C:\ProgramData is where "secure" SYSTEM processes go to die.
-
-
Replying to @enigma0x3
Will Dormann Retweeted Will Dormann
Will Dormann added,
Will Dormann @wdormannCisco Webex has a service that runs with LocalSystem privileges, yet the directory and EXE are both writable by a normal user. LPE! https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe … You can check your systems for similar vulnerabilities using a python script that I put together: https://gist.github.com/wdormann/db533d84df57a70e9580a6a2127e33bb … pic.twitter.com/jB01CaTa8p2 replies 2 retweets 0 likes -
Replying to @wdormann
Yikes...typically I see DACL overwrites on log files, but running service binaries from there with no lockdown is bad..
1 reply 0 retweets 1 like
Replying to @enigma0x3
Program Files is OK because software installed there gets sane ACLs by default through inheritance. ProgramData, on the other hand, requires that the installed software explicitly do the sane thing. So yeah, ProgramData is where the dragons live.
6:50 AM - 25 Jun 2019
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.