Researchers from Foxglove Security managed to develop a super exploit, connecting together three different known Windows security blanks. The new exploit, called Hot Potato, can break almost all the latest versions of Microsoft Windows.
Hot Potato exploit is based on three different types of attacks, some of which have been discovered by 2000.
All three of these security loopholes have been left unattended by Microsoft, with the explanation that their repair will ruin the compatibility between the different versions of the company's operating systems.
The three exploits that make up the single Hot Potato exploit a local NBNS (NetBIOS Name Service) a technique spoofing που είναι 100% αποτελεσματική, ένα ελάττωμα που επιτρέπει σε hackers να δημιουργήσουν ψεύτικους WPAD proxy servers WPAD (Web Proxy Auto-Discovery Protocol), και μια attack to the Windows NTLM (NT LAN Manager) authentication protocol.
In case of success, the attacker can increase the privileges of an application from the lower tier to system-level privileges.
Foxglove's researchers created a proof-of-concept explode (PoC) and assigned it to the group Google's Project Zero from 2014. But they presented it to congress on Security (ShmooCon) last weekend.
In addition, researchers have uploaded some videos showing PoC on YouTube, breaking all recent versions of Windows (7, 8, 10, Server 2008, and Server 2012).
The researchers report that the “Extended Protection for Authentication” feature (Extended Protection for Authentication) of Windows should stop the last stage of the exploit.
Meanwhile the explosion has already climbed to GitHub.
Watch videos
https://www.youtube.com/watch?v=Mzn7ozkyG5g
https://www.youtube.com/watch?v=Nd6f5P3LSNM
https://www.youtube.com/watch?v=z_IGPWgL5SY
https://www.youtube.com/watch?v=Kan58VeYpb8