Microsoft Visual Studio C++ Runtime installers were built to fail

guest · Aug 22, 2018

Microsoft Visual Studio C++ Runtime installers were built to fail
Redmond created executable installers with vulnerable tools
August 22, 2018
https://www.theregister.co.uk/2018/08/22/microsoft_installers_fail/

Security researcher Stefan Kanthak claims that the Microsoft Visual C++ Redistributable for Visual Studio 2017 executable installers (x86 and x64) were built with insecure tools from several years ago, creating a vulnerability that could allow privilege escalation.

In an August 14 post to the Full Disclosure security mailing list that was published August 21, Kanthak did not mince words. "Microsoft builds [its] CURRENT executable installers from outdated [...] and dares to ship them to hundreds of millions of customers, where their well-known vulnerabilities can be exploited!" he wrote.

He added that all versions of Windows are potentially vulnerable to this type of attack because the module loader searches DLLs in the Applications directory first.
Click to expand...

TairikuOkami · Aug 22, 2018

Funny, I am using 3rd party installer, which contains unpacked files, so I assume, it is actually safer?!
Code:
https://www.sendspace.com/file/0tlyul

Log in or Sign up

Microsoft Visual Studio C++ Runtime installers were built to fail

guest Guest

TairikuOkami Registered Member

Log in or Sign up

Microsoft Visual Studio C++ Runtime installers were built to fail

guest Guest

TairikuOkami Registered Member

Useful Searches