Closed GoogleCodeExporter closed 8 years ago
Original comment by fors...@google.com
on 22 Jul 2015 at 7:41
The same technique for bypassing the mount point mitigation was discovered
independently. A write up is available at
http://blogs.360.cn/blog/windows10-mount-point-mitigation-bypass/ although that
version couldn't be used in a heavily restrictive sandbox such as used for
Chrome Renderers.
Requested Microsoft view on the publication of this issue considering the
details are effectively public. As it's being fixed under the 90 day SLA they
requested the issue remain restricted until a fix is available, or the deadline
expires.
Original comment by fors...@google.com
on 30 Sep 2015 at 12:55
Fixed in MS15-111 https://technet.microsoft.com/library/security/MS15-111
Original comment by fors...@google.com
on 13 Oct 2015 at 5:22
Looking at the new kernel it's been fixed by blocking ProcessDeviceMap from a
sandboxed process. Which adds some additional security for any kernel code or
driver. Nice work MSRC.
As this bug has already been publicly disclosed there's no reason to keep is
restricted. Removing the Restrict-View-Commit label.
Original comment by fors...@google.com
on 13 Oct 2015 at 5:52
Original issue reported on code.google.com by
fors...@google.com
on 22 Jul 2015 at 7:09Attachments: