Daily Archives: September 12, 2024

More details on that Windows Installer ‘make me admin’ hole

Posted on by

In this week’s Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC.

The vulnerability, CVE-2024-38014, was spotted and privately disclosed by security shop SEC Consult, which has now shared the full details of how this attack works. The researcher has released an open source tool to scan a system for Installer files that can be abused to elevate local privileges.

Microsoft said the bug is already exploited, which may mean it acknowledges that SEC Consult’s exploit for the flaw works, or that bad people are abusing this in the wild, or both

[…]

SECC researcher Michael Baer found the exploitable weakness in January. Fixing it turned out to be a complex task and Microsoft asked for more time to address it with a patch, which it implemented this week. The original plan was to close the hole in May, but that slipped to this September for technical reasons. Now Baer has written a blog post explaining exactly how the attack works.

Essentially, a low privileged user opens an Installer package to repair some already-installed code on a vulnerable Windows system. The user does this by running an .msi file for a program, launching the Installer to handle it, and then selecting the option to repair the program (eg, like this). There is a brief opportunity to hijack that repair process, which runs with full SYSTEM rights, and gain those privileges, giving much more control over the PC.

When the repair process begins, a black command-line window opens up briefly to run a Windows program called certutil.exe. Quickly right clicking on the window’s top bar and selecting “Properties” will stop the program from disappearing and open a dialog box in which the user can click on a web link labeled “legacy console mode.” The OS will then prompt the user to open a browser to handle that link. Select Firefox, ideally, to handle that request.

Then in the browser, press Control-O to open a file, type cmd.exe in the top address bar of the dialog box, hit Enter, and bam – you’ve got a command prompt as SYSTEM. That’s because the Installer spawned the browser with those rights from that link.

[…]

Source: More details on that Windows Installer ‘make me admin’ hole • The Register

‘Windhawk’ Is Like an App Store for Windows Interface Mods

Posted on by

Ever wish Windows worked just a little bit differently? You’re not alone. Windhawk is a free and open source application offering dozens of community curated “mods” for Windows and Windows applications. It’s the simplest tool for customizing Windows that I’ve come across.

The application, which you can download for free, gives you a sort of app store for Windows mods. You can browse the mods online, too, if you’re curious. I found customizations that can do things you’d otherwise need dedicated software for—everything from replacing the Windows 11 start menu with an older version, to adding the labels back to taskbar icons. Basically, if you’ve got an itch to change something about how Windows works, there’s a good chance Windhawk can scratch it.

When you open Windhawk, you’ll be presented with the mod marketplace. From here you can browse and install mods in a couple of clicks.

The main interface for the app, which offers a few popular mods to start with. You can click "Explore Mods" to find more.
Credit: Justin Pot

You will be warned to think critically every time you go to install a mod. There will also be a link to the Github page for the mod creator, which means you look into the script if you’re worried. This caution is appreciated—you should always think critically before installing mods like this.

A pop-up explains to proceed with care before installing a mod, then provides links to the mod on Github along with the developer's homepage.
Credit: Justin Pot

After installing a mode you can configure it within the application—just check the “Settings” section for the mod. For example, if you’ve decided to change the look for the Windows taskbar, you can select which theme you want.

The settings screen for the Windows 11 Taskbar mode allows you to choose which taskbar you want. The user here picked Windows XP, and the taskbar is in fact bright green.
Credit: Justin Pot

Here are a few of my favorite mods I’ve found (so far) to get you started:

  • Taskbar height and icon size lets you slim down the chonky taskbar back to the height it was in the glory days of Windows 2000.
  • Windows 11 start menu styler lets you replace the cluttered start menu with something more streamlined, or with a start menu you remember from previous version of Windows.
  • Taskbar clock customization lets you changes what information does and doesn’t show up in the taskbar clock, formatting that however you like and even including headlines from an RSS feed if you want.
  • Taskbar volume control makes it easier to adjust the volume—put your mouse anywhere on the taskbar and scroll up and down. Simple.
  • Disable grouping on the taskbar means every window you have open has its own taskbar icon, even multiple windows in the same app.

I could spend all day talking about the different things this application can do, but the real fun comes from exploring and tweaking until everything works just the way you want it. My recommendation: dive in.

Source: ‘Windhawk’ Is Like an App Store for Windows Mods | Lifehacker