I think the key here prob. is the attack vector - MSRC prob. think “double-clicking on a non-MOTW local mht file” isn’t a valid vector, as there maybe bigger/known problems if you open non-MOTW mht file locally with IE.https://twitter.com/wdormann/status/1116691419673047042 …
-
-
Hmmm, wait.. even more weird.. I just tested on another one of my Windows 10 box, the MoTW is a vector on that machine - no system.ini leak only datatears.xml access... It seems that the conclusion is still far to be made.
-
Guys, I may be able to clear this up a little. It seems that Edge puts two additional ACL entries to the saved file, both with undocumented SIDs, one of which prevents Low Integrity processes from accessing the file. I guess some undocumented feature...
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.