Windows Vulnerability Exposes Registry to Attacks
/ 1 min read
🗄️ New Windows vulnerability exposes registry to potential attacks. Gabriel Landau has identified a vulnerability class termed “False File Immutability” that affects the Windows registry, allowing local attackers to execute arbitrary code and bypass Driver Signature Enforcement. The issue arises when privileged applications create memory mappings of files without ensuring that the content remains unchanged, particularly for remote files accessed via SMB. While modern Windows versions implement safeguards for hive data, the Cloud Filter API undermines these protections by allowing unprivileged users to modify write-locked files. This flaw could lead to severe memory safety violations, prompting recommendations for stricter controls on hive loading. A proof-of-concept exploit has been developed, with a 90-day disclosure deadline set for November 25, 2024.
