Coffeehouse Post

Single Post Permalink

View Thread: Most serious Windows Exploit in recent memory...
  • User profile image

    , evildictait​or wrote


    Well apart from the word "exploitable" in Microsoft security advisories covers a whole bunch of not practically exploitable bugs in real life. For this particular bug the attacker would need to:

    a) Have access to the UDP port in question, which is not a normally allowed UDP port
    b) Have a different ASLR bypass bug in order to use the bug for anything other than a denial of service
    c) Is also subject to a race-condition with anything else happening on that UDP port.

    This bug would take a pretty good exploit writer a small while to turn around, but if all three of those things did manage to happen, then perhaps an attacker would be able to run shellcode in kernel space (which is bad), but again if you have anti-virus software installed it'll pick up anything but the most bespoke rootkits.

    Also, kernel bugs aren't all that uncommon (in Microsoft or indeed any other OS - every IPhone jailbreak is a linux kernel exploit for example), so I think you're overblowing this one a little bit.

    Where did you find that level of detail (a, b, and c)?