Guest Posted May 22, 2019 Posted May 22, 2019 https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/ Quote However, ZDNet was told today that, in theory, the zero-day should also work, with some fine-tuning, on all Windows versions -- going back to XP and Server 2003 -- although this might require some testing and further confirmation over the coming days. Can not run. There is no Schtask.exe in System32. In XP, it's mstask.exe.
jaclaz Posted May 22, 2019 Posted May 22, 2019 1 hour ago, Sampei.Nihira said: https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/ Can not run. There is no Schtask.exe in System32. In XP, it's mstask.exe. Sure there is (please read as "you have a "queer XP" ) it is schtasks.exe https://www.robvanderwoude.com/schtasksxp.php and it is the command line program to manage tasks, the whole stuff is then delegated to the related task scheduler service, mstask.exe is windows 9x/Me: https://en.wikipedia.org/wiki/Windows_Task_Scheduler jaclaz
NojusK Posted May 22, 2019 Posted May 22, 2019 (edited) 3 minutes ago, Sampei.Nihira said: Edited May 22, 2019 by Nojus2001
Guest Posted May 22, 2019 Posted May 22, 2019 (edited) In my opinion in XP Home the file is absent. My PC with XP Home is therefore safe from the exploit. Edited May 22, 2019 by Sampei.Nihira
jaclaz Posted May 24, 2019 Posted May 24, 2019 On 5/22/2019 at 8:56 PM, Sampei.Nihira said: In my opinion in XP Home the file is absent. My PC with XP Home is therefore safe from the exploit. Yes, it is not in Home edition. jaclaz
Windows 2000 Posted May 24, 2019 Posted May 24, 2019 On 5/23/2019 at 1:49 AM, FranceBB said: Yep, in Windows XP Professional is there: It seems to also be present in Windows XP x64 Professional.
i430VX Posted May 24, 2019 Posted May 24, 2019 I disabled the task scheduler service and deleted all the tasks. Does this mitigate the vulnerability?
Tripredacus Posted May 24, 2019 Posted May 24, 2019 I'm not sure if this counts as a bug in XP or in Windows 10. The PoC uses schtasks.exe and schedsvc.dll from a Windows XP system on a Windows 10 system. Files from XP work on Windows 10, but when they do, they use priveledge escalation. https://web.archive.org/web/20190522011933/https://github.com/SandboxEscaper/polarbearrepo/tree/master/bearlpe 1
Guest Posted May 24, 2019 Posted May 24, 2019 (edited) A possible future vulnerability based on that code. It may be that it doesn't even work on Windows XP. Interesting is the possibility offered by Novirusthanks OSA which has 2 specific rules: Edited May 24, 2019 by Sampei.Nihira
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now