2010-05-30:

CONFidence 2010 slides and original vulnerability advisories

confidence:conference:lecture:windows:security:medium:high
Just a short (almost copy-pasted from j00ru's blog) post with the original advisories of the vulnerabilities we've talked about on CONFidence (and earlier on Hack In The Box Dubai), with slides used by as on the CONFidence conference. The advisories contain most of the technical details we've discussed during the lectures (and some time even more ;>).

A bundle with all the advisories can be downloaded here (864 kB).

If you prefer to download/open single advisories:
* Windows CSRSS Local Privilege Elevation Vulnerability (CVE-2010-0023)
* Windows Kernel Null Pointer Vulnerability (CVE-2010-0234)
* Windows Kernel Symbolic Link Value Vulnerability (CVE-2010-0235)
* Windows Kernel Memory Allocation Vulnerability (CVE-2010-0236)
* Windows Kernel Symbolic link Creation Vulnerability (CVE-2010-0237)
* Windows Kernel Symbolic link Creation Vulnerability (CVE-2010-0237; same as above, Microsoft merged these two into one)
* Windows Kernel Registry Key Vulnerability (CVE-2010-0238)

The slides presented during our lecture can be found here (1.6 MB).

Take care and have fun reading the above :)


Comments:

2010-06-09 16:22:49 = TeachKernel
{
hello:
Firstly, Thank you so much for your Kernel Research.
I'm from China(Mainland). And I am teaching OS Course in a University. I need a Exe file(encrypted or unencrypted) of PoC to demonstrate on my course.
PoC of Windows Kernel Symbolic Link Value Vulnerability (CVE-2010-0235) or Windows Kernel Memory Allocation Vulnerability (CVE-2010-0236).
Thank you so much. 再次感谢。
My Email:tlove111@163.com
}
2010-06-10 23:33:05 = Gynvael Coldwind
{
@TeachKernel
Hi :)
I'm afraid we've decided not to publish the PoC exploits at this moment, sorry ;<
Take care!
}
2010-06-19 11:18:44 = TeachKernel
{
hello Gynvael Coldwind:

You could encrypt the Exe with VM. I only need a Exe to demonstrate. Because I'm not familiar with Kernel Exploit.
The Vulnerability has been disclosed for over Two months.

Thank you so much
My Email:tlove111@163.com
}
2010-06-21 09:39:58 = Gynvael Coldwind
{
@TeachKernel
Hi,

I'm really sorry, but as I've said, the PoC exploits will not be published yet.
If you want to demonstrate a kernel exploit, you can always use Tavis Ormandy's ntvdm exploit, that he released in January (I think you can find the advisory on bugtraq/full disclosure lists; the adv. has a link to PoC if I remember correctly).

Take care!
}

Add a comment:

Nick:
URL (optional):
Math captcha: 10 ∗ 6 + 4 =