Circumventing SRP and AppLocker by design, with LoadLibraryEx

Discussion in 'other security issues & news' started by Didier Stevens, Jan 22, 2011.

Thread Status:
Not open for further replies.
  1. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Thanks as well. Can't believe I forgot to add it to the list.
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  3. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,251
    Location:
    Chaotic Land
    Thanks for the update Mr. Brian.
     
  4. wat0114

    wat0114 Guest

    Good news, thanks MrBrian :)
     
  5. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Last edited: Oct 12, 2011
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It makes us want to slap whoever thought of that "design", right? o_O I wonder if whoever came with that idea was eating some magic mushrooms. :D
     
  7. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Lol! Thats right!

    This time i repeated the process with a .exe that requires admin. privileges and it was unable to run. I got the message:
    "CreateProcessAsUser failed: 740"
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    One more day, folks! Just on more day!!! :argh:

    -edit-

    I suppose I was wrong... It's past half day of 04-11-2011, and still nothing. I wonder if it's still day 3 in US?

    I wonder if this is going to happen at all, or if they just prefer to let the "backdoor" be? lol
     
    Last edited: Nov 4, 2011
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Is this damn thing for real or simply a joke? Are you familiar with any official information from Microsoft stating they're going to fix it?

    It's already day 5, and I'm sure the U.S is only like eight hours behind, so... is this actually for real or was it simply some stupid joke?
     
  10. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    I'm also waiting...
     
  11. RichieB2B

    RichieB2B Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    13
    It seems KB370118 was just an internal fix number. It has just been released as KB2532445 at http://support.microsoft.com/kb/2532445. The hotfix is available upon request (see link at top of the article).

    This fix almost got delayed again, because of a conflict with another hotfix to the kernel. Luckily KB2532445 drew the shortest straw and was released first.
     
  12. Zorak

    Zorak Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    181
    Location:
    Australian Capital Territory
    Thanks RichieB2B :thumb:

    Will give the hotfix a go once I've bedded down the latest round of Windows Updates.

    Cheers.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Thanks...

    Did any systems blow up already after applying the hotfix? :D
     
  14. wat0114

    wat0114 Guest

    Come on m00nbl00d, I'd have thought you'd be on this like bees to honey, you were so impatiently waiting for it :D :p
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    :argh:

    I won't be checking my e-mail any time soon. I'm lazy to switch user accounts, right now. I'm on my restricted user account to access the web, in general. I have another user account for accessing my e-mail. :p :D

    So, did you blow up you computer? :D
     
  16. wat0114

    wat0114 Guest

    Too chicken to try it on the host machine yet ;) Will try the vm first and let you know tomorrow after I run it for a while.
     
  17. wat0114

    wat0114 Guest

    installed on the vm last night, no issues earlier today, so I installed on the host and all is fine so far, althtough no guarantees something won't eventually surface. You might want to image your system before applying the patch if that's what you're into :)
     
  18. Zorak

    Zorak Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    181
    Location:
    Australian Capital Territory
    Thanks wat0114 for being the crash test dummy :D
     
  19. wat0114

    wat0114 Guest

    LOL! you're welcome :)
     
  20. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,251
    Location:
    Chaotic Land
    Just looked at this thread again lol. About time Microsoft released it. :p Time to install. Good to hear you didn't have any issues wat. :thumb:
     
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, you're going to be the second lab rat... :D We need a third one... :D
     
  22. wat0114

    wat0114 Guest

    :D

    Why thank you, m00nbl00d! :p :D

    Still waiting with trepidation, but so far so good :)
     
  23. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,251
    Location:
    Chaotic Land
    Yep :D So far the hotfix is working without issues.
     
  24. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Working fine here either.
     
  25. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Does anyone know if this has been released through Windows Update ?
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.