I wonder why Windows Defender has the privilege to alter the system files. Read them for analysis? Sure! Reset (as in, call some windows API to have it replaced with the original), why not? But being able to write sounds like a bad idea.
However, I don't know what I'm talking about so take it with a grain of salt!
Tney gave it a sexy name and set up a website about it (a github repo, at any rate), instead of just talking about it in a mailing list and getting a CVE like a proper bearded security researcher.
A local privilege escalation to root via an exploitable service?
Doesn't Linux have one of these CVEs...each week?
I wonder why Windows Defender has the privilege to alter the system files. Read them for analysis? Sure! Reset (as in, call some windows API to have it replaced with the original), why not? But being able to write sounds like a bad idea.
However, I don't know what I'm talking about so take it with a grain of salt!
> normally I would just drop the PoC code and let people figure it out
Looks like that's exactly what they did though?
Or maybe they just meant that they don't usually explain how it works?
Tney gave it a sexy name and set up a website about it (a github repo, at any rate), instead of just talking about it in a mailing list and getting a CVE like a proper bearded security researcher.