Windows: Creating Hardlinks Doesn't Require Write Permissions to the Target

[GoogleCodeExporter]

Microsoft requested I removed information from a public presentation that you 
can create NTFS hardlinks without needing write permissions on the target file. 
Their view is they want to fix this, at the least to prevent its abuse in 
sandboxed applications so a case has been set up to track the issue. It's still 
under the normal 90 day SLA.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by fors...@google.com on 14 Sep 2015 at 11:01

[GoogleCodeExporter]

Microsoft have confirmed they've reproduced the issue.

Original comment by fors...@google.com on 18 Sep 2015 at 10:44

[GoogleCodeExporter]

Fixed in MS15-115 
https://technet.microsoft.com/en-us/library/security/MS15-115. Microsoft have 
removed the ability to use this trick from sandboxed processes.

Original comment by fors...@google.com on 17 Nov 2015 at 11:22

• Changed state: Fixed
• Added labels: CVE-2015-6113
• Removed labels: Restrict-View-Commit