I think the key here prob. is the attack vector - MSRC prob. think “double-clicking on a non-MOTW local mht file” isn’t a valid vector, as there maybe bigger/known problems if you open non-MOTW mht file locally with IE.https://twitter.com/wdormann/status/1116691419673047042 …
-
-
Wow! I just also confirmed this! You've gone so wild, Edge! (Thanks
@mkolsek for this finding). -
Now I recall that the only time it worked is I used Edge to download the mht file.. Who thought it could be different, hmm..
End of conversation
New conversation -
-
-
Now remove the S-1-15-2 ACL and see that the exploit stops working :)
-
Important question: Are there programs other than IE that run with low integrity on Windows? It would any such application will not benefit from any MoTW marking.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.