New Security Bugs : MS says behavior was as intended

[Victor M]

Content source

https://www.bleepingcomputer.com/news/security/new-stealthy-techniques-let-hackers-gain-windows-system-privileges/

Gets SYSTEM privilege ! No fixes in Sight.

New stealthy techniques let hackers gain Windows SYSTEM privileges

Security researchers have released NoFilter, a tool that abuses the Windows Filtering Platform to elevate a user's privileges to increases privileges to SYSTEM, the highest permission level on Windows.

www.bleepingcomputer.com

 

[ForgottenSeer 97327]

Off topic Question to native English speaking members

Funny the article mentions RPC call. RPC stand for Remote Procedure Call. So RPC call is sort of redundant.

I am not native English but have often struggled a bit with abbreviations, like the author used here. I know it is custom to first use the the full name with abbreviation after it "He looked for Remote Procedural Call (RPC) servers running" so further in your piece of text you can refere to the abbreviation. My struggle is that sometimes using the abbreviation solely, the sentence might be unclear to the readers who are no insiders. The author uses the abbreviation RPC but adds the text "calls" to the abbreviation so the sentence is better readable "RPC calls to Spooler" (although redundant because it reads as 'Remote Procedure Call calls').

Is this okay to do? I am writing a piece of content for a mixed audience (iboth insiders and outsiders) and had also taken the liberty of above redundancy to increase readability. But our translator who checked my English text had removed them all. What is the opinion of native English speakers on this?

 

[ForgottenSeer 97327]

To return to the topic: It seems a very "useable" way of getting access by simply starting this chain of events with the "RpcOpenPrinter" call *which iswhat it says no big thing just opening a printer somewhere in the network for access". Question to more knowledgeable readers: It is quite scaring to obtain such a seemingly simple priveledge escalation. Microsoft responding with "works as designed and intended" seems to dismiss its severity. So what is the catch, do you need to have elevated rights already to abuse this privilege escalation?

 

[Andy Ful]

If I correctly understood the article it is about privilege escalation from high to system privileges. Although some of the reported techniques can be new, they follow from the design of Windows. The user with high privileges can do anything (including privilege escalation)*. There are many known and yet unknown techniques to do it. In many cases, Microsoft cannot prevent this, except for adding some behavior-based rules to Defender. Some techniques can be probably prevented in the future by adding/extending Windows built-in security layers.

The Microsoft reaction would be different if the technique could allow a privilege escalation from standard privileges.

Edit.
* - anything at the User-level and many things at the Kernel-level.

 

[Sandbox Breaker]

Problem with windows it that its too easy to pull off junk like this. I don't use it as a platform any longer. Plugging a leaking ship. Better to jump.

 

[Andy Ful]

For many users, Windows is like living on Earth - choosing another system would be like a space journey.

 

[Sandbox Breaker]

Nuff said

For many users, Windows is like living on Earth - choosing another system would be like a space journey.

 

[cartaphilus]

For many users, Windows is like living on Earth - choosing another system would be like a space journey.

For me I like to game (even though it's been ages since I did so). Sadly gaming on Linux has been 1 year away since 1996.