Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability-Disclosure with WhyNotWin11 #18

Closed
ed-br opened this issue Jul 10, 2021 · 5 comments
Closed

Vulnerability-Disclosure with WhyNotWin11 #18

ed-br opened this issue Jul 10, 2021 · 5 comments
Labels
awaiting feedback question Further information is requested

Comments

@ed-br
Copy link

ed-br commented Jul 10, 2021

Hi,

i think you should not include the above utility anymore to your app.
It is well known that it has a security leak. The developer has also made it known here and the topic when i mentioned it was immediately closed by the Github moderator, even though it is not fixed

I've opende an issue here rcmaehl/WhyNotWin11#460

You should at least point this out when downloading the app. i will definitely only use yours for now.

Thanks!
Edo
@Belim Belim added the question Further information is requested label Jul 10, 2021
@Belim
Copy link
Member

Belim commented Jul 10, 2021

im not sure i can evaluate that. that's no good at all to me autohotkey, autoit or whatever scripting this is
has any security researcher evaluated the code?

@ed-br
Copy link
Author

ed-br commented Jul 12, 2021

take a look at this german thread from borncity
https://www.borncity.com/blog/2021/06/26/windows-11-kompatibilittstests/

Stefan Kanthak sagt:

  1. Juni 2021 um 08:58
    WhyNotWin11 ist ÜBLER UNSICHERER Schrott, verbrochen von einem offensichtlich völlig ahnungslosen „script kiddie“, das alle Sicherheitsempfehlungen Microsofts zum sicheren Laden von DLLs und Anwendungen ignoriert:
  2. es lädt mehr als ein Dutzend System-DLLs aus seinem „Installations-Verzeichnis“ (bei Otto Normalmissbraucher typischerweise das „Downloads“-Verzeichnis) statt aus dem Windows-System-Verzeichnis C:\Windows\System32 und führt diese mit Administratorrechten aus;
  3. es führt DXDIAG.exe sowie PowerShell.exe aus seinem „Installations-Verzeichnis“ statt dem PATH aus, dummerweise ebenfalls mit Administratorrechten;
  4. es führt eine beliebige DLL aus, dümmsterweise auch mit Administratorrechten,
    d.h. dieser SCHROTT erlaubt „escalation of privilege“.

Diese Anfängerfehler (und wie man sie vermeidet) sind (beispielsweise) unter https://blogs.msdn.microsoft.com/david_leblanc/2008/02/20/dll-preloading-attacks/, https://technet.microsoft.com/en-us/library/2269637.aspx, https://support.microsoft.com/en-us/kb/2389418, https://support.microsoft.com/en-us/kb/2533623, https://blogs.technet.microsoft.com/srd/2014/05/13/load-library-safely/, https://cwe.mitre.org/data/definitions/426.html, https://cwe.mitre.org/data/definitions/427.html, https://capec.mitre.org/data/definitions/471.html dokumentiert.

@Belim
Copy link
Member

Belim commented Jul 13, 2021

🤔 i am waiting for further feedback

This was referenced Jul 14, 2021
Closed
Closed
@Oleg-Chashko
Copy link
Contributor

@Belim
Maybe close the topic if a third-party application is already remote? 🤔

@Belim
Copy link
Member

Belim commented Jul 20, 2021

yup, not our problem anymore https://github.com/builtbybel/ReadySunValley/releases/tag/0.52.1

@Belim Belim closed this as completed Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting feedback question Further information is requested
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Belim @Oleg-Chashko @ed-br