Full Disclosure mailing list archives
Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Thu, 9 May 2013 01:03:16 +0200
On Sunday, May 05, 2013 10:13 PM I wrote:
Hi @ll, Fujitsus <http://www.fsc-pc.de/> factory preinstallation (as found on a Fujitsu Lifebook A512 purchased a month ago) of Windows 8 Professional x64 (I'm VERY confident that other variants of Fujitsu's Windows 8 factory installation are just the like) has the following vulnerabilities which can lead to code execution in the context of the LocalSystem account. A. Command lines with unquoted paths containing spaces:
[...] and missed some more REALLY nice vulnerabilities (just like the one Microsoft fixed with <https://support.microsoft.com/kb/2781197> alias <http://technet.microsoft.com/security/bulletin/ms13-034>, which of course is present too). A.6: TWO vulnerabilities in the preinstalled services from Fujitsu: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PFNService] "ImagePath"=expand:"C:\\Program Files\\Fujitsu\\Plugfree NETWORK\\PFNService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PowerSavingUtilityService] "ImagePath"=expand:"C:\\Program Files\\Fujitsu\\PSUtility\\PSUService.exe" A.7: SIX vulnerabilities in the preinstalled services from Intel: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMPPALR3] "ImagePath"=expand:"C:\\Program Files\\Intel\\BluetoothHS\\BTHSAmpPalService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng] "ImagePath"=expand:"C:\\Program Files\\Intel\\WiFi\\bin\\EvtEng.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jhi_service] "ImagePath"=expand:"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMS] "ImagePath"=expand:"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWiFiDHCPDNS] "ImagePath"=expand:"C:\\Program Files\\Intel\WiFi\\bin\\PanDhcpDns.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc] "ImagePath"=expand:"C:\\Program Files\\Common Files\\Intel\\WirelessCommon\RegSrvc.exe" JFTR: two other services of Intel don't show this vulnerability! [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHSSecurityMgr] "ImagePath"=expand:"""C:\\Program Files\\Intel\\BluetoothHS\\BTHSSecurityMgr.exe""" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UNS] "ImagePath"=expand:"""C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe""" Stefan Kanthak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 Stefan Kanthak (May 06)
- Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued] Stefan Kanthak (May 08)