Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Sampei.Nihira

Windows 10 zero-day exploit code released online

Recommended Posts

https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/

 

Quote

However, ZDNet was told today that, in theory, the zero-day should also work, with some fine-tuning, on all Windows versions -- going back to XP and Server 2003 -- although this might require some testing and further confirmation over the coming days.

Can not run.

There is no Schtask.exe in System32.

In XP, it's mstask.exe.

Share this post


Link to post
Share on other sites

1 hour ago, Sampei.Nihira said:

https://www.zdnet.com/article/windows-10-zero-day-exploit-code-released-online/

 

Can not run.

There is no Schtask.exe in System32.

In XP, it's mstask.exe.

Sure there is (please read as "you have a "queer XP" :w00t:)

it is schtasks.exe

https://www.robvanderwoude.com/schtasksxp.php

and it is the command line program to manage tasks, the whole stuff is then delegated to the related task scheduler service, mstask.exe is windows 9x/Me:

https://en.wikipedia.org/wiki/Windows_Task_Scheduler

jaclaz

 

 

Share this post


Link to post
Share on other sites
Posted (edited)
3 minutes ago, Sampei.Nihira said:

ldNLlhkZ_o.jpg

QLbGrB2.png

:)

Edited by Nojus2001

Share this post


Link to post
Share on other sites
Posted (edited)

In my opinion in XP Home the file is absent.

My PC with XP Home is therefore safe from the exploit.

 

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites

Yep, in Windows XP Professional is there:

Q7612D8.png

  • Like 2

Share this post


Link to post
Share on other sites
On 5/22/2019 at 8:56 PM, Sampei.Nihira said:

In my opinion in XP Home the file is absent.

My PC with XP Home is therefore safe from the exploit.

 

Yes, it is not in Home edition.

jaclaz

Share this post


Link to post
Share on other sites
On 5/23/2019 at 1:49 AM, FranceBB said:

Yep, in Windows XP Professional is there:

Q7612D8.png

It seems to also be present in Windows XP x64 Professional.

Share this post


Link to post
Share on other sites

I disabled the task scheduler service and deleted all the tasks. Does this mitigate the vulnerability?image.png.617e30824d78ba4e4f4adcf7ef280fa9.png

Share this post


Link to post
Share on other sites

I'm not sure if this counts as a bug in XP or in Windows 10. The PoC uses schtasks.exe and schedsvc.dll from a Windows XP system on a Windows 10 system. Files from XP work on Windows 10, but when they do, they use priveledge escalation.

https://web.archive.org/web/20190522011933/https://github.com/SandboxEscaper/polarbearrepo/tree/master/bearlpe

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

A possible future vulnerability based on that code.

It may be that it doesn't even work on Windows XP.;)

Interesting is the possibility offered by Novirusthanks OSA which has 2 specific rules:

Ab9fSRK6_o.jpg

Edited by Sampei.Nihira
  • Like 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...