Jump to content
em

[RST] Windows 10 RTM (10240) Close/Preview apps without authentication

Recommended Posts

Windows 10 RTM (10240) Close/Preview apps without autentification

Windows 10 is a personal computer operating system being developed by Microsoft as part of the Windows NT family of operating systems.

A new update to this OS is the three finger swipe up gesture, that opens the multiple screen mode and shows all the active apps, to allow them to be sorted/opened/closed/minimized. This feature also works without the user being logged in, potentially allowing an attackers to examine the running programs or close them.

By allowing an attacker to maximize random apps could lead to running unwanted code on locked machines. Preliminary tests show that on maximize events do trigger on maximize events (WM_SIZE message with the value SIZE_MAXIMIZED in wParam). This may allow an attacker to activate a previously installed backdoor on a user machine, and run it only on maximize if the screen is locked (thus, allowing him to run arbitrary code without logging in if he has physical access to the machine).

POC of this exploit:

1.png

In the first picture we can observe a Wordpad Document opened and a Google Chrome minimized

2.png

Lock the screen. Note: I have a password that is required for unlocking

3.png

Screen is locked

4.png

Execute the 3 fingers swipe up gesture with the touchpad

5a.png

I can see all the running apps with a GUI that are minimized. Moreover, I can see a preview of them, maximize them, or close them. Note that I can see the text "Sensitive information without logging in"

5bb.png

I clicked chrome. After that I clicked space to open the login screen.

6.png

I am logging in with my password

7.png

Chrome is maximized. I've managed to preview an app (see sensitive text) and maximize another app without entering my login password.

Source: em @ Romanian Security Team.

Edited by em
  • Upvote 3
Link to comment
Share on other sites

Foarte interesanta treaba asta, @em . Totusi, la mine nu se reproduce, desi am touchpad cu multitouch. Chiar in seara asta am facut update la noul build si am testat chestia asta.

?ie î?i apare acel ecran dac? e?ti logat? Poate nu ai driverele corespunz?toare la touchpad. Nu am verificat dac? exist? ?i o combina?ie de taste în loc de 3 degete.

Link to comment
Share on other sites

Am si driverele pentru multitouch, am acelasi build de Windows. Ce difera, e faptul ca eu am pus sa ma loghez cu PIN in loc de parola de Live. Mai verific diseara, posibil sa fie ceva ce am dezactivat de cand am pus build-ul anterior.

LE: De fapt, tocmai asta cred ca e diferenta. Eu folosesc @ live.com , iar tu folosesti cont local. Oare sa fi asta cauza?

Link to comment
Share on other sites

Hello,

Un subiect destul de misto, dar sunt si ceva sanse sa nu fie vina windows-ului. Ca idee, orice instalezi suplimentar pe langa windows (programe care sa ruleze la start-up, drivere, teme etc) pot cauza astfel de probleme. Subiectul imi aminteste de acest blog post, un exemplu bun de cum poti face bypass la windows lock screen atunci cand ai un screensaver facut in flash.

Parerea mea este ca ai un laptop de la Lenovo sau HP si ca ai instalat driverele pentru multi-touch ale lor. Eu m-am obisnuit cu gandul ca driverele lor sunt facute de maimute, probabil de acolo si problemele de securitate.

Oricum, foarte misto ca finding!

Link to comment
Share on other sites

Nu mi-ai raspuns la intrebare. Merge gestul cu trei degete sus daca esti logat? Adica, face ceva?

Daca sunt logat, nu face nimic. In CP-ul touchpadului e dezactivat triple-finger gesture.

Oricum, tot ramane sa mai experimentez diseara.

As putea spune ca e posibil sa fi dezactivat faza cu 3 degete, inca de cand am instalat driverul, tocmai pentru ca nu m-a interesat feature-u asta din Win10, dar nu-s sigur, ca memoria mea functioneaza aiurea.

LE: Mda, aparent la mine nu merge deloc feature asta nou din Windows. Am multi-finger gesture la touchpad, dar pentru alte prostii. Posibil driver nepotrivit. In fine, ma pot lipsi de el. Pot folosi Win+Tab.

Edited by AlStar
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...