Google Researcher Publishes Unpatched Windows 8.1 Security Vulnerability

An anonymous reader writes "Google's security research database has after a 90 day timeout automatically undisclosed a Windows 8.1 vulnerability which Microsoft hasn't yet patched. By design the system call NtApphelpCacheControl() in ahcache.sys allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext(). Long story short, the aforementioned function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It hasn't been fully verified if Windows 7 is vulnerable. For a passer-by it is also hard to tell whether Microsoft has even reviewed the issue reported by the Google researcher. The database has already one worried comment saying that automatically revealing a vulnerability just like that might be a bad idea."

Re:Let's be honest

[gatkinso]

Boots faster. Is more stable. Uses less memory resources. Windows networking seems to work better. Seemless integration with the kids XBox.

I seem to have much more luck developing drivers on 8.1 as well - far less error check screens (more a function of me learning the DDK), also at the user level ETW seems rather more robust. Windbg also seems to be more stable when running on 8.1.

Also, I like the UI better (on the desktop) - I largely ignore the metro screen or whatever it is called.

Re:Ha ha ha

[Dutch+Gun]

Microsoft got serious about security a decade ago when it became obvious that their customers cared about security, and made it a company-wide priority. They've taken reported security exploits seriously for a very long time now, and disclosing any vulnerability before a patch is deployed is absolutely irresponsible. It's arrogant as hell for Google to decide that 90 days is long enough, thank you. Recently, though, that seems to be nothing new for Google, as they now seem fairly comfortable dictating timelines to the rest of the internet about all sorts of recent security-related issues.

Keep in mind that if Microsoft screws up a patch (something that's happened a few times recently), it causes very real problems for a massive number of people... much more so than security issues that may not have even been seen in the wild yet (I saw no indication in the linked article that this was the case) - but now probably will since the attack is known. If that happens, Google is as culpable for any harm done as Microsoft is because of their disclosure policy.

Sorry if I sound like an MS shill, but Google is really starting to piss me off with their high-handed attitude on stuff like this lately.

Re:Ha ha ha

[strikethree]

Microsoft got serious about security a decade ago when it became obvious that their customers cared about security, and made it a company-wide priority.

ROFLMAO. I could go on and on for hours about how pathetic Microsoft Security is but instead, I will not bore you and just talk about the one that is the largest pain in my rear right now: It is titled Windows Credential Theft.

Yes, the geniuses at Microsoft decided that leaving Domain Admin credentials laying about on any average workstation is not a huge problem. It is not like just anyone has access to the computer after all and it is not like having your entire domain compromised is a huge deal...

Seriously. Caching Domain Admin credentials. On a workstation... Serious about security? It is to laugh. These clowns would not know security if it walked up and introduced itself.