Windows Zero-Day PoC Lets You Read Any File with System Level Access

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/windows-zero-day-poc-lets-you-read-any-file-with-system-level-access/
For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows reading into unauthorized locations.
Known by the moniker SandboxEscaper, the researcher released details about a security vulnerability affecting ReadFile.exe, which, as its name indicates, allows reading data from specific locations.

Exploit code works

The glitch is in the "MsiAdvertiseProduct" function, which Microsoft describes as being able to generate an advertise script or advertises a product to the computer" and that it "enables the installer to write to a script the registry and shortcut information used to assign or publish a product."
Calling this function leads to an arbitrary file copy by the installer service, which is controllable by the attacker, the researcher explains.
SandboxEscaper explains that despite a check being done, the protection can be bypassed via a time to check to time to use (TOCTOU) race condition type.
The end result, she says, is the possibility to copy any files with SYSTEM privileges, with the destination being readable at all times. Because of this, she calls it an arbitrary file read vulnerability.
SandboxEscaper also makes available a video to demonstrate her findings:
... ... ....
Click to expand...
 
  • Like
Reactions: ChemicalB, upnorth and harlan4096
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
She also managed to get the attention of the FBI, as she received a notification from Google about the agency issuing a subpoena for information release about her Google account. The reason before FBI's move is currently unknown, but it may not be in relation to SandboxEscaper dumping Windows zero-days and exploit code into the public space. It could have something to do with a short-lived tweet from her allegedly containing a threat against the US President.
Click to expand...
What about Secret Service? :unsure:
JM Security said:
Hope this vulnerability will be fixed soon. Very soon.
Click to expand...
Keep an eye open on 0patch as they working on it.

 
  • Like
Reactions: ChemicalB and JM Safe
You must log in or register to reply here.

Similar threads

F
    • Like
    • +Reputation
Security News Windows Kernel bug fixed last month exploited as zero-day since August
Replies
0
Views
1,066
Security News
Freki123
F
Gandalf_The_Grey
    • Like
    • +Reputation
WinRAR flaw lets hackers run programs when you open RAR archives - fixed in version 6.23
Replies
1
Views
1,764
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Applause
Trend Micro fixes endpoint protection zero-day used in attacks
Replies
1
Views
1,144
News Archive
Moonhorse
Moonhorse

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top