531 - Windows: Creating Hardlinks Doesn't Require Write Permissions to the Target - project-zero

Starred by 1 user

Status:	Fixed
Owner:	forshaw@google.com
Closed:	Nov 2015
Cc:	project-...@google.com
Finder-forshaw MSRC-31144 Deadline-90 Reported-2015-Sep-11 CVE-2015-6113 Product-Windows CCProjectZeroMembers Severity-Low Vendor-Microsoft

Windows: Creating Hardlinks Doesn't Require Write Permissions to the Target

Project Member Reported by forshaw@google.com, Sep 14 2015

Back to list

Microsoft requested I removed information from a public presentation that you can create NTFS hardlinks without needing write permissions on the target file. Their view is they want to fix this, at the least to prevent its abuse in sandboxed applications so a case has been set up to track the issue. It's still under the normal 90 day SLA.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Project Member Comment 1 by forshaw@google.com, Sep 18 2015

Microsoft have confirmed they've reproduced the issue.

Project Member Comment 2 by forshaw@google.com, Nov 17 2015

Labels: -Restrict-View-Commit CVE-2015-6113
Status: Fixed

Fixed in MS15-115 https://technet.microsoft.com/en-us/library/security/MS15-115. Microsoft have removed the ability to use this trick from sandboxed processes.

► Sign in to add a comment