Get in touch now on

+61 7 3480 5121

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10
19 December, 2017
This post was originally published on this site

Google’s Project Zero released details of a local proof-of-concept attack against a fully patched Windows 10 PC that allows an adversary to execute untrusted JavaScript outside a sandboxed environment on targeted systems.

The attack is a variation of a WPAD/PAC attack. In Project Zero’s case, the WPAD/PAC attack focuses on chaining several vulnerabilities together relating to the PAC and a Microsoft JScript.dll file in order to gain remote command execution on a victim’s machine.

“We identified 7 security vulnerabilities in (JScript.dll) and successfully demonstrated reliable code execution from local network (and beyond) against a fully patched (at the time of writing) Windows 10 64-bit with Fall Creators Update installed,” wrote Project Zero researchers on the teams’ website Monday.

The vulnerabilities have since been patched.

Web Proxy AutoDiscovery (WPAD) protocol attacks are tied to how browsers use PAC (Proxy Auto-Configuration) to navigate HTTP and HTTPS requests. PAC files contain JavaScript that instruct what proxy a browser needs to use to get to a specific URL. If a malicious PAC is introduced to the browser, that allows an attacker to monitor the URL of every request the browser makes.

Previous researchers have found holes in WPAD ranging from an “UNHOLY PAC” attack identified by SafeBreach to a man-in-the-middle attack technique identified by Context Information Security. The technique allowed an attacker to see the entire URL of every site visited even if the traffic is protected with HTTPS encryption.

Google’s Project Zero team took WPAD/PAC attacks a step further.

“As far as we know, this is the first time that an attack against WPAD is demonstrated that results in the complete compromise of the WPAD user’s machine,” researchers said.

What Project Zero researchers identified was a new attack vector that directly attacks the Windows JScript engine that interprets the JavaScript PAC files, commented

read more ...

What our
Clients say

Product Finder

Search for products that match of these criteria:

 + Add row
System Diagnostic

  • Do you have five or more computers?
  • Do you have a server?
  • Is your data critical to your business?
  • Do you think IT could perform better?
  • Are you concerned about your IT security?
  • Do you need to be kept up to date?
  • Would you like your IT maintained?
Product Finder

Search for products that match of these criteria:

 + Add row



Phone:07 3480 5121

Address: 8 - 37 Flinders Parade, North Lakes

QLD 4509 Australia

Post: PO Box 128, Burpengary

QLD 4505 Australia