fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows 10 Sandbox Activation Enables Zero-Day Vulnerability

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj?si=nytzAjvSR4qBqTbLP6pgKA

Windows 10 Sandbox Activation Enables Zero-Day Vulnerability

A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system.

Exploiting the flaw is trivial and attackers can use it to further their attack after initial infection of the target host, albeit it works only on machines with Hyper-V feature enabled.

 

Easy-peasy privilege escalation

Reverse engineer Jonas Lykkegaard posted last week a tweet showing how an unprivileged user can create an arbitrary file in ‘system32,’ a restricted folder holding vital files for Windows operating system and installed software.

However, this works only if Hyper-V is already active, something that limits the range of targets since the option is disabled by default and is present in Windows 10 Pro, Enterprise, and Education.

Hyper-V is Microsoft’s solution to creating virtual machines (VM) on Windows 10. Depending on the physical resources available on the host, it can run at least three virtual instances.

Given sufficient hardware resources, Hyper-V can run large VMs with 32 processors and 512GB of RAM. An average user user may not have a use for such a virtual machine but they may run Windows Sandbox, an isolated environment for executing programs or loading websites that are not trusted, without risking to infect the normal Windows operating system.

Microsoft introduced Windows Sandbox with the May 2019 Update, in Windows 10 version 1903. Turning on this feature automatically enables Hyper-V.

To demonstrate the vulnerability, Lykkegaard created in \system32 an empty file named phoneinfo.dll. Making any changes in this location requires elevated privileges but these restrictions are irrelevant when Hyper-V is active.

source: Jonas Lykkegaard

Since the creator of the file is also the owner, an attacker can use this to place malicious code inside that would be execute with elevated privileges when needed.

CERT/CC vulnerability analyst Will Dormann confirmed that the vulnerability exists and that exploiting it requires literally no effort from an attacker on the host.

The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service Provider), a server-side Hyper-V component.

Also read: Website Ownership Laws: Your Rights And What It Protects

 

Low reward for bug report

Although this vulnerability is easy to exploit there are more dangerous issues in Windows 10 that Microsoft should address. This is one reason he decided to make it public and not report it through Microsoft’s bug bounty program.

Lykkegaard pointed BleepingComputer to a thread with the vulnerabilities he found and told us that one of the worst bugs he reported allowed manipulating UEFI (Unified Extensible Firmware Interface) applications – bootloaders, operating system kernel – that reside as files on the EFI partition.

He says that Microsoft’s recent slash of rewards for high-severity privilege escalation bugs from $20,000 to $2,000 also contributed to sharing the issue publicly since the effort simply is no longer worth it.

“Until now, I have always submitted my findings to MS and waited till they were patched, but with the recent bounty change it is not worth it,” Lykkegaard told us.

However, he would still make the effort to find and report this kind of bugs in Windows, and gladly so, if Microsoft offered him the choice of taking the lower reward or opt for a larger donation from the company to a project that contributed to the education of less fortunate children, such as One Laptop per Child.

Also read: 5 Self Assessment Tools To Find The Right Professional Fit

https://www.youtube.com/watch?v=30eI59FlBdk

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us