Vulnerability Spotlight: M$ doesn't give a f***

General discussion area and chat

Moderators: Indalecio, satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
Tomaso
Astronaut
Astronaut
Posts: 666
Joined: Thu Jul 23, 2015 4:09 pm
Location: Norway

Vulnerability Spotlight: M$ doesn't give a f***

Postby Tomaso » Sun Sep 10, 2017 3:09 pm

Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari:
http://blog.talosintelligence.com/2017/ ... ntent.html
Talos has released details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419).
An attacker may be able to exploit the vulnerabilities and bypass the Content Security Policy set by the server which may lead to disclosure of confidential information.
Microsoft stated that this is by design and has declined to patch this issue.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19679
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Vulnerability Spotlight: M$ doesn't give a f***

Postby Moonchild » Sun Sep 10, 2017 3:45 pm

There are three main components to an exploitation attempt: setting the Content-Security-Policy for the browser with "unsafe-inline" directive to allow for inline script code, then using window.open() to open a blank new window, and finally calling the document.write function to write code into the newly created blank window object in order to bypass CSP restrictions put on the document.


'unsafe-inline' is a keyword that has known security implications if code injection is a concern.

Although there are spec rules for initialization of documents[1], by specifying 'unsafe-inline' there would be no safeguard against the execution of code in the original document, and as such it's perfectly within spec to interpret this as to not restrict the policy of a new context that is generated entirely through unrestricted/unsafe in-line code.

[1] https://w3c.github.io/webappsec-csp/#initialize-document-csp
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

User avatar
Tomaso
Astronaut
Astronaut
Posts: 666
Joined: Thu Jul 23, 2015 4:09 pm
Location: Norway

Re: Vulnerability Spotlight: M$ doesn't give a f***

Postby Tomaso » Tue Sep 12, 2017 8:03 pm

Decade-old Windows kernel bug lets hackers bypass security protections:
http://www.zdnet.com/article/decade-old ... otections/
Microsoft said it has no plans to fix the bug.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19679
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Vulnerability Spotlight: M$ doesn't give a f***

Postby Moonchild » Tue Sep 12, 2017 8:12 pm

And once again, if you would actually read the very article you link to, it states:
Our engineers reviewed the information and determined this does not pose a security threat and we do not plan to address it with a security update.


Now, don't get me wrong, I won't defend Microsoft if there's an actual issue, but this media-mongering with half-truths is annoying.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.
Image

User avatar
Tomaso
Astronaut
Astronaut
Posts: 666
Joined: Thu Jul 23, 2015 4:09 pm
Location: Norway

Re: Vulnerability Spotlight: M$ doesn't give a f***

Postby Tomaso » Sat Oct 07, 2017 11:25 am

Microsoft's focus on Windows 10 puts Windows 7 and 8 users at risk (according to Google Project Zero researcher Mateusz Jurczyk):
https://www.ghacks.net/2017/10/07/googl ... s-at-risk/
Microsoft's focus on Windows 10 is quite problematic from a security point of view, considering that all three versions of Windows are still supported by Microsoft, and that Windows 8.1 is still in mainstream support.

RexyDallas
Hobby Astronomer
Hobby Astronomer
Posts: 19
Joined: Mon Sep 18, 2017 12:14 am

Re: Vulnerability Spotlight: M$ doesn't give a f***

Postby RexyDallas » Tue Oct 10, 2017 2:04 am

Tomaso wrote:Microsoft's focus on Windows 10 puts Windows 7 and 8 users at risk (according to Google Project Zero researcher Mateusz Jurczyk):
https://www.ghacks.net/2017/10/07/googl ... s-at-risk/
Microsoft's focus on Windows 10 is quite problematic from a security point of view, considering that all three versions of Windows are still supported by Microsoft, and that Windows 8.1 is still in mainstream support.

Not at all surprising to me, considering the dirty tactics they've already used to get people to upgrade to Windows 10. (for free!!1!11!) Upsetting, but not surprising.


Return to “General discussion”

Who is online

Users browsing this forum: Yahoo [Bot] and 6 guests