Security vulnerabilities and automated fixes for windows issues
3 posts found
A critical buffer overflow vulnerability was discovered and patched in the Windows USB HID host library, where four unsafe `memcpy` calls copied data using device-reported sizes without validating destination buffer capacity. The most dangerous instance could overflow a heap buffer by as little as one byte — enough to corrupt heap metadata and potentially allow arbitrary code execution. This post breaks down how the vulnerability works, why it matters, and how to write safer memory operations in
A critical use-after-free vulnerability was discovered and patched in the multi-threaded ICMP processing path of a Windows/Cygwin network probing library, where freed memory pointers were not nullified, creating a dangerous race condition between concurrent threads. Left unpatched, this flaw could allow attackers to corrupt heap metadata, potentially leading to arbitrary code execution or denial of service. The fix ensures that dangling pointers are eliminated immediately after memory is freed,
A critical vulnerability in Tabby's UAC component allowed local attackers to predict Windows named pipe names generated with a weak pseudo-random number generator, enabling them to hijack privileged communication channels before the elevated process could claim them. This pipe squatting attack could grant unprivileged users the ability to inject commands that execute with Administrator or SYSTEM privileges. The fix removes the unsafe exec() pattern and replaces the predictable pipe naming scheme