Hacker discloses unrepaired Microsoft Windows 0-day vulnerabilities

On December 20, a hacker (Evil_Polar_Bear) discloses unrepaired Microsoft Windows 0-day vulnerabilities. It is worth noting that the flaws discovered by this researcher were not submitted to Microsoft. Since the initial disclosure of the vulnerability, it has continued to be open to the public.

Many system-level files are not allowed to operate based on security considerations. Even some system-level folder users will be prompted to have no permissions.

The latest discovered security vulnerability is the use of Microsoft advertising components to achieve the reading of arbitrary files, but fortunately, the potential harm of the vulnerability should not be particularly large.

https://twitter.com/Evil_Polar_Bear/status/1075605011105767424

The name MsiAdvertiseProduct is Microsoft’s advertising component, which Microsoft describes as generating ad scripts and assigning registry and shortcuts, and so on.

The function called by this component will cause the copy of any file to be implemented when the installer is running. This vulnerability can be used by an attacker to read all the files of the system.

Although Microsoft also deploys security policies in this component to check files, the use of race conditions can completely bypass Microsoft’s enforcement security checks.

Compared to other vulnerabilities, this vulnerability can only read arbitrary files but not write them, so the attacker can not use the vulnerability to insert malware.

At the same time, this vulnerability cannot be executed remotely. If you want to use it, you must induce the user to download the executable file for installation.

Therefore, from the current news, the vulnerability effect should not be very large, but for the high-security environment, it is still necessary to pay attention to the risk of file leakage.