Hey, guys! How are y’all doing today?
In this blog, we’re going to look at a medium-severity Windows vulnerability that has a CVSS score of 5.5. Discovered by Jonas Lykkegård, this information disclosure vulnerability - named ‘Windows Kernel Information Disclosure Vulnerability’ - exists when the Windows kernel improperly handles objects in memory. This vulnerability affects all Windows 10 Version 2004 that are unpatched.
Without further ado, let’s get a closer look at CVE-2020-16938!
What is this vulnerability all about?
According to the GitHub post by ioncodes (who also goes by ‘Layle’ or ‘Luca’), CVE-2020-16938 is a vulnerability that enables anyone to get unrestricted file read capabilities on the entire disk as an unprivileged user. An attacker who has successfully exploited this vulnerability could get their hands on information to further compromise the victim’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute codes or to elevate user rights directly, but it could be used to gain information that could be used to try to further compromise the affected system.
ioncodes’s version of the exploit comprises an array of Windows API calls to get the handle directly without using 7zip whereas 7zip is a part of Jonas’s PoC of this exploit. To keep it short and simple, this exploit enables the dump of the entire disk. The dump itself can be opened using 7zip or any other parser that supports NTFS.
- PoC by Jonas can be found here.
- PoC by ioncodes can be found in the poc folder in his Github post and their tweet.
Are patches available for this vulnerability?
Yes, there are patches available for this vulnerability. These patches from Microsoft address the vulnerability by correcting how the Windows kernel handles objects in memory.
If your system is exposed to this vulnerability, patch now!
That’s it for the blog today, y’all! Feel free to drop comments and share this blog if you found it useful.
Stay safe and stay tuned.
Until next time, friends!
Credits: GitHub & Microsoft