Lock screen/Bitlocker bypass/elevation of privilege in Bitlockerhttps://docs.google.com/document/d/1S4jU7knBG_Km_AdHXf8JyE8zl0SOxQ9VvYFPanQy1g8/edit?usp=sharing …
-
So these have (or will have) a CVE ID?
Bitlocker do, the group policy ms claims is the same vuln as this: https://securityboulevard.com/2020/06/group-policies-going-rogue/ … Because they fixed it by moving %USERPROFILE%/ntuser.pol and C:\Users\user\AppData\Local\Microsoft\Group Policy\History\ to another path- even though ntuser.pol is 100% irrevant for the oth
-
-
as that makes 0 sence I hereby invent my own tracking referene system for it and assigns it 4234-WTF. now at least it have another id then the totally unrelated vulnerability disovered by Eran
-
How long do you think it took to make that group policy exploit? Finding the right vulnerabilitis to chain to make it all work. But because another vuln took 1 year to fix- the service was in a state where all submissions are waste of time for researchers.
End of conversation
New conversation -
-
-
#CVE-2020-1317 seems to have been the "big" collector for all GP policies issues. I found a couple of other vulns in GP processing which also fall into CVE-2020-1317 -
WTF- change enough and all vulns stop working, why not just replace diagnostrig tracking service exe with windows error reporting service exe? All vulns fixed! How many WTF ids do you need assigned?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.