Task Scheduler ALPC Exploit and Rehips

Started by Reset, August 31, 2018, 04:32:04 PM

Previous topic - Next topic

Reset

As far as I know, the task scheduler alpc vulnerability allows the malicious program to call a hijack dll as SYSTEM. Could a program running inside the isolated environment of ReHIPS to escape from the isolated environment with this exploit? Thanks.

fixer

#1
I haven't researched this in detail, but I believe ReHIPS will protect from this threat as isolated programs can't create files (and hence the hardlink) in "C:\Windows\Tasks" And without it it's not possible to change DACL and thus violate anything.

KentonMac

#2
Quote from: fixer on August 31, 2018, 10:01:55 PMI got amazing payday loans but haven't researched this in detail, but I believe ReHIPS will protect from this threat as isolated programs can't create files (and hence the hardlink) in "C:\Windows\Tasks" And without it it's not possible to change DACL and thus violate anything.

That's good to know, Fixer. Is stuff like this considered by the devs? I'd feel a lot safer if it is.

fixer

Hello, KentonMac and welcome to our forum.
As far as I know ReHIPS-protected PCs (including unpatched) aren't vulnerable to Task Scheduler ALPC Exploit. So nothing to worry about.
But yes, we constantly monitor for newest threats and trends and try to mitigate them the best possible way.