13 comments

[ 3.0 ms ] story [ 39.7 ms ] thread
> normally I would just drop the PoC code and let people figure it out

Looks like that's exactly what they did though?

Or maybe they just meant that they don't usually explain how it works?

(comment deleted)
I wonder why Windows Defender has the privilege to alter the system files. Read them for analysis? Sure! Reset (as in, call some windows API to have it replaced with the original), why not? But being able to write sounds like a bad idea.

However, I don't know what I'm talking about so take it with a grain of salt!

A local privilege escalation to root via an exploitable service?

Doesn't Linux have one of these CVEs...each week?

Not quite every week, but yeah it has a lot. And if the target uses sudo at all you don't even need an exploit!

But nobody mentioned Linux. There's no need for whataboutism. They both shouldn't have these vulnerabilities.

cl /std:c++17 /EHsc /W4 /O2 /DUNICODE /D_UNICODE /wd4005 /Fe:RedSun.exe RedSun.cpp advapi32.lib ole32.lib user32.lib
Seriously this is my bugbear with code for windows: how did you figure that invocation out?

Anything for Linux you just type "make". If the author skipped a makefile, theres rarely much to it.

But when someone has a cpp file for Windows it looks like this.

This is a misrepresentation. This command-line is the compiler invocation, and is not the equivalent to 'make' on Windows. The actual equivalent on Linux, in the same order of the arguments to cl.exe would be:

  cl /std:c++17 /EHsc /W4 /O2 /DUNICODE /D_UNICODE /wd4005 /Fe:RedSun.exe RedSun.cpp advapi32.lib ole32.lib user32.lib

  g++ -std=c++17 -Wall -O3 -DUNICODE -D_UNICODE -Wno-builtin-macro-redefined -o RedSun.exe RedSun.cpp -ladvapi -lole32 -luser32
I see no difference. One uses slash-demarcated arguments, the other uses hyphens. The g++ invocation is missing the flag for the exception handling model[1]. Otherwise, it is a matter of what you are used to. In fact, if you have MinGW, this exact command-line invocation will probably work correctly.

When you install the VS build tools you get nmake which processes most Makefiles just fine. Or you get a solution file, in which case you just open the solution in VS and press F5. Or if you are hung up about doing it in the command-line, it would be

  msbuild.exe foo.sln
Or with CMake, which has a cross-platform command-line,

  cmake --preset somepreset
Linux people who don't know Windows and complain that 'it looks like this' is my bugbear, when they can spend hours fixing a dumb in-tree driver with printf debugging that works plug-and-play on Windows.

[1]: https://learn.microsoft.com/en-gb/cpp/build/reference/eh-exc...

I remember the times when Microsoft had a lot of problems 20 years ago because of Sasser and other viruses that were taking over Windows. They did not have any contenders. Yet they have stopped any software development for 9 months just to re-work their entire codebase to prevent things like direct memory execution and stuff like that. The result of that was Windows XP Service Pack 2. After that thing windows XP became a legend.

Now, when Linux is slowly creeping on one side, and Mac NEO on another they keep releasing this AI-slop.

By the looks of it they make most of their money from the cloud and other software things nowadays. And Windows has become a sidekick in their processes.

Tried to download and Defender blocks it.
I'd love to think that this person is a rogue AI, (better than Claude mythos?) Dropping two zero days in one month is pretty interesting. Nice work.
Any way to disable the entire cloud tag system?