Windows OS has struggled to stay out of the news this year. A PoC for the zero-day bug was released yesterday by SandboxEscaper. The vulnerability stems from an arbitrary file read flaw that could possibly give a regular user admin privileges. A program is also able to take advantage of this flaw and gain access to data on the targeted computer. Since Windows hasn’t gotten involved and patched the vulnerability thus far, it puts users in a tough situation–especially since the proof-of-concept has been released. The cause lies in an improper validation in the “MsiAdvertiseProduct” function. This specific function helps advertise a product to the computer which enables the installer to write script. The researcher who released the PoC said, “Even without an enumeration vector, this is still bad news, because a lot of document software, like office, will actually keep files in static locations that contain the full path and file names of recently opened documents. Thus by reading files like this, you can get filenames of documents created by other users……the filesystem is a spider web and references to user-created files can be found everywhere… so not having an enumeration bug is not that big of a deal.” Don’t expect Microsoft to take long to address this situation.
Analyst Notes
Since a patch has yet to have been released, it is tough to mitigate this type of issue. Until the patch is released it is suggested that users stay aware and be on the lookout for any suspicious activity.
