Windows Security Bypass 10 With One Bit

Namaste! Good Morning,

In the last set of patches from Microsoft for February 2015 was closed not only notorious JASBUG , but also the vulnerability CVE-2015-0057 with the same maximum risk rating (total in the February set three critical bug). 


The vulnerability allows for escalation of privileges to gain complete control over a victim's computer and bypass all security mechanisms Windows. The bug is in the GUI-component core - module Win32k.sys. Namely, in the structure information about the scroll bars in windows on the screen.


There is a function xxxEnableWndSBArrows , which determines whether to display a scroll bar or show the scroll bar. This is where the hidden "bug", which is found by static code analysis. At some point freed memory bits, where he kept the flags of states scrollbars. These bits we use (Use After Free). 

At first glance it seems a minor vulnerability. But if it is right unleash a chain, it's in your hands full control of any system from Redmond. Exploit reliably works in all versions of Windows, from Windows XP and up to 10, with all the included security mechanisms. 

The author believes that the attackers will be successfully exploit this vulnerability for a long time.