Defense in depth -- the Microsoft way (part 90): "Digital Signature" property sheet missing without "Read Extended Attributes" access permission

[Stefan Kanthak via Fulldisclosure <fulldisclosure () seclists org>]

Hi @ll,

about 35 years ago Microsoft began to implement their "New Technology
File System" (NTFS) for their upcoming Windows NT operating system.
NTFS supports the extended attributes of the HPFS file system which
Microsoft and IBM had developed for their OS/2 operating system before.
NTFS' initial version, released with Windows NT 3.1 in 1993, had no
access control; this was added for Windows NT 3.5, released one year
later, with separate access permissions for reading or writing data,
attributes and extended attributes
(<https://technet.microsoft.com/en-us/library/cc783530.aspx>).

About 30 years ago Microsoft introduced "Authenticode" to sign portable
executable image files (.AX, .DLL, .EXE, .OCX, .SYS, ...), cabinet
archive files (.CAB, .MSU, ...) and installer package files (.MSI, .MSP,
...) using X.509 digital certificates.
Authenticode signatures are embedded into the files' data.

At the same time Microsoft replaced the file manager as well as the
program manager shipped with their Windows operating systems by
"Windows Explorer", the graphical shell of Windows since then.
For files with embedded Authenticode signature its "Properties" shell
extension is supposed to show a property sheet "Digital Signature".

This but fails unless the "Read Extended Attributes" permission is
granted, despite this permission is NOT required to read the files'
data including any Authenticode signature.

stay tuned, and far away from bug-riddled software
Stefan Kanthak
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/