Security News > 2020 > April > Researcher Finds New Class of Windows Vulnerabilities

Researcher Finds New Class of Windows Vulnerabilities
2020-04-02 19:35

A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges.

The researcher tested the flaws on a guest account on the latest Windows Insider Preview, which was updated last in September 2019.

Essentially, the attack ensures that victim child windows are destroyed alongside the target window object.

"In our attack, we found a way to create a situation where the parent window will be gone in the ThreadUnlock function, that's done simply by exploiting the fact that the kernel calls back to user-mode in the window creation routine and we destroy the parent window from user-mode, even though the parent window is locked," the researcher explains.

The researcher explains that the TypeIsolation mitigation technique in Windows 10 makes exploitation of some of these issues more difficult, but notes that targeting older Windows iterations with the same object type is still fully viable.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/_HIP_AKTDmY/researcher-finds-new-class-windows-vulnerabilities