Bypassing Windows 10’s protections using a single bit

Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated exploitable vulnerability which we responsibly disclosed to Microsoft a few months ago. As part of our research, we revealed this privilege escalation vulnerability which, if exploited, enables a threat actor to complete control of a Windows machine. In other words, a threat actor that gains access to a Windows machine (say, through a phishing campaign) can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization.

Interestingly, the exploit requires modifying only a single bit of the Windows operating system.

Fascinating.

20 Comments

  1. 2015-02-11 4:58 pm
    • 2015-02-11 5:09 pm
      • 2015-02-11 5:43 pm
      • 2015-02-11 6:11 pm
      • 2015-02-12 9:51 am
    • 2015-02-11 5:42 pm
    • 2015-02-12 10:00 am
      • 2015-02-12 1:19 pm
  2. 2015-02-11 5:56 pm
    • 2015-02-11 7:31 pm
  3. 2015-02-11 6:30 pm
  4. 2015-02-11 7:37 pm
    • 2015-02-11 8:53 pm
      • 2015-02-11 10:38 pm
      • 2015-02-12 1:05 pm
  5. 2015-02-11 7:59 pm
  6. 2015-02-11 8:59 pm
    • 2015-02-11 10:35 pm
      • 2015-02-12 6:08 am
  7. 2015-02-12 2:25 am