An attacker could exploit Task Scheduler vulnerability by running a specially crafted application which allows elevated privileges to the logged on user. Therefore, an attacker needs to have a valid logon user account in order to be able to exploit this weakness. This vulnerability affects Windows Vista, Windows 7, Windows Servers 2008 and 2008 R2. Microsoft has released a security update that addresses the weakness in Task Scheduler while users who have enabled automatic updating need not to worry as the fix was included in December 2010 release updates.
For more information visit Microsoft’s security bulletin MS10-092