Author Topic: Task Scheduler ALPC Exploit and Rehips  (Read 1463 times)

Reset

  • Jr. Member
  • **
  • Posts: 10
Task Scheduler ALPC Exploit and Rehips
« on: August 31, 2018, 04:32:04 pm »
As far as I know, the task scheduler alpc vulnerability allows the malicious program to call a hijack dll as SYSTEM. Could a program running inside the isolated environment of ReHIPS to escape from the isolated environment with this exploit? Thanks.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Task Scheduler ALPC Exploit and Rehips
« Reply #1 on: August 31, 2018, 10:01:55 pm »
I haven't researched this in detail, but I believe ReHIPS will protect from this threat as isolated programs can't create files (and hence the hardlink) in "C:\Windows\Tasks" And without it it's not possible to change DACL and thus violate anything.
« Last Edit: August 31, 2018, 10:04:11 pm by fixer »

KentonMac

  • Jr. Member
  • **
  • Posts: 1
Re: Task Scheduler ALPC Exploit and Rehips
« Reply #2 on: October 16, 2018, 02:51:11 pm »
That's good to know, Fixer. Is stuff like this considered by the devs? I'd feel a lot safer if it is.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Task Scheduler ALPC Exploit and Rehips
« Reply #3 on: October 16, 2018, 11:06:30 pm »
Hello, KentonMac and welcome to our forum.
As far as I know ReHIPS-protected PCs (including unpatched) aren't vulnerable to Task Scheduler ALPC Exploit. So nothing to worry about.
But yes, we constantly monitor for newest threats and trends and try to mitigate them the best possible way.