My Windows Hub

Google researcher publishes unpatched Windows 8.1 security vulnerability

Google researcher had recently unpatched Windows 8.1 security vulnerability. The researcher writes with the name “Forshaw” where he mentioned that the researcher has waited for about a month after informing people of the vulnerability. After a month or so, When Forshow found that no action has been taken by Microsoft yet, then Forshow had unveiled the ways to exploit the loop-hole in security. ahcache.sys/NtApphelpCacheControl and there is a demo application that can launch calc.exe using the method. An elevation of privilege has been allowed in ahcache.sys/NtApphelpCacheControl. A demo application is there that can launch calc.exe using the method.

Google researcher publishes unpatched Windows 8.1 security vulnerability

Windows 7 is not affected by this change. According to the report, you can check the following steps:

1) Put the AppCompatCache.exe and Testdll.dll on disk
2) Ensure that UAC is enabled, the current user is a split-token admin and the UAC setting is the default (no prompt for specific executables).
3) Execute AppCompatCache from the command prompt with the command line “AppCompatCache.exe c:\windows\system32\ComputerDefaults.exe testdll.dll”.
4) If successful then the calculator should appear running as an administrator. If it doesn’t work first time (and you get the ComputerDefaults program) re-run the exploit from 3, there seems to be a caching/timing issue sometimes on first run.

About 

Nick is a Software Engineer. He has interest in gadgets and technical stuffs. If you are facing any problem with your Windows, feel free to ask him.



 
Comments