Security News Windows 10 jailbreak: Google's Project Zero reveals unpatched bug that bypasses app lockdown (new unpatched bug)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.techrepublic.com/article/windows-10-jailbreak-googles-project-zero-reveals-unpatched-bug-that-bypasses-app-lockdown/
Security researchers have just revealed a new unpatched bug that allows attackers to circumvent Windows 10 S' Device Guard feature, which locks the OS to only running whitelisted software.

  • Google's Project Zero security researchers have revealed an unpatched bug that bypasses Device Guard app whitelisting.
  • Device Guard app whitelisting was a major security feature in the Window 10 S OS, whose protections will be now made available throughout Windows 10 as S Mode.
When Windows 10 S was launched by Microsoft last year, the security-focused OS was marketed as being invulnerable to any "known ransomware".
While Windows 10 S will no longer be a separate operating system, its protections will instead soon be rolled out to every Windows 10 edition as part of a new S Mode.
However, security researchers have just revealed a new unpatched bug that allows attackers to circumvent Windows 10 S' Device Guard feature, which locks the OS to only running whitelisted software.

James Forshaw, security researcher with Google's Project Zero says the bug is one of several unfixed flaws in Microsoft's .NET software framework that allows Device Guard to be bypassed.
"There's at least two known DG bypasses in the .NET framework that are not fixed, and are still usable even on Windows 10S."
This latest bug in the .NET framework allows an attacker to run arbitrary code on a system supposed to be protected by Device Guard whitelisting, provided the attacker is first able to update the Windows registry.
Click to expand...
While S Mode has not yet been rolled out across Windows 10, Device Guard is not limited to Windows 10 S, with Microsoft also offering Windows Defender Device Guard to lock down devices running Windows 10 Enterprise edition and Windows Server 2016.
The Project Zero bug is the latest in a series of Windows 10 flaws that have been revealed by Google's security researchers before they have been patched by Microsoft.
Click to expand...
 
  • Like
Reactions: Der.Reisende, Deleted member 65228, ZeroDay and 2 others
D

Deleted member 65228

The .NET Framework was also the cause of an AMSI scanner vulnerability from a few months ago which a security researcher managed to identify and exploit for educational purposes. For the record, Windows Defender and several other Anti-Virus vendors have an implementation for AMSI in their scan engines, therefore yes, the vulnerability was an actual problem.

Source:
Satoshi's note: AMSI Bypass With a Null Character
 
  • Like
Reactions: LASER_oneXM, Der.Reisende and harlan4096
You must log in or register to reply here.

Similar threads

lokamoka820
    • +Reputation
    • Like
Security News Google Chrome Hit by Yet Another Zero-Day Exploit, Update Now
Replies
7
Views
3,141
Security News
Divine_Barakah
Divine_Barakah
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Security News Dismantling Smart App Control
Replies
5
Views
2,547
Security News
oldschool
oldschool
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Security News Project Zero: The Windows Registry Adventure #1: Introduction and research results
Replies
0
Views
1,204
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top