Zero-day gap: Google publishes errors in the current Windows patch

It does not close the vulnerability as intended. However, in anticipation of a fully functional patch, Google is revealing the technical details of the vulnerability. Under certain circumstances, the vulnerability allows an unauthorized extension of user rights.

Google’s Project Zero has technical details about a vulnerability in Windows 10 made public. The reason given by the security researchers was that of Microsoft Fix released on Tuesday that is said to be incomplete. A further extension of the actual 90-day period is not possible under these circumstances.

Security (Image: Shutterstock)Microsoft actually wanted to close the vulnerability with the identifier CVE-2020-1509 as part of the August patch day. She stretches in Windows 8.1 and newer and Windows Server 2012 and newer. An authenticated attacker can obtain an elevation of rights with the help of a specially designed authentication request to the local security authority (LSASS).

The vulnerability was discovered by Google– Employee James Forshaw. Google’s refusal to extend the embargo may also be based on the fact that Forshaw, assuming that Microsoft’s patch would remove the vulnerability, had already released all technical details including sample code for an exploit. In his report, he also describes the gap as closed, only to add after a few hours: “After an examination, it seems that this has not been completely remedied.”

According to Forshaw, LSASS does not fully enforce enterprise authentication. This means that every UWP app packed into the Windows AppContainer – including such self-developed enterprise apps – should be able to log on to the network with the user’s login data via single sign-on.

According to Microsoft’s documentation, there should be an exception in this regard for organizations that rely on line-of-business applications, but according to the researcher, this exception is not implemented correctly. “If the target is a proxy, authentication is possible even if enterprise authentication is not specified,” said Forshaw.

As a result, an AppContainer can perform network authentication as long as a valid destination is specified. Whether or not the network address is registered as a proxy is irrelevant.

The original 90-day period for the vulnerability expired in late July. Due to Microsoft’s promise to fix the bug in August, Google apparently granted an extension to the August patch day.

To new heights with SkySQL, the ultimate MariaDB cloud

In this webinar we will introduce you to SkySQL, explain the architecture and explain the differences to other systems such as Amazon RDS a. You will also get a glimpse into the product roadmap, a live demo and learn how you can get SkySQL up and running in minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *