Turning (Page) Tables: Bypassing Kernel Mitigations to Successfully Escalate Privileges

Here is another clever attack from enSilo:

https://blog.ensilo.com/bypassing-kernel-mitigations

 

Fantastic read on escalating, the kernel bypassing, and even lower realms as browsers. Thanks a bunch, good article!

Seems it's back to the basics-computer code of today's main uses just has inherently a myriad of avenues/choices for anyone, unfortunately the shadier bunch has a key in the keyhole for many of those.

 

Another VBS bypass.

Believe Microsoft made a tactical error by enabling VBS/HVCI on its non-Enterprise versions. As such, its in the pen-testers "bypass bullseye."

Also just one more instance of the never ending Microsoft "band aid" security mitigation approach to Windows. Rather than totally rewritting the OS from scratch with security being the most important factor.

 

Well, by all means @itman don't forget to include performance being an important (howbeit not quite as equal) a factor as well.

We all been waiting on the syncing of both yet they always seem to while making inroads and improve on one (WD), it's at the expense of introducing another performance hog (Cortana, extra features etc) which in turn also "CAN" also affect/delay security. Arggggg

 

On that regard if MS put in the same effort into securing Win 10 as they do in gathering user telemetry, pushing apps, etc.($$$), then we all could do something more meaningful than worrying about the next malware that will nail out PCs.

 

LOL, good point. I wonder if M$ if is going to fix this one, I have no idea how difficult it will be. To be fair, the same technique probably also works in Linux and macOS.

 

If you read the Ensilo article carefully, they note that this bypass will work outside of VBS protected apps. So it is not so much a VBS bypass as it is a virtual memory vulnerability. You can read about Windows memory protection here: https://docs.microsoft.com/en-us/windows/desktop/memory/memory-protection