search

itm4n / PrivescCheck

Privilege Escalation Enumeration Script for Windows
BSD 3-Clause "New" or "Revised" License
2.91k stars 422 forks source link

Add check for the DisableCoInstallers registry key #26

Closed SAERXCIT closed 3 years ago

SAERXCIT commented 3 years ago

Hi !

Just a small PR adding a new check for the DisableCoInstallers registry key, as explained by Will Dormann (https://twitter.com/wdormann/status/1432703702079508480).

TLDR: if this key is absent or disabled, a non-privileged user might be able to run arbitrary code with SYSTEM privileges by plugging a device automatically installing vulnerable software along with its driver.

I havent actually tried this vector so there might be some missing specificities though :upside_down_face:

Cheers !

itm4n commented 3 years ago

Hi! I used your code as a base once again. I consider this more as an "Info" check because it's not a vulnerability per se. The actual vulnerability lies in the drivers (or more precisely the Co-Installers) that are installed. Thanks again for your work! :clap: