{"@attributes":{"version":"2.0"},"channel":{"title":"Microsoft on theevilbit blog","link":"https:\/\/theevilbit.github.io\/tags\/microsoft\/","description":"Recent content in Microsoft on theevilbit blog","generator":"Hugo","language":"en","lastBuildDate":"Tue, 17 Nov 2020 00:00:00 +0000","item":[{"title":"NOCVE - Microsoft Teams for macOS Local Privilege Escalation","link":"https:\/\/theevilbit.github.io\/posts\/microsoft_teams_lpe\/","pubDate":"Tue, 17 Nov 2020 00:00:00 +0000","guid":"https:\/\/theevilbit.github.io\/posts\/microsoft_teams_lpe\/","description":"<p>This blog post shares the details of a vulnerability Offensive Security discovered in the XPC service of Microsoft Teams. Although Microsoft secured these services reasonably well, we will see how small code mistakes can have serious impacts.<\/p>\n<p>We reported the issue to MSRC, but unfortunately Microsoft decided that  \u201cthe finding is valid but does not meet our bar for immediate servicing.\u201d While they have since hardened the XPC service, it remains exploitable.<\/p>"},{"title":"CVE-2020-0984 - Secure coding XPC Services - Part 3 - Incorrect client verification","link":"https:\/\/theevilbit.github.io\/posts\/secure_coding_xpc_part3\/","pubDate":"Fri, 29 May 2020 00:00:00 +0000","guid":"https:\/\/theevilbit.github.io\/posts\/secure_coding_xpc_part3\/","description":"<h1 id=\"microsoft-autoupdate-macos-privilege-escalation-vulnerability-cve-2020-0984\">\n  Microsoft AutoUpdate macOS privilege escalation vulnerability (CVE-2020-0984)\n  <a class=\"heading-link\" href=\"#microsoft-autoupdate-macos-privilege-escalation-vulnerability-cve-2020-0984\">\n    <i class=\"fa-solid fa-link\" aria-hidden=\"true\" title=\"Link to heading\"><\/i>\n    <span class=\"sr-only\">Link to heading<\/span>\n  <\/a>\n<\/h1>\n<h2 id=\"introduction\">\n  Introduction\n  <a class=\"heading-link\" href=\"#introduction\">\n    <i class=\"fa-solid fa-link\" aria-hidden=\"true\" title=\"Link to heading\"><\/i>\n    <span class=\"sr-only\">Link to heading<\/span>\n  <\/a>\n<\/h2>\n<p>This is the third post in my series which is trying to help Apple developers to avoid typical insecure coding practices. This one will highlight why XPC client hardening and proper verification is extremely important when we use XPC messaging on macOS between clients that run as a normal user and services that run as root. If this validation is not right, it opens up the possibility for an attacker to run privileged commands or worse case, achieve full privilege escalation on the system.<\/p>"}]}}