I've confirmed that this works well in a fully-patched 64-bit Windows 10 system. LPE right to SYSTEM! https://twitter.com/SandboxEscaper/status/1034125195148255235 …
-
This Tweet is unavailable.Show this thread
-
I've published: https://www.kb.cert.org/vuls/id/906424 I'm currently unaware of any workarounds.
8 replies 17 retweets 44 likesShow this thread -
I can't imagine too many people are interested, but I can confirm that with minor tweaks the public exploit code for the Windows Task Manager ALPC vul works on 32-bit Windows 10 as well.pic.twitter.com/1pf2JU6D2o
4 replies 23 retweets 42 likesShow this thread -
But my systems have antivirus! With AI and heuristics and stuff... Get real. https://www.virustotal.com/#/file/81a4dbf1132e6cb43f45b803b8f46e85cb9d3a60dbe560762f4cc49461758641/detection …pic.twitter.com/cRKKrFIudw
2 replies 3 retweets 11 likesShow this thread -
SYSTEM code execution on Windows 7. Just for fun.pic.twitter.com/Fx7nMYK1rJ
3 replies 6 retweets 8 likesShow this thread -
Replying to @wdormann
bugs involving DACL changes are the best bugs. A Procmon filter on “SetSecurityFile” for “DACL: Unprotected” is especially the best :-)
1 reply 1 retweet 4 likes
Indeed. And here we have the recent ByeBear exploit using Windows AppX Deployment Service to set DACL: Unprotected to a hard-linked file (to c:\windows\win.ini in this case).pic.twitter.com/lMKl25w7H4
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.