Jump to content
Tuts 4 You

Google’s Project Zero discloses Windows 0day that’s been under active exploit


Progman

Recommended Posts

https://arstechnica.com/information-technology/2020/10/googles-project-zero-discloses-windows-0day-thats-been-under-active-exploit/

"

CVE-2020-117087 stems from a buffer overflow in a part of Windows used for cryptographic functions. Its input/output controllers can be used to pipe data into a part of Windows that allows code execution. Friday's post indicated the flaw is in Windows 7 and Windows 10, but made no reference to other versions.

“The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures,” Friday’s Project Zero post said. “It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).” "

Link to comment

I guess for convenience.  They have to have a kernel crypto layer to support things like signed drivers or avoiding key exposure.

They would have to have a redundant copy of all the crypto code in user mode otherwise.  And still if it uses stored passwords or the like, the kernel might offer greater credential protection than administrator privileges.

It's a practical design decision OSes need to make.  But an important one and complicated data structures in the kernel have invariably always had exploits.  The code should be critical system tested with formal proofs.  Certainly security is not done well in consumer hardware or software at all these days.  And probably deliberately.  Makes things more dangerous yet more interesting.

Big surveillance is getting their way still.  Nowadays they can hack the hardware directly if they have a high enough security clearance whether the CPU management system, the chipset, the WiFi chip BIOS, the motherboard BIOS, etc.  But lower down in the system law enforcement agencies will have to that go after the software.  Stuff that can be used in court which is not what spy agencies care about.  They want ever layer to be flawed and allow for a security hierarchy to each get access at the appropriate level.

Even the best leaks we have seen are low down stuff.  Not a single leak of the serious stuff ever in the last century that stuck around at least.  Makes you wonder how sophisticated the technology needed to run an empire in a world where the average person has a PC and smartphone capable of billions of computations per second.  Hovercrafts and teleportation would barely even be enough to hold an empire together based on a power pyramid of corrupt slaves.  Yet here we are

Edited by Progman
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...