Author Topic: Task Scheduler ALPC Exploit and Rehips  (Read 69 times)

Reset

  • Jr. Member
  • **
  • Posts: 10
Task Scheduler ALPC Exploit and Rehips
« on: August 31, 2018, 04:32:04 pm »
As far as I know, the task scheduler alpc vulnerability allows the malicious program to call a hijack dll as SYSTEM. Could a program running inside the isolated environment of ReHIPS to escape from the isolated environment with this exploit? Thanks.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1369
Re: Task Scheduler ALPC Exploit and Rehips
« Reply #1 on: August 31, 2018, 10:01:55 pm »
I haven't researched this in detail, but I believe ReHIPS will protect from this threat as isolated programs can't create files (and hence the hardlink) in "C:\Windows\Tasks" And without it it's not possible to change DACL and thus violate anything.
« Last Edit: August 31, 2018, 10:04:11 pm by fixer »