未加星标

New Windows Zero-day Bug Allows Deleting Arbitrary Files

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二03 | 时间 2019 | 作者 红领巾 ] 0人收藏点击收藏

A security researcher released exploit code for an unpatched bug in windows that could allow an attacker with limited privileges to delete system files.

Exploiting the bug requires winning a race condition on the machine, so a successful exploit can take some time as it will retry until it succeeds, the researcher who uses the online handle SandboxEscaper said in the release notes.

Recent Articles By Author

‘Five Eyes’ Countries Attribute APT10 Attacks to Chinese Intelligence Service Researcher Drops Third Windows Zero-Day Exploit in Four Months Emergency Patch for Zero-Day Vulnerability in Internet Explorer

This is the fourth Windows zero-day vulnerability publicly disclosed by SandboxEscaper in the past four months and the second in December.

Two weeks ago, the researcher published details about a vulnerability that could be exploited from a limited account to read files that shouldn’t normally be accessible to that account. That flaw could lead to sensitive information disclosure.

The new bug can be used to crash systems by deleting critical system files. For example, the researcher’s proof-of-concept exploit deletes a file called pci.sys that’s required during the boot process.

In the release notes, SandboxEscaper also speculates that the vulnerability could potentially be used to disable antivirus programs by deleting their components. If true, it canproveuseful to attackers who gain a foothold on a computer to ensure that their secondary malicious payloads are not detected and blocked.

“This latest 0day from SandboxEscaper requires a lot of patience to reproduce,” Will Dormann, an analyst with the CERT Coordination Center (CERT/CC), said on Twitter . “And beyond that, it only *sometimes* overwrites the target file with data influenced by the attacker.”

However, the exploit’s reliability problems don’t seem to matter too much, as long as the attacker has virtually unlimited retries to win the race condition and can check the result.

“I haven’t tried it out yet but if it’s a local privilege escalation and you can check if exploit succeeded, I suppose it doesn’t matter if it only works once in a hundred tries,” said Mitja Kolsek , CEO of ACROS Security and co-founder of the 0patch.com micropatching service.

This time around, SandboxEscaper claims to have emailed details of the bug to Microsoft ahead of the disclosure, but only by a couple of days, to “give them a headstart.”

Microsoft’s next Patch Tuesday is Jan. 8 and it’s unlikely that the company will release a patch for this vulnerability until then. Microsoft only releases out-of-band patches for critical vulnerabilities that are already exploited in the wild,as it did recently for a vulnerability in Internet Explorer reported by Google.

This bug doesn’t appear to meet those criteria yet, but the first zero-day exploit released by SandboxEscaper back in August ―a privilege escalation flaw in Windows Task Scheduler―was quickly adopted by hackers and was used in real-world attacks.

EU Will Sponsor Bug Bounties for 14 Open Source Projects

The European Commission has allocated around 851,000 euros (more than $973,000) to sponsor bug bounty programs for 14 open source software projects that are used by European Union institutions.

This is a continuation of the Free and Open Source Software Audit (FOSSA) project initiated by the EU Parliament and European Commission in 2014 to provide code audits for the Apache web server and KeePass password manager.

This second phase involves funding bug bounty programs and began in November 2017, with a pilot program for VLC media player. Now the commission has extended it to 14 other projects : 7-zip, the GNU C Library (glibc), Drupal, the Filezilla FTP client, KeePass, Notepad++, Apache Kafka, PuTTY, FLUX TL, Digital Signature Services (DSS),php Symfony, Apache Tomcat, WSO2 and midPoint.

Some of the bounty programs will run through the HackerOne platform, while others through Intigriti. The covered projects were selected as a result of a public survey and an inventory of open-source software used by the EU institutions.

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

代码区博客精选文章
分页:12
转载请注明
本文标题:New Windows Zero-day Bug Allows Deleting Arbitrary Files
本站链接:https://www.codesec.net/view/628028.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(32)