Vulnerability Spotlight: M$ doesn't give a f***

General discussion and chat (archived)
User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Vulnerability Spotlight: M$ doesn't give a f***

Unread post by Tomaso » 2017-09-10, 15:09

Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari:
http://blog.talosintelligence.com/2017/ ... ntent.html
Talos has released details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419).
An attacker may be able to exploit the vulnerabilities and bypass the Content Security Policy set by the server which may lead to disclosure of confidential information.
Microsoft stated that this is by design and has declined to patch this issue.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Vulnerability Spotlight: M$ doesn't give a f***

Unread post by Moonchild » 2017-09-10, 15:45

There are three main components to an exploitation attempt: setting the Content-Security-Policy for the browser with "unsafe-inline" directive to allow for inline script code, then using window.open() to open a blank new window, and finally calling the document.write function to write code into the newly created blank window object in order to bypass CSP restrictions put on the document.
'unsafe-inline' is a keyword that has known security implications if code injection is a concern.

Although there are spec rules for initialization of documents[1], by specifying 'unsafe-inline' there would be no safeguard against the execution of code in the original document, and as such it's perfectly within spec to interpret this as to not restrict the policy of a new context that is generated entirely through unrestricted/unsafe in-line code.

[1] https://w3c.github.io/webappsec-csp/#initialize-document-csp
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: Vulnerability Spotlight: M$ doesn't give a f***

Unread post by Tomaso » 2017-09-12, 20:03

Decade-old Windows kernel bug lets hackers bypass security protections:
http://www.zdnet.com/article/decade-old ... otections/
Microsoft said it has no plans to fix the bug.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Vulnerability Spotlight: M$ doesn't give a f***

Unread post by Moonchild » 2017-09-12, 20:12

And once again, if you would actually read the very article you link to, it states:
Our engineers reviewed the information and determined this does not pose a security threat and we do not plan to address it with a security update.
Now, don't get me wrong, I won't defend Microsoft if there's an actual issue, but this media-mongering with half-truths is annoying.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: Vulnerability Spotlight: M$ doesn't give a f***

Unread post by Tomaso » 2017-10-07, 11:25

Microsoft's focus on Windows 10 puts Windows 7 and 8 users at risk (according to Google Project Zero researcher Mateusz Jurczyk):
https://www.ghacks.net/2017/10/07/googl ... s-at-risk/
Microsoft's focus on Windows 10 is quite problematic from a security point of view, considering that all three versions of Windows are still supported by Microsoft, and that Windows 8.1 is still in mainstream support.

RexyDallas

Re: Vulnerability Spotlight: M$ doesn't give a f***

Unread post by RexyDallas » 2017-10-10, 02:04

Tomaso wrote:Microsoft's focus on Windows 10 puts Windows 7 and 8 users at risk (according to Google Project Zero researcher Mateusz Jurczyk):
https://www.ghacks.net/2017/10/07/googl ... s-at-risk/
Microsoft's focus on Windows 10 is quite problematic from a security point of view, considering that all three versions of Windows are still supported by Microsoft, and that Windows 8.1 is still in mainstream support.
Not at all surprising to me, considering the dirty tactics they've already used to get people to upgrade to Windows 10. (for free!!1!11!) Upsetting, but not surprising.

Locked