1. InfoconDB
  2. Black Hat
  3. Black Hat Europe 2020 Virtual
  4. Discovering 20 Year Old Vulnerabilities in Modern Windows Kernel

Discovering 20 Year Old Vulnerabilities in Modern Windows Kernel

Presented at Black Hat Europe 2020 Virtual, Dec. 9, 2020, 1:30 p.m. (30 minutes)

With the continuous upgrade by Microsoft, the latest windows 10 version has become more and more powerful and supports more and more features. On the other hand, certain components always exist in windows system, such as printer driver.

The function of the print driver consists of the GDI kernel and the user-mode printer driver.Printer Driver is too old, it turned out that few people payed attention to the security issues for it. However, the interaction between UMPD(user mode printer driver) and GDI kernel created a big attack surface.

This talk presents how we found some novel and unique vulnerabilities in ancient windows code. In particular, we designed a special fuzzer for the user-mode print driver, which effectively found multiple vulnerabilities in windows graphics kernel. We will introduce the design idea and implement skills used in the fuzzer, and disclose the details of the two fixed vulnerabilities to deeply reveal the security impact of the UMPD attack surface.


Presenters:

  • Rancho Han - Senior Security Researcher, Singular Security Lab
    <p class="p1"><span class="s1" style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Rancho Han (@RanchoIce) is a Senior Security Researcher of Singular Security Lab. He has more than 9 years of information security experience. In the past years, his work involved malware detection, exploit mitigations, and bug hunting. Recently, he focused on the research of windows kernel fuzzing and exploit techniques.He was listed on Microsoft Most Valuable Researcher from 2017 to 2019. He participated in Pwn2Own 2017 and won the Edge category. He was also a speaker at several conferences such as HITB 2018, ZeroNights, and 44Con.</span></p>

Links:

Similar Presentations: