Change ExcellentRanking to GoodRanking for MS14-064 #5560
Conversation
The ms14_064_ole_code_execution exploit's ranking is being lowered to GoodRanking because of these two reasons: 1. The vulnerable component isn't in Internet Explorer. And BES can't check it so the exploit still fires even if the target is patched. 2. Although rare, we've seen the exploit crashing IE, and since this is a memory curruption type of bug, it should not be in Excellent ranking anyway.
|
@wchen-r7 Agree with what you are saying. But just want to point out that at excellent ranking it had an advantage that it was the first exploit used by BAP. And the fact that it could exploit IE4-IE11 was great. Not sure we have another browser exploit for that much wide ranch of IE versions. Anyway, your argument is completely valid. Memory corruption exploits should never be ranked excellent. |
|
@void-in I think even if it's GoodRanking, by default it will probably be tried first anyway against IE assuming you don't have Flash installed. Because all the exploits arranged before that are either Flash or Firefox, one or two Android. |
|
Also, one day, we'll figure out how to automatically bump or lower ranks at runtime. That way if an exploit has been reliable during a test, it should always be tried first. However this is way beyond the scope of the PR (obviously), also last time we checked this is technically not possible w/ Framework :-( ^ That's @jvazquez-r7's brilliant idea btw. |
|
@wchen-r7 Verified now. The BAP delivers ms14_064_ole_code_execution first even with GoodRanking. Also, the os.js patch works flawlessly now. |
|
Thanks @void-in for testing, landing! |
The ms14_064_ole_code_execution exploit's ranking is being lowered to GoodRanking because of these two reasons:
cc @void-in