BlueHat IL 2020 - Gal De Leon - Exploiting Errors in Windows Error Reporting скачать в хорошем качестве

BlueHat IL 2020 - Gal De Leon - Exploiting Errors in Windows Error Reporting

One of the most common types of vulnerabilities fixed in the last year or so in Microsoft Windows was insecure files access. These types of vulnerabilities represent a range of issues, where a privileged component such as a system service access files with no correct use of impersonation. Using different types of file system links, these bugs can be abused to escalate privileges. I discovered many vulnerabilities of this type in Windows Error Reporting (WER) suite. WER is a flexible event-based feedback infrastructure designed to gather information about hardware and software problems that Windows can detect, report the information to Microsoft, and provide users with any available solution. However, the way WER is designed is prone to insecure files access issues. The vulnerabilities I discovered are assigned CVE-2019-1374, CVE-2019-1319, CVE-2019-1342, CVE-2019-1037, CVE-2019-0863. In this talk I will give an overview of how WER works. Next, I’ll discuss these types of bugs and the common methods to exploit them. Lastly, I’ll go into the details of some of the vulnerabilities I discovered.​