Known issue 1
After you install this security update, you may receive an error message that resembles the following when you open Task Scheduler (taskschd.msc):
Task taskname: The task image is corrupt or has been tampered with.
Specifically, this problem can occur in the following scenario:
- Your computer is running Windows Vista or Windows Server 2008.
- You install security update 2305420.
- You upgrade to the release version (RTM) of Windows 7 or Windows Server 2008 R2.
- You install Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2.
In this scenario, all inbox tasks in Windows Server 2008 R2 and all tasks that are created after the upgrade from Windows Vista and Windows Server 2008 are affected.
To avoid this problem, use one of the following methods:
- Upgrade directly from Windows Vista or Windows Server 2008 to a version of Windows 7 or Windows Server 2008 R2 that includes SP1.
- After you upgrade to the RTM version of Windows 7 or Windows Server 2008 R2, install security update 2305420 before you install SP1.
To resolve this issue if it has already occurred, follow the steps in the “Workaround” section of “Known issue 2.”
Known issue 2
After you upgrade from Windows Vista or Windows Server 2008 to Windows 7 or Windows Server 2008 R2 by using an installation package that includes this security update (KB2305420), you may find that scheduled tasks do not work correctly. For example, you may receive an error message that resembles the following when you open Task Scheduler:
This task image is corrupt or has been tampered with.
When you close the message, the task no longer appears in Task Scheduler.
Workaround
Important When you use the following registry workaround, any tasks that may have been corrupted by malware will also be validated. We recommend that you validate the Action that is associated with each task, including inbox tasks, to verify that the task is valid and is not associated with malware.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
NoteYou must perform the following steps while logged on as a local user who has administrative permissions.
To recover the corrupted tasks, follow these steps:
Step 1: Locate the corrupted task references in the registry and in Task Scheduler
To do this, follow these steps:
- Open Task Scheduler.
- Expand Task Scheduler Library tree in the left pane, and located the folder that contains the corrupted task. Make a note of the location of the corrupted task. You will need this information later in this procedure.
- Locate the registry sub-key that corresponds to the corrupted task in one of the following registry sub-key. You can locate the subkey by searching for the name of the task:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
Click the registry sub-key that corresponds to the corrupted task, and then make a note of the GUID value in the “Id” entry. For example, {2911FBBD-A0AA-4A79-A8EE-84EF7555A71B}. You will need this information in the next step of this procedure.
- Locate the registry sub-key that corresponds to the corrupted task in one of the following registry three sub-keys. To locate this sub-key, search for the GUID value that you noted in the previous step. For example, {2911FBBD-A0AA-4A79-A8EE-84EF7555A71B}. The task will exist in only one of the three locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain
Or:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon
Or:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot
Make a note of the registry location of the corrupted task. You will need this information later in this procedure.
Step 2: Create a temporary copy of the corrupted task file
To do this, follow these steps:
- Open the following folder in Windows Explorer:
- %SYSTEMDRIVE%\Windows\System32\Tasks\<Corrupted_Task_Name>
- Locate and then copy the task file that corresponds to the corrupted task to a temporary location.
Step 3: Clean up the corrupted task
To do this, follow these steps:
- Delete the task file that corresponds to the corrupted task from the Tasks folder (%SYSTEMDRIVE%\Windows\System32\Tasks).
- Delete the registry sub-key that corresponds to the corrupted task from the following registry sub-key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
- Delete the registry sub-key that corresponds to the corrupted task from the following registry sub-key. The task will be in GUID format. For example, {2911FBBD-A0AA-4A79-A8EE-84EF7555A71B}.Note Refer to the note that you made earlier in this procedure to locate the registry folder.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
- Delete the registry sub-key that corresponds to the corrupted task from one of the following registry three sub-keys. The task will exist in only one of the three locations and will be in GUID format. For example, {2911FBBD-A0AA-4A79-A8EE-84EF7555A71B}.Note Refer to the note that you made earlier in this procedure to locate the registry folder.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain
Or:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon
Or:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot
Step 4: Re-create the task by using the temporary backed-up copy
To do this, follow these steps: To do this, follow these steps:
- Open Task Scheduler.
- Expand Task Scheduler Library tree in the left pane, and open the folder that previously contained the corrupted task.Note Refer to the note that you made earlier in this procedure to locate the folder.
- Right-click the folder that previously contained the corrupted task, and then click Import Task.
- In the Open dialog box, select All files (*.*). Browse to the temporary folder that contains the backed up task file, and then select the task file. Click Open. The new task is created and is visible in Task Scheduler.
Or, you can use the following command line command to restore the backed-up task:
Schtasks.exe /CREATE /TN <New_Task_Name> /XML <Xml_File_Name>
MS10-092: Vulnerability in Task Scheduler could allow for elevation of privilege.
guynaftaly 