Microsoft IE11 vulnerabilidade é mais perigoso do que parecia como Borda navegador também é sensível a ele

Researchers noted strange behavior in Windows 10 that can allow intruders remotely steal files that are stored on hard disks after user opens malware file in Microsoft Edge.

For the first time problem was reported when cybersecurity researcher John Page published information about vulnerability in Microsoft Internet Explorer 11 that allows opening access to files on Microsoft OS. Page also published PoC-code for this bug after Microsoft refused developing a patch.

Contudo, De acordo com Mitja Kolsek, ACROS Security specialist, technological giant underestimated threat of this vulnerability as it manifests not only with outdated IE, but also in modern Edge. Além disso, published by Page exploit can be processed to a version that opens with Edge.

It may be strange, but firstly specialist could not repeat an attack with the use of IE in Windows 7 and could not upload malware MHT-file as Page described it. Though process manager showed that system.ini file that could be stolen was read by script in MHT-file, it was not sent to remote server.

“This looked like a classicmark-of-the-Websituation. When a file is obtained from the Internet, well-behaved Windows applications like Web browsers and email clients add a mark to such [UMA] file in [o] form of an alternate data stream named Zone.Identifier, containing a line ZoneId=3. This allows other applications to know that the file has come from an untrusted source—and should thus be opened in a sandbox or an otherwise limited environment.”, – Kolsek wrote.

According to Kolsek, IE really put a mark on uploaded MHT-file. When investigator tried to upload same file with Edge and open in in IE, exploit worked. After precise analysis expert established that Edge added two notes in access control list that adds right to read a file to some system service.

Como advised Google Project Zero specialist James Foreshaw, added by Edge identifiers are group security identifiers for Microsoft.MicrosoftEdge_8wekyb3d8bbwe PACKET. After removing second line SID S-1-15-2 -* from the list of access control exploit did not work again. Nesse caminho, permission that added Edge allowed missing IE sandbox.

James Forshaw tweet
James Forshaw tweet

More detailed analysis demonstrated that established by Edge permission did not allow Win Api GetZoneFromAlternateDataStreamEx function to read Zone.Indetifier flow and returned an error. Finalmente, IE considered that file does not have mark-of-the-Web mark and sent it to remote server.

Despite additional details about vulnerability, it is unlikely that Microsoft will fix it soon.

We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”, — stated in Microsoft .

In this connection, ACROS Security has released a vulnerability patch, available on the 0remendo platform.

Sobre Trojan Killer

Carry Trojan Killer portátil em seu memory stick. Certifique-se que você é capaz de ajudar o seu PC resistir a quaisquer ameaças cibernéticas onde quer que vá.

Além disso, verifique

Vírus do Facebook - uma campanha de spam moderna.

Vírus do Facebook – uma campanha de spam moderna.

Vírus do Facebook é um nome comum para spam enviado em massa hoje em dia pelo Facebook. …

Golpe de recompensa de assinatura do Google

Golpe de recompensas de assinatura do Google. O que você precisa saber

Se você sabe o que é um site de recompensas de assinatura do Google, nós temos algumas más notícias …

Deixe uma resposta