Google Project Zero reveals another Windows elevation of privilege vulnerability

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Google's Project Zero team is famous (or infamous, depending upon which side of the fence you are) for discovering vulnerabilities in the software developed by the company itself as well as those built by other firms. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure. Depending upon the complexity of the fix required, it sometimes also offers additional days in the form of a grace period.

The security team has discovered and disclosed multiple security flaws in the past few years following the respective vendor's inability to patch them in a timely manner. This includes Qualcomm's Adreno GPU drivers, Microsoft's Windows, Apple's macOS, and more. It recently also unveiled a new Rowhammer variant that can be used to alter the memory contents of new DRAM chips. A couple of months ago, Google disclosed a Windows bug that could cause elevation of privilege (EoP) following a botched fix from Microsoft, and today, it has done almost exactly the same.

The highly technical report can be found here for those curious, but the gist of the matter is that the default rules of the Windows Filtering Platform (WFP) permit executable files to connect to TCP sockets in AppContainers, which leads to EoP. Essentially, some rules defined in WFP can be matched by a malicious actor to connect to an AppContainer and inject malicious code.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top