Microsoft Windows Protocols Abuse Method Discovered

A security researcher has discovered a critical flaw in various Microsoft Windows Protocols that can be used in malicious attacks. For more information continue reading.

Microsoft Windows Protocols Can Be Used in Dangerous Attacks

A computer security researcher has discovered a critical flaw that encompasses a lot of Microsoft Windows programs due to the Microsoft Windows Protocols feature that is built-in in the operating system. The flaw was spotted by accident when the researcher clicked on a link in the Google Chrome browser which opened the Windows Store App. This was quite unnatural and risky as the browser asks the user when they are about to engage in potentially dangerous actions such as opening up external programs. In this case no warning was produced. It appears that there is a built-in function called Microsoft Windows Protocols which is responsible for this dangerous behavior. According to the analysis this is related to a registry value string which is used by the Windows Store App. A lot of applications including Microsoft Edge have their own protocols.

The instances shows that the Windows Store App renders HTML using the Microsoft Edge engine. This can possibly be used in dangerous XSS attacks against the target computers. The researcher was able to test several test scenarios, for instance one of the proof-of-concept flaws was able to generate 20 pop-ups using a simple HTML string. The Edge Protocols have allowed the researchers to bypass various restrictions. One of the many possibilities included the crashing of the browser instances and using Javascript code for potential UXSS attacks.

This flaw is probably related to the Microsoft Windows Store application implementation. Ever since Windows 8 the company has tried to grow their own application ecosystem by using the Windows Store application much like the package management solutions of other operating systems. The Microsoft Windows Protocols have a rich feature sets which allow the applications and their developers to use it to perform various functions – queries and execution commands are just one of the few capabilities. Unfortunately this also has serious consequences which are shown in this particular security flaw report. The Two proof-of-concept attacks demonstrated in the Microsoft Edge browser shows that a single string can crash the browser or cause dangerous manipulations.

Click here to read the whole report of the incident. This issue was reported to the Microsoft Security team On November 26 2016.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

Related Posts