Discover and read the best of Twitter Threads about #PrinterNightmare

Most recents (2)

I’d like to clarify my position on #Microsoft in general

Many things have improved over the last 10 years .. a lot .. especially with Windows 10/2016.
Today many fellow security researchers that I highly respect work there.

I criticize Microsoft’s response to recent ..
vulnerabilities (or design flaws) because I care about these things and believe that customers do care too.
I don’t think that it is fair / right to tell them to migrate to the cloud-based solution in order to get rid of these issues.

There are still few but good reasons ..
.. not to opt for the cloud.

I strongly believe that weaknesses in default configs that allow an attacker to escalate privs to Domain Admin should be addressed with a KB patch and not just a pointer to an advisory.
Many won’t read it.

I really hope that you continue the ..
Read 4 tweets
The patched version of spoolsv for #PrinterNightmare is interesting. The call to YIsElevated seems to be an admin check is disguise, basically only admins can open the process token for TOKEN_QUERY, which if fails will return FALSE even if the process token is elevated.
It'll then check if elevation is required from the NoWarningNoElevationOnInstall is enabled. If YIsElevated returns FALSE and YIsElevationRequired returns TRUE then it's based on the result of RunningAsLUA.
This is where the impersonation token is checked. If the caller's token is a Limited token then the result is TRUE. If a Full token it's FALSE. However if it's a Default token (which is what you get as a network token) it's based on the value of elevation.
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!