CVE-2010-3338

HIGH

2010-12-16 [email protected]

7.2

CVSS 2.0

CVSS Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:17 vuln.today

PoC Detected

Apr 11, 2025 - 00:51 vuln.today

Public exploit code

CVE Published

Dec 16, 2010 - 19:33 nvd

HIGH 7.2

Description

The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.

Analysis

The Windows Task Scheduler in Vista, Server 2008, and Windows 7 contains a privilege escalation vulnerability that allows local users to gain elevated privileges through crafted applications. The scheduler improperly determines the security context for scheduled tasks, enabling attackers to run code with higher privileges than their current user context.

Technical Context

The Windows Task Scheduler fails to properly validate the security context when executing scheduled tasks. A local user can create a crafted application that exploits this validation failure to execute code in the context of a more privileged user or SYSTEM. The vulnerability was notably used by the Stuxnet malware as one of its local privilege escalation components.

Affected Products

['Windows Vista SP1/SP2', 'Windows Server 2008/R2', 'Windows 7']

Remediation

Apply the October 2010 Microsoft security update (MS10-092). Restrict task creation permissions for standard users. Monitor Task Scheduler for unusual task registrations. Upgrade to a supported Windows version.

Priority Score

129

Low Medium High Critical

KEV: 0

EPSS: +63.3

CVSS: +36

POC: +20

CVE-2010-3338 vulnerability details – vuln.today

Back

CVE-2010-3338

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2010-3338

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code