ThemeBleed Code Execution Vulnerability In Home windows 11 Themes

A researcher discovered an attention-grabbing vulnerability in Home windows 11 Themes that might enable arbitrary code execution. Dubbed “ThemeBleed,” the vulnerability existed because of a number of different points that collectively allowed code execution assaults. Microsoft patched the flaw following the bug report.

PoC Exploit Accessible For Home windows 11 Themes Vulnerability

In a latest postsafety researcher Gabe Kirkpatrick has shared particulars a few severe safety vulnerability affecting Home windows 11 Themes.

As defined, the researcher noticed the difficulty with .theme information that allow customers to customise their working system look. These information embrace configuration particulars, and the vulnerability affected the .msstyles information that include icons.

Whereas these .msstyles information ought to embrace no code, the researcher discovered them in any other case. Thus, opening a .theme file additionally loaded the .msstyles file and the code.

Subsequent, loading the .msstyles file triggers a theme model verify, and encountering model 999 calls one other operate to load a signed DLL safely. Nonetheless, because of the DLL closure following the signature verification and the next reloading, a race situation appeared between these steps. An adversary may simply exchange the verified DLL with a malicious one, which is able to then be executed.

One other vulnerability affecting the .theme file is bypassing the Mark-of-the-Web warning by wrapping the theme right into a .themepack cab archive file.

Therefore, chaining these vulnerabilities allowed an adversary to trick the victims into working maliciously crafted .theme information. As soon as executed, the attacker may obtain code execution on the goal gadget with out reminiscence corruption.

The researcher has shared the PoC exploit for this flaw on GitHub, confirming that the difficulty sometimes impacts Home windows 11.

Following this discovery, Kirkpatrick reported the matter to Microsoft in Might 2023. The tech big acknowledged the vulnerability and rewarded the researcher with a $5000 bounty.

Moreover, Microsoft labeled this flaw (CVE-2023-38146) as an vital severity problem, releasing the patch with September Patch Tuesday updates.

Tell us your ideas within the feedback.

Writer: Abeerah Hashim
Date: 2023-09-18 10:59:07

Source link



Related articles

Alina A, Toronto
Alina A, Toronto
Alina A, an UofT graduate & Google Certified Cyber Security analyst, currently based in Toronto, Canada. She is passionate for Research and to write about Cyber-security related issues, trends and concerns in an emerging digital world.


Please enter your comment!
Please enter your name here