Comments (5)
Thanks for the information.
On the other hand, it might be an actual vulnerability.
From my understanding of Windows in general, I believe that normal users should not have write access in C:\Program Files\
. If a program, that is installed under C:\Program Files\
, needs to manipulate some files/data or if normal users need to manipulate these files, it should have a dedicated folder in C:\ProgramData\
.
That's typically the case of the USO service with the USOShared
and the USOPrivate
folders. One is solely used by SYSTEM whereas the other one is used by normal users. And they are configured with proper ACLs.
If the *.etl
files you found in this folder are owned by SYSTEM, it might be the first sign that privileged operations may occur in this folder. Anyway, from my standpoint, this is a misconfiguration that requires further investigation so I won't update the script for now.
Besides, it wouldn't be the first time this script finds a 0-day... :P
from privesccheck.
I just checked my daily driver host and that folder did not exist. I assume because I unticked everything (all the tracking/ads/Cortana/etc) during install, so I created a VM with everything ticked and still didn't have that folder. I'm guess it'll show up after some use (hopefully idle), will see.
from privesccheck.
Hmm... that's weird...
It looks like "Everyone" has "Full Control" on this folder.
I checked on my laptop but it doesn't even exist.
I'll have to check on my virtual machines.
from privesccheck.
Yeah, best I can tell is that UNP is related to the ads that Microsoft can push out on a Windows 10 platform.
https://sensorstechforum.com/unp-campaign-manager/
https://answers.microsoft.com/en-us/windows/forum/windows_10-files-winpc/what-is-unp-campaignmanager-and-how-did-it-get-on/19e663b5-4e62-42b8-b364-5b1a514300ab
Most of my VMs have it. But a clean install right off of the ISO doesn't have it. So perhaps it only arrives after a system has been in use for a while.
The \Logs directory contents are only numbered files starting with
UniversalNotificationPlatform.001.etl
UpdateNotificationPipeline.001.etl
Despite having a world-writable subdirectory in C:\Program FIles, it's not immediately obvious to me how it may lead to privilege escalation. So despite it not being 100% clear why it's there (and why it's not on 100% of Win10 systems), it may be useful to mute its output in your tool to help minimize false positives.
from privesccheck.
Conclusion:
- This folder is not present on a default installation of Windows 10.
- This is just an INFO check.
My decision is to leave the script as is for now. Perhaps I'll reconsider this later. You never know... :)
from privesccheck.
Related Issues (20)
- Wifi Airstrike Attack (CVE-2021-28316) already mitigated Apr 13, 2021 HOT 2
- Cannot find process with ID for UDP Endpoints HOT 2
- Specified cast is not valid HOT 9
- Windows 11 detected as Windows 10 HOT 3
- Scheduled Task: Binary Exploitation no detection HOT 2
- Empty WinLogon credentials HOT 1
- Check for vulnerable WPAD configuration? HOT 2
- Report Improvement Suggestion HOT 2
- [Improvement] Check for vulnerable drivers HOT 1
- SERVICES > Unquoted Path not work as expected HOT 3
- Credential Guard HOT 3
- [Feature Request] Readd Compliance Field HOT 4
- Getting erros when trying to run it HOT 2
- Get-HotFixList misses updates HOT 2
- LapsV2 is not being checked? HOT 3
- Check SMB signing required HOT 5
- Service binary permissions false positive HOT 1
- List ASR rules HOT 2
- Bug in Find-SccmCacheFileCredentials? HOT 2
- Detect Defender exclusions rules and ASR rules HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privesccheck.