TheSecurity Researcher Published 3rd Windows Zero day exploit in last four months
By using this vulnerability, the attacker will not use the malicious file to take full control of the system, but can be accessible some sensitive information.
The Attacker should need to know the file path of a particular file to access information, but according to the researcher it is not a big task for him.
After patching windows internet explorer zero-day vulnerability, A Hacker who use twitter handle account @SandboxEscaper published the zero-day exploit for windows 10. That zero-day exploit is not patched yet and as he posted on twitter not to report about this vulnerability.
The Security flaw in windows is exists in the “MsiAdvertiseProduct” function, which is responsible for installer to “advertise” shortcut and registry about a particular product to windows.”
According to SandboxEscaper, a manually crafted application could trigger a race condition in the functionality, & it allows to read the arbitrary files as system privileges.
For Example: A User with Limited Privileges can read files of the other users account that is not accessible from the another account.
Youtube PoC :
Access information about the static location files with the enumeration techniques this is a bad news because many software like office, actually keeps at static locations.
According to Researcher, to getting information of files like this he can get filename of the documents created by other users, the filesystem and its references to user created files can be found anywhere. So not having the full path of a document not a big deal for the attacker.
Manish Kumawat, Cyber Security Researcher at Cryptus Cyber Security Pvt. Ltd. Confirmed "that the published zero-day exploit works and that is providing the information of such files that should not have access to initial user".
This is the Third windows zero-day exploit published by the same researcher SandboxEscaper in last four months.
No comments
Post a Comment
Note: only a member of this blog may post a comment.