{"id":135,"date":"2015-01-15T23:47:00","date_gmt":"2015-01-15T23:47:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=135"},"modified":"2015-01-17T22:47:59","modified_gmt":"2015-01-17T22:47:59","slug":"google-reveals-third-windows-78-1-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2015\/01\/15\/google-reveals-third-windows-78-1-zero-day-vulnerability\/","title":{"rendered":"Google reveals third Windows 7\/8.1 zero-day vulnerability"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" align=\"left\" height=\"58\">Google has revealed this month another unpatched zero-day vulnerability in Windows 7 and Windows 8.1. This is the third time, Google refuses Microsoft's call for a more flexible vulnerability disclosure deadline.<\/p>\n<p><!--more--><\/p>\n<p>The vulnerability was <a href=\"https:\/\/code.google.com\/p\/google-security-research\/issues\/detail?id=128\" target=\"_blank\">documented as issue 128<\/a> from Google security research and the zero-day exploit is confirmed working for Windows 7 and even Windows 8.1. The zero-day exploit allows an application to encrypt memory for one of three scenarios, process, logon session and computer. According to Google's issue tracker, the logon session option (CRYPTPROTECTMEMORY_SAME_LOGON flag) generates the encryption key based on the logon session identifier. This is for sharing memory between processes running within the same logon. <\/p>\n<p>The implementation in CNG.sys doesn't check the impersonation level of the token when capturing the logon session id (using SeQueryAuthenticationIdToken). So a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session.<\/p>\n<p>Microsoft has confirmed this vulnerabilty on Jan 12th, but needed further confirmation. They planned to release a fix during January 2015 patchday, but it has postphoned due to compatibility issues to February 2015. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google has revealed this month another unpatched zero-day vulnerability in Windows 7 and Windows 8.1. This is the third time, Google refuses Microsoft's call for a more flexible vulnerability disclosure deadline.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[17,23,67],"class_list":["post-135","post","type-post","status-publish","format-standard","hentry","category-windows","tag-windows-7","tag-windows-8-1","tag-zero-day-vulnerability"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}