Windows operating systems security from XP to current version Window 10 can be bypassed with a single bit
Microsoft on Tuesday released privilege escalation vulnerability in its security bulletins which according to researchers, can be exploited by malicious actors to bypass all the security measures in Windows operating system by modifying a single bit.
Microsoft says that an attacker who manages to log in to the targeted system can โgain elevated privileges and read arbitrary amounts of kernel memory,โ which would allow them to install software, view and change data, and create new accounts with full administrative rights.
Udi Yavo, the chief technology officer at the security firm Ensile says that โThe vulnerability (CVE-2015-0057) is rated as โimportant,โ which could give attackers total control of the victimsโ machines.โ
Yavo further said that โA threat actor that gains access to a Windows machine (say, through a phishing campaign) can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization.โ
Yavo continued, “Interestingly, the exploit requires modifying only a single bit of the Windows operating system.”
The flaw existed in the graphical user interface (GUI) component of theย Win32k.sysย module within the Windows Kernel which, among other things, manages vertical and horizontal Windowsโ scroll bars. The flaw actually resides in theย xxxEnableWndSBArrowsย function which could alter the state of both scroll bars through a call.
The exploit works on all versions of the operating system, from Windows XP to the 64-bit version of the latest Windows 10 Technical Preview (with protections enabled). The attack method can be used to bypass kernel protections such as Kernel Data Execution Prevention (DEP), Kernel Address Space Layout Randomization (KASLR), Mandatory Integrity Control (MIC), Supervisor Mode Execution Protection (SMEP), and NULL deference protection, the researcher said.
โWe have shown that even a minor bug can be used to gain complete control over any Windows Operating System,โ Yavo said. He also commented that Microsoft efforts to make the its operating system more secure has raised the bar significantly and made writing reliable exploits far harder than before. Unfortunately, these methods are not going to stop attackers. We predict that attackers will continue incorporating exploits into their crime kits, making compromise inevitable.โ
Th researchers have also published a PoC video demonstrating the vulnerability, though it doesn’t actually disclose any sensitive code, but shows the privilege escalation exploitation on a machine running 64-bit Windows 10 Technical Preview.
Microsoftโs patch issues are nothing new,before this, In January, Bromium security researcher Jared DeMott demonstrated that the Heap Isolation and Delay Free mitigations can beย bypassed.
CVE-2015-0057 is not the only interesting vulnerability patched by Microsoft on Tuesday. The company has also released updates for a critical remote code execution flaw (CVE-2015-0008) caused due to the way Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. On the other hand, Microsoft still hasnโt addressed a recently disclosed universal cross-site scripting (UXSS) vulnerability affecting Internet Explorer.