Monthly Archives: October 2013

Windows 8.1 Security Bug – This Is It!

This is a full story about a bug I found in September 20, 2012.
I participated in the Mitigation Bypass Bounty program and informed Microsoft about a bug in Windows Vista-8.1 and Windows Server 2008-2012 R2, but they ignored it.

Windows 8.1 Bug

You can read all my previous posts about the bug:

22/09/2012 – Marcin Evil – Windows 8 RTM Hack!
16/05/2013 – Did Microsoft not learn anything?
29/05/2013 – Keep Calm and Hack The Planet!
23/06/2013 – Mitigation Bypass Bounty
26/06/2013 – Windows 8.1 Preview Bug – First Hack Ever!
30/09/2013 – Windows 8.1 RTM – still buggy!
12/10/2013 – Windows Security Bug on eBay!
20/10/2013 – Windows 8.1 Bug Disclosure – Final Countdown!

Windows 8 and 8.1 Platform Integrity Architecture (basics)

Windows 8 and 8.1 Platform Integrity Architecture (basics)

Looking for the Weak Link 

Looking for the Weak Link

A Weak Link

A Weak Link

We can use the Narrator from the Ease of Access Center in Windows 8.1
It can use a text-to-speech voice from other installed software.

Third-party Software

I will use IVONA Software, an award winning developer and provider of Text-to-Speech (TTS). January, 24th 2013 Amazon announced that it is acquiring Ivona.
You can download a free trial version here: http://www.ivona.com/en/voices/

Looking for a Bug

We would like the third-party software to show a message window on the Login Screen. Login Screen Bypass Theory:

  1. Some programs may display error messages when you try to use them in the wrong way. For example: change the system date to see activation window.
  2. If the error messages contain links try to run web browser.
  3. In IE, press the Alt key to display the Menu bar and click:
    File > Open > Browse, or press Ctrl+O > Browse.
  4. Use web browser to browse the computer for desired program
    (Run as an Administrator)
  5. Done!

Looking for a Bug

Step-by-Step Guide

  1. Change the system date to April 1st, 2013 or at least 30 days back.
  2. Download and install the IVONA 2 Text-to-Speech from: here
  3. Set the correct system date and time on your computer.
  4. Sign Out or Restart your Windows 8.1 system.
  5. Click the “Ease of Access option” icon on the Login Screen.
  6. You will see the following messages: “Ivona 2 Voice – Click to activate!” – click on it.
    Guide 1
  7. Click on “Buy now” link, it will run a web browser (IE, Chrome or other).
    Guide 2
  8. Important! Close the “IVONA Products Activation” window.
  9. In your browser, press: Ctrl+O > Browse.
     Guide 3
  10. Browse the computer for the program you want to run (run as an Administrator). This option is available in the context menu when you right-click on an executable file.
  11. You can use Task Manager (C:\Windows\System32\Taskmgr.exe) or Command Prompt (C:\Windows\System32\cmd.exe) to start other programs.
    Guide 4
  12. It can be done remotely via Remote Desktop (i.e. TeamViewer).

The Limitations

  • Try to run only one program for better stability, if you run more this causes the programs to crash.
  • Some programs won’t start and causes an error.
    For example Control Panel (C:\Windows\System32\control.exe)
  • Some programs may work, but not as you expect.
    For example Windows Explorer (C:\Windows\explorer.exe)

Final Words

Is it Text-to-Speech Voice’s or Microsoft Narrator’s bug?

I think Microsoft overlooked that you have to pay for most of the TTS Voices. The activation window will pop up and this is not a bug!

And now a response from Microsoft:

Yes, this does appear to be a security bug in the third party speech software, which should not allow a user to leverage any function outside of the speech functionality without login.

But why Windows allows web browser (IE, Chrome or other) to start and access to data at the logon screen? Please feel free to leave your comments below!

Author: Marcin Grygiel (First Ever)

Facebook Plusone Twitter Email

Windows 8.1 Bug Disclosure – Final Countdown

As you know I sold my Windows 8.1 Security Bug on eBay: here.
This is surprise for me! The winner of the auction has agreed and
I will disclose all information about the bug on October 21, 2013!
BTW, how can I find a good doctor? 😉

Windows 8.1 Bug - Disclosure Final

Facebook Plusone Twitter Email

Windows 8.1 not for gamers?

This is bad news for gamers who use Logitech (all) mouse on Windows 8.1. It doesn’t metter what settings you choose, it is not possible to increase the USB polling rate via software or hardware over 180 Hz! In most cases, this is incompatible driver issue. I hope Logitech will fix this, or is this another Windows 8.1 bug?

Logitech & Windows 8.1

Logitech G700 (Logitech Gaming Software 8.50.281) on Windows 8.1

Logitech Bug on Windows 8.1

If anyone else has tried it, please share your results in comments. Download Mouse Rate Checker 1.1b – a little program that measures and displays the sample rate of a mouse – here.

Facebook Plusone Twitter Email

Windows Security Bug on eBay!

I followed the advice of my readers and I decided to sell all information about a bug in Windows, which allows you to bypass the login password. I wonder if someone will buy it. If not, I will disclose all information about the bug for free on my website!

Windows Bug on eBay

I would like to remind you that, I participated in the Mitigation Bypass Bounty program and informed Microsoft about a bug in Windows Vista-8.1 and Windows Server 2008-2012 R2, but they ignored it. 

If you want to take part in the auction, you can bid online at : eBay

Facebook Plusone Twitter Email