Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,371
- Points
- 113
The calculator opens when you select a topic? The author of the exploit explains why this is a bad sign.
Cybersecurity expert Gabe Kirkpatrick has published an exploit code for a new vulnerability in Windows visual styles called ThemeBleed. This flaw allows attackers to remotely execute arbitrary code on the targeted computer. Microsoft has already released a patch, but some aspects still raise questions.
ThemeBleed (or CVE-2023-38146) has received a rating of 8.8 on the Hazard scale (CVSS). It is activated when the user opens a file with the extension specially created by intruders.THEME. Interestingly, Kirkpatrick discovered the problem while researching unusual file formats in Windows, which are often used to customize the interface.
If in a file with the extension .MSSTYLES specifies the version number 999. There is a delay between verifying the digital signature of the DLL library and the moment it is actually loaded into the system. It is this time window that can be used for an attack.
The exploit runs the standard Windows calculator if the user opens a fake theme file. This may seem like a minor bug, but this is the perfect moment to run arbitrary code.
Kirkpatrick points out that a "mark-of-the-web" warning appears on the screen when a user downloads a theme file from the Internet. However, if this file is "packed" into a format .THEMEPACK, the warning will not be shown.
Microsoft removed the controversial "version 999", but the researcher believes that the main vulnerability related to the race condition remained unresolved. In addition, Microsoft has not fixed the issue with missing warnings for files .THEMEPACK.
Windows users are advised to update the latest security package. The update addresses not only ThemeBleed, but also two other critical vulnerabilities, as well as 57 security issues in various components of the system. But even with these measures, the question remains: how many other unknown vulnerabilities are waiting in the wings?
Cybersecurity expert Gabe Kirkpatrick has published an exploit code for a new vulnerability in Windows visual styles called ThemeBleed. This flaw allows attackers to remotely execute arbitrary code on the targeted computer. Microsoft has already released a patch, but some aspects still raise questions.
ThemeBleed (or CVE-2023-38146) has received a rating of 8.8 on the Hazard scale (CVSS). It is activated when the user opens a file with the extension specially created by intruders.THEME. Interestingly, Kirkpatrick discovered the problem while researching unusual file formats in Windows, which are often used to customize the interface.
If in a file with the extension .MSSTYLES specifies the version number 999. There is a delay between verifying the digital signature of the DLL library and the moment it is actually loaded into the system. It is this time window that can be used for an attack.
The exploit runs the standard Windows calculator if the user opens a fake theme file. This may seem like a minor bug, but this is the perfect moment to run arbitrary code.
Kirkpatrick points out that a "mark-of-the-web" warning appears on the screen when a user downloads a theme file from the Internet. However, if this file is "packed" into a format .THEMEPACK, the warning will not be shown.
Microsoft removed the controversial "version 999", but the researcher believes that the main vulnerability related to the race condition remained unresolved. In addition, Microsoft has not fixed the issue with missing warnings for files .THEMEPACK.
Windows users are advised to update the latest security package. The update addresses not only ThemeBleed, but also two other critical vulnerabilities, as well as 57 security issues in various components of the system. But even with these measures, the question remains: how many other unknown vulnerabilities are waiting in the wings?
