I went to check when the bug had been patched, and was left wanting. I however lack the expertise to really appreciate how much danger exists in practice, or for whom. I just know I do have Win11 24H2 and "This leak primitive is particularly useful for Windows versions 24H2 or later"
I find myself thinking "wow, what an obvious bug. How did Microsoft not catch that?" but then I think back to some of my own extremely obvious bugs. Thankfully my code is much lower impact.
KASLR is broken anyway, at least on x86, even with KPTI (a Linux feature to mitigate Meltdown) enabled. See https://www.willsroot.io/2022/12/entrybleed.html, which still runs fine (with some modifications depending on the microarchitecture) on the latest AMD and Intel hardware that we've checked.
I can’t find any mention online of the `SystemTokenInformation` enum member outside of this article, even in this otherwise very comprehensive collection of documented and undocumented values: https://www.geoffchappell.com/studies/windows/km/ntoskrnl/ap...
Seems like SystemTokenInformation might be a very new addition, possibly even Windows 11 only?
9 comments
[ 2.9 ms ] story [ 34.5 ms ] threadhttps://betanews.com/2004/02/13/windows-source-leak-traces-b...
Seems like SystemTokenInformation might be a very new addition, possibly even Windows 11 only?