"Nicky Rivaldo" Tracklist
Tomorrowland 2015 Official Warm Up Mix
mercredi 7 janvier 2015
dimanche 4 janvier 2015
vendredi 2 janvier 2015
Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability
The researcher also provided a Proof of Concept (PoC) program for
the vulnerability. Forshaw says that he has tested the PoC only on an
updated Windows 8.1 and that it is unclear whether earlier versions,
specifically Windows 7, are vulnerable.
Forshaw unearthed the bug in September 2014 and thereby notified on the
Google Security Research mailing list about the bug on 30th September.
Now, after 90 days disclosure deadline the vulnerability and Proof of
Concept program was made public on Wednesday.
The vulnerability resides in the function AhcVerifyAdminContext, an internal function and not a public API which actually checks whether the user is an administrator.
"This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator," Forshaw wrote in the mailing list. "It reads the caller's impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem's SID."
"It doesn't check the impersonation level of the token so it's possible to get an identify token on your thread from a local system process and bypass this check. For this purpose the PoC abuses the BITS service and COM to get the impersonation token but there are probably other ways."
The PoC contains two program files and some set of instructions for
executing the files which, if successful, finally result in the Windows
calculator running as an Administrator. According to the researcher, the
vulnerability is not in Windows User Account Control (UAC) itself, but
UAC is used in part to demonstrate the bug.
Forshaw tested the PoC on Windows 8.1 update, both 32 bit and 64 bit
versions, and he recommended users to run the PoC on 32 bit. To verify
perform the following steps:
- Put the AppCompatCache.exe and Testdll.dll on disk
- Ensure that UAC is enabled, the current user is a split-token admin and the UAC setting is the default (no prompt for specific executables).
- Execute AppCompatCache from the command prompt with the command line "AppCompatCache.exe c:\windows\system32\ComputerDefaults.exe testdll.dll".
- If successful then the calculator should appear running as an administrator. If it doesn't work first time (and you get the ComputerDefaults program) re-run the exploit from 3, there seems to be a caching/timing issue sometimes on first run.
A Microsoft spokesperson confirms the vulnerability and says that it’s already working on a fix:
"We are working to release a security update to address an Elevation of Privilege issue. It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine. We encourage customers to keep their anti-virus software up to date, install all available Security Updates and enable the firewall on their computer."
At the time of posting this article, there's no patch available and all Windows 8.1 systems are vulnerable to hackers.
source :
source :
Inscription à :
Articles (Atom)