Shawn BrinkMar 12
How to Add or Remove "File History" Context Menu in #Windows11 and #Windows10 #FileHistory
https://www.elevenforum.com/t/add-or-remove-file-history-context-menu-in-windows-11.45248/
Leo ☕Nov 3, 2024

File History does not replace a full backup.

File history is not a replacement for system image backup If for example your entire hard drive fails It's your system image backup that will allow you to restore your system

https://askleo.com/164161 article #164161

#FileHistory #Windows11Backup #FileBackup #DataProtection #WindowsTips #BackupStrategy #FileSafety #TechTips #DataSecurity #WindowsControlPanel #ExternalDriveBackup #BackupEssentials #ImageBackup #ComputerSafety #MicrosoftWindows

Enable File History in Windows 11

File History can be a useful component of a larger backup strategy. I'll show you how to set it up.

Ask Leo!
🛡 [email protected]/:~# Sep 6, 2023

"🛡️ Windows File History Service Flaw: Privilege Escalation Alert! 🛡️"

A recently discovered flaw in Windows's File History service can be exploited by threat actors to escalate privileges. Microsoft has already released patches, so update now! 🛠️🔒

A critical security vulnerability has been discovered in the Windows File History Service (FHSVC.DLL), which can be exploited by local users to gain elevated privileges on the Windows operating system. This vulnerability was identified by an independent security researcher in collaboration with SSD Secure Disclosure and was recognized as one of the winners of TyphoonCon's TyphoonPWN 2023 competition in the Windows PE category.

Vendor Response:
Microsoft has acknowledged the vulnerability and released a fix, which is available for download from the following link: Microsoft Security Response Center - CVE-2023-35359.

Technical Analysis:
The vulnerability resides within the File History Service, which runs with system-level privileges. Local users can initiate the service, and during its startup, a specific vulnerable function within the core file (fhsvc.dll) is triggered. This function, called CManagerThread::QueueBackupForLoggedOnUser, simulates the currently logged-in user and loads fhcfg.dll. This behavior is the root cause of the vulnerability.

The exploitation process involves the following steps:

  • Creating a symbolic link of C: pointing to a fake directory (e.g., C:\Users\Public\test).
  • Leveraging a constructed manifest file (test.manifest) to manipulate the loaded DLL path.
  • Using a specially crafted second manifest (manifest.manifest) to specify additional dependencies, including msasn1.dll.
  • Exploiting the msasn1.dll loading process by taking advantage of the file history service's characteristics.

    • The vulnerability allows an attacker to escalate privileges from an ordinary user to system privileges, but it doesn't grant the SeIncreaseQuotaPrivilege privilege directly. However, the service does possess the SeImpersonatePrivilege privilege, which can be leveraged to execute a scheduled task with system account privileges.

    🔗 Source: Cyber Security News by Eswar and https://ssd-disclosure.com

    🏷️ Tags: #Windows #FileHistory #PrivilegeEscalation #InfoSec #CyberSecurity

    Windows’s File History Service Flaw Let Attackers Escalate Privileges

    A Privilege Escalation was recently discovered which affects Windows’s File History service and can be used by hacker to escalated privileges.

    Cyber Security News