Домой United States USA — software Despite Microsoft’s objections, Google release a jailbreak for Windows 10 S

Despite Microsoft’s objections, Google release a jailbreak for Windows 10 S

272
0
ПОДЕЛИТЬСЯ

Google’s Project Zero team has done it again, releasing a “Medium Severity” exploit for Windows 10 S which means users will be able to run arbitrary code on Microsoft’s locked down operating system, Windows 10 S. The flaw is due to how Windows 10 S verifies the identity of a list of high privilege components,…
by Surur
@mspoweruser
Google’s Project Zero team has done it again, releasing a “Medium Severity” exploit for Windows 10 S which means users will be able to run arbitrary code on Microsoft’s locked down operating system, Windows 10 S.
The flaw is due to how Windows 10 S verifies the identity of a list of high privilege components, which is to say very poorly.
In detail Google describes it as such:
The WLDP COM Class lockdown policy contains a hardcoded list of 8 to 50 COM objects which enlightened scripting engines can instantiate. Excluding issues related to the looking up of the correct CLSID (such as previously reported abuse of TreatAs case 40189). This shouldn’t be a major issue even if you can write to the registry to register an existing DLL under one of the allowed COM CLSIDs as a well behaved COM implementation should compare the CLSID passed to DllGetObject against its internal list of known objects.
Turns out. NET is not one of these well behaved COM implementations. When a. NET COM object is instantiated the CLSID passed to mscoree’s DllGetClassObject is only used to look up the registration information in HKCR. At this point, at least based on testing, the CLSID is thrown away and the. NET object created. This has a direct impact on the class policy as it allows an attacker to add registry keys (including to HKCU) that would load an arbitrary COM visible class under one of the allowed CLSIDs. As. NET then doesn’t care about whether the. NET Type has that specific GUID you can use this to bootstrap arbitrary code execution by abusing something like DotNetToJScript.
Windows 10 S is the main OS affected, and in the absence of a remote code, the exploit would mean hackers would need physical access to the PC to run the initial code. Given that Windows 10 S is often used in situations where the user is not trusted (such as schools) however this could mean that smart users will be able to hack the operating system and run arbitrary code, which could be a step to fully unlocking the operating system.
Microsoft was notified of the flaw on January 19th but planned to release the fix as part of Redstone 4. This was however well beyond Google’s 90-day disclosure window, and despite Microsoft’s repeated request for an extension Google has now released detailed information on the exploit.
Given that Windows 10 S is not currently widely deployed I suspect not much will come from this small spat, but it is interesting that Microsoft failed to anticipate this issue, which suggests Microsoft needs to work harder on auditing their software and methods for security implementation issues.
Via Neowin
Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.
by Surur on April 19,2018
by Surur
by Pradeep
by Surur
You can now save up to €217 on select Surface Laptop models from Microsoft Store Spain. The Surface Laptop offers the perfect balance of portability and performance. At just 2.76 pounds, …
Fitbit is having a sale on their fitness trackers, offering discounts as deep as $50 on their most expensive models. The timing is of course opportune, partially due to the post-holiday hea…
Samsung’s 850 EVO series SSD is the No.1 selling SSD in the market right now. It is powered by Samsung’s V-NAND technology with up to 540MB/s and 520MB/s sequential Read/Write pe…
Microsoft Store online today kicked off its Countdown to 2018 sale. You can get huge discounts on popular apps, hottest games, movies and TV. Find the deals that are available below. Xbox Di…
In the summer Oculus announced a price drop for their Oculus Rift headset taking it to an astonishing $399 for the headset and controllers, around half the launch price of the bundle before …
Microsoft Store’s annual 12 Days of Deals promotional campaign has started today. Microsoft Store will announce a new deal daily at midnight ET through Dec. 17 – featuring products from …
Microsoft Store UK’s Black Friday deals are now live and you can get discounts on latest Surface devices, Xbox consoles, Windows PCs, accessories and more. You will be able to save up…
You can save up to 30% on select SanDisk memory products from Amazon as part of their Deal of the Day promotion. This sale includes lot of popular SanDisk products including SanDisk Ultra 1…
You can now get huge discounts on popular laptops as part of the Lenovo Black Friday 2017. If you are looking for a mainstream laptop, check out the Ideapad 720s which comes with premium met…
HP, the No.1 PC OEM in the world is now running their biggest sale of 2017 as part of their Black Friday promotions. You will be able to find amazing deals on HP laptops, desktops, monitors,…

Continue reading...