From 42ccc37bcad1c19fa2019e2bf00366db423bbb5e Mon Sep 17 00:00:00 2001
From: Jacob Robles <jrobles@rapid7.com>
Date: Wed, 19 Sep 2018 10:22:51 -0500
Subject: [PATCH] Added description to module

---
 .../modules/exploit/windows/local/alpc_taskscheduler.md  | 2 +-
 modules/exploits/windows/local/alpc_taskscheduler.rb     | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/documentation/modules/exploit/windows/local/alpc_taskscheduler.md b/documentation/modules/exploit/windows/local/alpc_taskscheduler.md
index 0070726e64..76a6b83b49 100644
--- a/documentation/modules/exploit/windows/local/alpc_taskscheduler.md
+++ b/documentation/modules/exploit/windows/local/alpc_taskscheduler.md
@@ -1,6 +1,6 @@
 ## Description
 
-On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to `.job` files located in `c:\windows\tasks` since the scheduler does not use impersonation when checking this location. Since users can create files in the `c:\windows\tasks` folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. This module has been tested against Windows 10 Pro x64.
+On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to `.job` files located in `c:\windows\tasks` because the scheduler does not use impersonation when checking this location. Since users can create files in the `c:\windows\tasks` folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. This module has been tested against Windows 10 Pro x64.
 
 ## Vulnerable Application
 
diff --git a/modules/exploits/windows/local/alpc_taskscheduler.rb b/modules/exploits/windows/local/alpc_taskscheduler.rb
index 3f780ac1e8..0bf8894537 100644
--- a/modules/exploits/windows/local/alpc_taskscheduler.rb
+++ b/modules/exploits/windows/local/alpc_taskscheduler.rb
@@ -22,7 +22,14 @@ class MetasploitModule < Msf::Exploit::Local
     super(update_info(info,
       'Name'           => 'Microsoft Windows ALPC Task Scheduler Local Privilege Elevation',
       'Description'    => %q(
-        #TODO
+        On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented
+        by the task scheduler service can be used to write arbitrary DACLs to `.job` files located
+        in `c:\windows\tasks` because the scheduler does not use impersonation when checking this
+        location. Since users can create files in the `c:\windows\tasks` folder, a hardlink can be
+        created to a file the user has read access to. After creating a hardlink, the vulnerability
+        can be triggered to set the DACL on the linked file.
+
+        This module has been tested against Windows 10 Pro x64.
       ),
       'License'        => MSF_LICENSE,
       'Author'         =>