This is an interesting find I reported to MSRC. It can have a security impact and can be used in local attacks. It requires administrative privileges for system-wide impact and, for this reason, MSRC does not consider this to be a valid security vulnerability. Nevertheless, it would be useful to know about its existence. I believe that Microsoft will eventually prepare a patch for it, but I don't know when (they haven't informed me about a patch schedule only that they appreciate my report).
It's possible to freeze digital signature verification in an infinite loop. This can severely affect many secure communications, UAC and Applocker and AV software. Most antivirus software will fail to detect even known malware.
In addition, integrity-monitoring software may become unresponsive,
Least privilege principle is a must to avoid this flaw. Avoid executing installers and/or using programs/files from people you don't trust.
Video: https://www.youtube.com/watch?v=d1ty35N1ay0
Interesting CryptoAPI weakness (not security vulnerability)
-
poolside
Re: Interesting CryptoAPI weakness (not security vulnerability)
Sell it to Zerodium?harkaz wrote:This is an interesting find I reported to MSRC. It can have a security impact and can be used in local attacks. It requires administrative privileges for system-wide impact and, for this reason, MSRC does not consider this to be a valid security vulnerability. Nevertheless, it would be useful to know about its existence. I believe that Microsoft will eventually prepare a patch for it, but I don't know when (they haven't informed me about a patch schedule only that they appreciate my report).
It's possible to freeze digital signature verification in an infinite loop. This can severely affect many secure communications, UAC and Applocker and AV software. Most antivirus software will fail to detect even known malware.
In addition, integrity-monitoring software may become unresponsive,
Least privilege principle is a must to avoid this flaw. Avoid executing installers and/or using programs/files from people you don't trust.
Video: https://www.youtube.com/watch?v=d1ty35N1ay0
Nobody will buy that right now, since it is disclosed. If they'd like to use it and the vendor does not patch it they are free to go.
Besides that, white and gray markets are not interested in dos 'exploits' (particularly one that requires admin privileges). From a security perspective, it is only useful for malware authors (to increase stealth while in user-mode), but something like that would only sell in the black market for a few bucks (unless combined with a full exploit chain, which would raise the price considerably). Selling in the black market can be rather dangerous, so not really an option.
The only party with a potentially strong interest would be AV companies. I haven't contacted one yet, however.
Besides that, white and gray markets are not interested in dos 'exploits' (particularly one that requires admin privileges). From a security perspective, it is only useful for malware authors (to increase stealth while in user-mode), but something like that would only sell in the black market for a few bucks (unless combined with a full exploit chain, which would raise the price considerably). Selling in the black market can be rather dangerous, so not really an option.
The only party with a potentially strong interest would be AV companies. I haven't contacted one yet, however.
Windows XP Unofficial SP4 (2014, 2016, and 2019): viewtopic.php?t=10321
Non-IT stuff:
Retinal changes in schizophrenia (2019): https://academic.oup.com/schizophreniab ... 06/5598443
Non-IT stuff:
Retinal changes in schizophrenia (2019): https://academic.oup.com/schizophreniab ... 06/5598443