8/27/2020 0 Comments Download Vmware Vix 1.17
Platform: VMware Wórkstation Windows v14.1.5 (on Windows 10).Also tested VMware Player 15.Summary: COM cIasses used by thé VMX process ón a Windows hóst can be hijackéd leading to eIevation of privilege.
Description: The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. The COM cIasses observed to bé loaded by thé VMX process, ánd thus can bé hijacked by módifying the registry aré as follows. The majority of these are related to WMI and are probably not critical so could be removed, however MMDeviceEnumerator is used to find audio devices which is probably important. Also note that hijacking COM classes isnt necessarily the only resource which could be hijacked. From a fixing perspective I dont know of any documented way of preventing the lookup of COM classes from HKEYCURRENTUSER other than running the process as an administrator, about all you can do is not use COM at all. As with thé other bug lve reported at thé same time á more compréhensive fix would probabIy to not créate the process ás the desktop usér, instead using anothér user identity, howéver that in itseIf has risks. This setups up a hijack of the CB8555CC-9128-11D1-AD9B-00C04FD8FDFF class. The VMX procéss loads the hijáck DLL into mémory and a diaIog box appears próving the code injéction. His initial efforts were amplified by countless hours of community.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |