SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
23 Feb 2017

Google discloses unpatched Microsoft vulnerability

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory.

The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day disclosure deadline policy Google Project Zero publicly disclosed the the bug Monday.

“As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we’ve discovered that not all of the DIB-related problems are gone,” wrote Google engineer Mateusz Jurczyk in a technical description of the vulnerability. Despite notification of the bug, the soonest Microsoft might release a patch for the flaw is in March; Microsoft decided to delay its monthly February security bulletins until next month.

The flaw is tied to Windows’ GDI library (gdi32.dll), Jurczyk said. In a proof-of-concept exploit, multiple bugs related to the handling of DIBs (Device Independent Bitmaps) embedded in EMF (Enhanced Metafile Format) records created conditions where “255 pixels are drawn based on junk heap data, which may include sensitive information, such as private user data or information about the virtual address space.”

“It is possible to disclose uninitialised or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker,” Jurczyk said. “I have confirmed that the vulnerability reproduces both locally in Internet Explorer, and remotely in Office Online, via a .docx document containing the specially crafted EMF file.”

Google Project Zero, the internet giant’s bug hunting team, privately disclosed the vulnerability to Microsoft on Nov. 16. As part of Project Zero’s policy, it will notify parties of a vulnerability and after 90 days elapses the vulnerabilities become public – whether or not they have been patched by the company in question. Microsoft did not reply to requests for comment.

Microsoft originally issued a patch classified as “important” in June to address the vulnerability. At the time, Microsoft described it as a bug that could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website. According to MITRE’s Common Vulnerabilities and Exposure database, the flaw (CVE-2017-0038) is a result of “an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.”  According to the CVE ID, impacted are Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016.

“It is strongly advised to perform a careful audit of all EMF record handlers responsible for dealing with DIBs, in order to make sure that each of them correctly enforces all four conditions necessary to prevent invalid memory access (and subsequent memory disclosure) while processing the bitmaps,” Jurczyk wrote.

Tags:
Microsoft Google information leaks
Source:
Threatpost
2171
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015