<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>2024 on Logic Security</title>
    <link>https://www.zoemurmure.top/archives/2024/</link>
    <description>Recent content in 2024 on Logic Security</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en</language>
    <lastBuildDate>Mon, 21 Oct 2024 18:15:39 +0800</lastBuildDate><atom:link href="https://www.zoemurmure.top/archives/2024/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>[CVE-2024-43560] Windows Storage Port Driver Privilege Escalation Vulnerability</title>
      <link>https://www.zoemurmure.top/posts/cve_2024_43560/</link>
      <pubDate>Mon, 21 Oct 2024 18:15:39 +0800</pubDate>
      
      <guid>https://www.zoemurmure.top/posts/cve_2024_43560/</guid>
      <description>1. Background Based on the vulnerability name (Microsoft Windows Storage Port Driver), we can search and identify the corresponding file as storport.sys. This driver is used for communication between the computer and high-performance storage devices, defining how the computer communicates with these devices.
2. Patch Diffing System Version: Win11 22H2 Pro
The diff shows that 6 functions were modified:
After comparing the function code before and after the patch, the differences mainly lie in the calls to Feature_ class functions.</description>
    </item>
    
    <item>
      <title>[Learning Notes] Windows Downdate: Vulnerability Discovery and Exploitation</title>
      <link>https://www.zoemurmure.top/posts/windows_downdate/</link>
      <pubDate>Tue, 27 Aug 2024 15:55:41 +0800</pubDate>
      
      <guid>https://www.zoemurmure.top/posts/windows_downdate/</guid>
      <description>Overview In this post, the author discovers vulnerabilities in Windows Update by examining its architecture and execution flow. Under Administrator privileges, an attacker can manipulate registry keys to control arbitrary system files, replacing them and bypassing system integrity checks. Due to the lack of downgrade file validation in the operating system, this capability can be leveraged to achieve further privilege escalation and security boundary bypasses.
Principles Windows Update Architecture Approach 1: In the architecture shown above, privilege escalation from Administrator to Trusted Installer is possible.</description>
    </item>
    
  </channel>
</rss>
