I'm publishing some
research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation.
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html …
My understanding is that the ALPC component is core to CTF exploitation. So if Microsoft "Fixed" ALPC, then perhaps all of the CTF attacks as outlined may be neutered. Personally, I don't know enough about CTF nor what Microsoft changed in ALPC to know this for sure.
-
-
For example, compare the output of the July patch level vs. August patch level with the ctftool.exe output. As of August, you can't even enumerate connected clients. To me, that seems like a non-starter.pic.twitter.com/vND5KbBz1f
-
I think it stopped working because they changed the connection message format (it has to match or the server won't accept the connection). That can be fixed, and then the edit session attacks should still work. I don't really know why they called it an "ALPC" bug.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.