Connect with us

Hacker News Zero Day

Third Zero-Day Microsoft Vulnerability in Four Months Announced On Twitter

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

Third Zero-Day Microsoft Vulnerability in Four Months Announced On Twitter

Published

4 years ago

on

Third Zero-Day Microsoft Vulnerability in Four Months Announced On Twitter

A security researcher has discovered yet another zero-day vulnerability in Microsoft Windows that allows a user to read in unauthorized locations.

The security researcher, known as SandboxEscaper on Twitter, has released details about the vulnerability that affects ReadFile.exe. The file allows reading data from specific locations.

The same researcher previously disclosed exploits for two other zero-day Windows vulnerabilities. After the exposure, all users were vulnerable to being hacked until Microsoft released a patch.

This new vulnerability could allow a low-privileged user to read the content of any file on a targeted computer. This should only be possible with administrator-level privileges.

The vulnerability resides in the ” “MsiAdvertiseProduct” Windows function.  “MsiAdvertiseProduct” is responsible for generating “an advertise script or advertises a product to the computer and enables the installer to write to a script the registry and shortcut information used to assign or publish a product.”

According to SandboxEscaper, the function can be used to force an installer service into making a copy of any file as SYSTEM privileges and read its corresponding content. This is known as an arbitrary file read vulnerability and is allowed to occur due to improper validation.

 

SandboxEscaper said:

“Even without an enumeration vector, this is still bad news, because a lot of document software, like office, will actually keep files in static locations that contain the full path and file names of recently opened documents..,”

“Thus by reading files like this, you can get filenames of documents created by other users.. the filesystem is a spiderweb and references to user-created files can be found everywhere.. so not having an enumeration bug is not that big of a deal.”

This is the third zero-day Microsoft Windows vulnerability released in the last four months, which isn’t good news for Microsoft, and many people will be wondering how many more are to come.

Related Topics:

Experienced British technology journalist and online reporter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *