Security Advisor

Google Discloses 2 More Windows Bugs

The flaws reside in Windows 7 and Windows 8.1.

Whether it's coincidence or retribution for Microsoft speaking out against Google's Windows 8.1 flaw disclosure, the search giant has made public information on two more Windows flaws -- both found  in Windows 7 and Windows 8.1.

Once again coming out of Google's Project Zero, the company's dedicated team working towards finding vulnerabilities that could lead to online targeted attack, the information on the two flaws was released over the weekend.

The first, and most severe, is a bug found in a Windows 7 and 8.1 feature called CryptProtectMemory that could allow encrypted memory to be unencrypted if a user login was spoofed. Google said the issue lies with the initial login session.

"The issue is the implementation in CNG.sys doesn't check the impersonation level of the token when capturing the logon session id (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session," wrote a Project Zero researcher in a blog post. "This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section."

The second issue resides only in Windows 7 and could allow someone with admin rights to access specific power functions with the use of an impersonated login token. In Windows 8 and 8.1, the feature in question, NtPowerInformation, checks to see if the token is spoofed before logging in.

If you think this flaw doesn't quite sound like a high-priority security issue, Google researchers agree. "It isn't clear if this has a serious security impact or not, therefore it's being disclosed as is," wrote Google. "Some functions are also checked by a privilege check, however the subject context is captured separately so there exists a TOCTOU window between checks which could be exploited."

Along with a breakdown of the two flaws, Google also released proof-of-concept code to easily replicate the issues. Both flaws were privately disclosed to Microsoft on Oct. 17, 2014 and Google waited the 90-day disclosure period before releasing the information. As for the first flaw, Google said that Microsoft wanted to include a fix with the January patch, but compatibility issues have pushed the release back to February. Microsoft also said that the second issue is not "considered serious enough for a bulletin release," according to Google.

While Microsoft did not comment on whether or not it asked Google to hold onto information in the wake of an upcoming fix, as it did with Google's earlier Windows 8.1 flaw disclosure, a company spokesperson did issue the following statement. "We are not aware of any cyberattacks using the CryptProtectMemory bypass. Customers should keep in mind that to successfully exploit this, a would-be attacker would need to use another vulnerability first. We continue to believe that security researchers should engage with software companies to privately disclose vulnerabilities and work together to further protect customers."


About the Author

Chris Paoli is the site producer for and


  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.