Closed SAERXCIT closed 3 years ago
Hi! I used your code as a base once again. I consider this more as an "Info" check because it's not a vulnerability per se. The actual vulnerability lies in the drivers (or more precisely the Co-Installers) that are installed. Thanks again for your work! :clap:
Hi !
Just a small PR adding a new check for the
DisableCoInstallers
registry key, as explained by Will Dormann (https://twitter.com/wdormann/status/1432703702079508480).TLDR: if this key is absent or disabled, a non-privileged user might be able to run arbitrary code with SYSTEM privileges by plugging a device automatically installing vulnerable software along with its driver.
I havent actually tried this vector so there might be some missing specificities though :upside_down_face:
Cheers !