Project Zero's Deep Dive into Windows Registry: 2 Years, 53 CVEs
Mateusz Jurczyk of Google Project Zero spent two years deeply researching the Windows Registry, uncovering 53 CVEs in the process. His research highlights the complexity of the registry as a local privilege escalation attack surface, detailing security issues stemming from its large, legacy codebase written in C. The research covers various vulnerability classes including memory corruption, information disclosure, and logic bugs, analyzing various attack entry points such as hive loading, app hives, and direct system calls. The research also emphasizes how the registry's self-healing mechanisms impact security auditing, and the challenges of unclear boundaries between strict format requirements and conventions. Finally, the post summarizes exploitation primitives and discusses strategies and difficulties in registry fuzzing.