silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.
The issue, which advanced hackers exploited as a zero-day in May, is still exploitable but by a different method as security researchers demonstrate with publicly available proof-of-concept code.
Google Project Zero security researcher Maddie Stone discovered that Microsoft’s patch in June did not fix the original vulnerability (CVE-2020-0986) and it can still be leveraged with some adjustments.
Stone says that an attacker can still trigger CVE-2020-0986 to increase their permissions to kernel level by sending an offset instead of a pointer.
On Twitter, the researcher spells it out saying that the original bug was an arbitrary pointer dereference allowing an attacker to control the “src” and “dest” pointers to a memcpy function.
Microsoft’s patch was improper because it changed the pointers to offsets, so the function’s parameters could still be controlled.
In a short, technical report today, she explains how to trigger the vulnerability, now identified as CVE-2020-17008 [...]
Windows zero-day with bad patch gets new public exploit code
Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.
www.bleepingcomputer.com