December 5, 2023

Google Project Zero shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address it soon. disclosure of findings is the Windows firewall and AppContainer, a sandbox used for testing Windows app security before allowing applications to run on the system.

Initially Microsoft not bothered, claiming it to be a “non-issue” and that the company “will not fix it.” Microsoft told that this vulnerability could not be exploited without compromising AppContainer.

Google shares details of unpatched Windows AppContainer vulnerability

Microsoft stated that AppContainer was a restrictive execution environment preventing applications running within the environment from accessing other apps, files, hardware, registry, and network resources, which the apps weren’t allowed to access. Researcher revealed a way to bypass the restrictions and access the services on the intranet

The default rules for the [Windows Filtering Platform (WFP)] connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.

The Windows vulnerability can cause elevation of privilege. The issue is that under the Windows Filtering Platform (WFP) rules, it can permit executable files to connect to TCP sockets in AppContainers and enable an attacker to obtain EoP and inject malicious code by connecting to an external network resource via an AppContainer.

This vulnerability could impact any Windows system,specifically Windows 10 version 2004. The flaw could result in a malicious executable letting an attacker access intranet locations.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d