I've noticed that after installing Google Chrome, two new Scheduled Tasks have appeared in my Windows 10 schtasks. One of them has the /tr of
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Now as far as I know, to create an schtask without the user password, you probably need to create it under the SYSTEM user, and apparently, with Google Update this is the case.
I have two questions:
1) In the arguments of GoogleUpdate.exe, can we assume that /ua is an abbreviation of "User Account"?
2) If so, how can a task running under SYSTEM account, actually manipulate a user account without for example, LoadLibrary or CreateRemoteThread or RtlCreateUserThread. Or is that what Google does?
No comments:
Post a Comment