Basically, its a windows lpe race condiction poc that had a VERY LOW CHANCE OF BEING EXPLOITED (mhm mhm, yes yes), that abuses interactions between:
- the windows cloud files api (cldapi.dll)
- registry symbolic links
- the sh*t handling of privileged registry operations
- and last but not least, impersonation token confusion
Basicaly, the exploit is trying to trick a priviliged cloud files operation into operation on a registry path that you/a attacker dictates.
As most people will probably very quickly notice, this is EXTREMELY unreliable, since its dependent on scheduler timing, cpu speed, cloud files service state, onedrive being integrated and exact windows build internals, and basically any even microscopic changes can break it.
So, what can you do to protect yourself?
as always a 100% reliable and working fix is turning off your wifi.
Jokes aside, keep your windows on the newest patches, if you dont use or depend on cloud files heavily just disable them until it gets patched by microsoft, and just monitor anything thats trying to use the cloud files api, especially constant queries to it (if you really cant turn the service off)
Basically, its a windows lpe race condiction poc that had a VERY LOW CHANCE OF BEING EXPLOITED (mhm mhm, yes yes), that abuses interactions between:
Basicaly, the exploit is trying to trick a priviliged cloud files operation into operation on a registry path that you/a attacker dictates.
As most people will probably very quickly notice, this is EXTREMELY unreliable, since its dependent on scheduler timing, cpu speed, cloud files service state, onedrive being integrated and exact windows build internals, and basically any even microscopic changes can break it.
So, what can you do to protect yourself?
as always a 100% reliable and working fix is turning off your wifi.
Jokes aside, keep your windows on the newest patches, if you dont use or depend on cloud files heavily just disable them until it gets patched by microsoft, and just monitor anything thats trying to use the cloud files api, especially constant queries to it (if you really cant turn the service off)