SMBv2 Symlink to Local File Vulnerability

SMBv2 supports symlinks on remote file systems by returning a special status code STATUSSTOPPEDONSYMLINK when a symlink is encountered on the remote share. It also returns a symlink reparse data buffer to be processed to determine where to redirect the request. While this is supported functionali...

Microsoft Windows - Desktop Bridge VFS Privilege Escalation

Windows: Windows: Desktop Bridge VFS EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the VFS for desktop bridge applications can allow an application to create virtual files in system folder which can result in EoP. Description: The...

Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior

Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevati...

Microsoft Windows SMB Server (v1v2) - Mount Point Arbitrary Device Open Privilege Escalation

Microsoft Windows SMB Server v1v2 - Mount Point Arbitrary Device Open Privilege Escalation Windows: SMB Server v1 and v2 Mount Point Arbitrary Device Open EoP Platform: Windows 10 1703 and 1709 seems the same on 7 and 8.1 but not extensively tested Class: Elevation of Privilege Summary: The SMB...