exploit the possibilities

Microsoft Windows Internet Settings Security Feature Bypass

Microsoft Windows Internet Settings Security Feature Bypass
Posted Sep 17, 2019
Authored by Eduardo Braun Prado

Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019.

tags | exploit, x86, bypass
systems | windows, 7
MD5 | ff0c1e4363db410575808afd701e6662

Microsoft Windows Internet Settings Security Feature Bypass

Change Mirror Download
# Exploit Title:  Microsoft Windows 'Internet Settings' Misconfiguration Security Feature Bypass Vulnerability

# Google Dork: N/A

# Date: September, 17 2019

# Exploit Author: Eduardo Braun Prado

# Vendor Homepage: http://www.microsoft.com/

# Software Link: http://www.microsoft.com/

# Version: Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019

# Tested on: Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019

# CVE : n/a


Details: A recent setting has been introduced to the 'Internet settings' of Windows that applies to MS IE and several programs that utilize its libraries

which can enable or disable the VBScript engine on a per-zone basis. On the Registry:


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\X


value: 140C

type: DWORD

data: 0 (0= allow | 1= prompt | 3 = disallow)

where 'X' is an integer between 0 and 4, and they are related to security zones. It´s permitted by default on 'Local Intranet', 'Trusted Sites' and 'Local Machine' and disabled by default on 'Internet' and 'Restricted Sites'


The misconfiguration issue happens because on the affected Windows versions, the setting was defined to '0' (Allow) when it should be '3' (disallow).

The impact is permitting web pages to invoke VBScript engine on security zones that should not be allowed.


To make sure this setting is on its default on all supported OSes, one can run the following commands (from eg. 'Run' menu or CMD prompt)

%comspec% /k reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 140C /t REG_DWORD /d 3 /f

%comspec% /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 140C /t REG_DWORD /d 3 /f

%comspec% /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 140C /t REG_DWORD /d 3 /f


Vendor was contacted on July 11, 2019.

Vendor replied on July 15, 2019 saying the issue was successfully reproduced and would be fixed on August, 2019 monthly patch.

Officially patched on August, 2019 (on the cumulative update for MS IE)


Warning: on Windows 7 machines, it might be necessary to run the above commands because the setting is also defined on HKEY_CURRENT_USER registry key which will take over HKEY_LOCAL_MACHINE.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close