Windows found a new class of bugs


В Windows нашли новый класс баговVulnerabilities are present due to the lack of necessary checks.

James Forshaw, one of the “ethical hackers” of Google’s Project Zero has discovered a new class of vulnerabilities that affect drivers Windows kernel level. In case of successful exploitation of these flaws will provide an attacker escalation of privileges.

Vulnerabilities are present due to the lack of necessary checks during the processing of specific requests. Windows uses field PreviousMode to install UserMode or KernelMode, therefore, determines whether the arguments of the call from a trusted or untrusted source.

This same mechanism is used to create and open files, where code of the kernel can choose from a variety of API functions, including the function IopCreateFile. In this case, the PreviousMode is assigned special variable to determine whether to check the parameters for validity.

Windows also uses this variable to check privileges if it is UserMode. Thus, the Options parameter in IopCreateFile is available for API functions that can be called only from kernel mode – this allows you to set KernelMode as the AccessMode.

Forshaw, published the technical details of the vulnerability, which can be found at this link.

Microsoft is aware of this problem, the developers have promised to fix it in future sets of patches for Windows..


Please enter your comment!
Please enter your name here