Google’s Project Zero has called-out Microsoft for white-listing the auto-run of Flash by site.  This allowed specific sites to run Flash without users approving/denying the action. This is seen by many as a mechanism for future vulnerabilities. Microsoft appeared to want to hide this capability as the web sites are listed in a .bin file as hashes rather the more traditional .txt plain-text configuration file. After the call-out out about 90 days ago, Microsoft paired back the white-list to just two entries. Both entries are for Facebook sites. The hash file is at
C:Windowssystem32edgehtmlpluginpolicy.bin
The record layout is
sha256 hash (domain name) followed by a permission mask.

SOURCE

Google Project Zero

Keywords: flash auto-run bypass

Troy Frericks.
blog 2-Mar-2019
=
Copyright 2015-2019 by Troy Frericks, http://cybersecurityblog1.frericks.us/.
#

Written by Troy Frericks

Leave a Comment

Your email address will not be published. Required fields are marked *