» 뉴스 » Microsoft IE11 vulnerability is more dangerous than it seemed as browser Edge is also sensitive to it

Microsoft IE11 vulnerability is more dangerous than it seemed as browser Edge is also sensitive to it

Researchers noted strange behavior in Windows 10 that can allow intruders remotely steal files that are stored on hard disks after user opens malware file in Microsoft Edge.

에프or the first time problem was reported when cybersecurity researcher John Page published information about vulnerability in Microsoft Internet Explorer 11 that allows opening access to files on Microsoft OS. Page also published PoC-code for this bug after Microsoft refused developing a patch.

하나, 에 따라 Mitja Kolsek, ACROS Security specialist, technological giant underestimated threat of this vulnerability as it manifests not only with outdated IE, but also in modern Edge. 그 위에, published by Page exploit can be processed to a version that opens with Edge.

It may be strange, but firstly specialist could not repeat an attack with the use of IE in Windows 7 and could not upload malware MHT-file as Page described it. Though process manager showed that system.ini file that could be stolen was read by script in MHT-file, it was not sent to remote server.

“This looked like a classicmark-of-the-Websituation. When a file is obtained from the Internet, well-behaved Windows applications like Web browsers and email clients add a mark to such [에이] file in [그만큼] form of an alternate data stream named Zone.Identifier, containing a line ZoneId=3. This allows other applications to know that the file has come from an untrusted source—and should thus be opened in a sandbox or an otherwise limited environment.”, – Kolsek wrote.

According to Kolsek, IE really put a mark on uploaded MHT-file. When investigator tried to upload same file with Edge and open in in IE, exploit worked. After precise analysis expert established that Edge added two notes in access control list that adds right to read a file to some system service.

독서  해커 절반 이상 올해는 마이크로 소프트 메일 링 서비스 사용자의 대응에 접근했다

As advised Google Project Zero specialist James Foreshaw, added by Edge identifiers are group security identifiers for Microsoft.MicrosoftEdge_8wekyb3d8bbwe PACKET. After removing second line SID S-1-15-2 -* from the list of access control exploit did not work again. 이런 식으로, permission that added Edge allowed missing IE sandbox.

James Forshaw tweet
James Forshaw tweet

More detailed analysis demonstrated that established by Edge permission did not allow Win Api GetZoneFromAlternateDataStreamEx function to read Zone.Indetifier flow and returned an error. 최종적으로, IE considered that file does not have mark-of-the-Web mark and sent it to remote server.

Despite additional details about vulnerability, it is unlikely that Microsoft will fix it soon.

We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”, — stated in Microsoft .

In this connection, ACROS Security has released a vulnerability patch, available on the 0Patch platform.

[합계: 1    평균: 5/5]

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

존알람은 vBulletin에 취약점과 해킹

ZoneAlarm을 포럼으로 인해 vBulletin에 취약점을 해킹

존알람에서 포럼, 체크 포인트의 소유이며, 그 제품이 사용되는 …

웹엑스 초대에 RAT 트로이 목마

범죄자들은 ​​웹엑스 초대에 RAT 트로이 목마에 대한 링크를 제공

정보 보안 전문가 알렉스 Lanstein는 RAT의 분포에 대한 원래의 벡터를 발견 …

회신을 남겨주