Jump to content

MBAE 1.08 Beta Preview


pbust
 Share

Recommended Posts

  • Replies 388
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

  • Staff

Thanks for the logs @ky331 and @sman!

 

@sman, uncheck the RET ROP techniques for the Other profile under the Advanced settings to see if the problem persists.

 

@Tarnak, in your screenshot RET ROP is disabled. Do you mean that after a reboot Opera works even with RET ROP enabled?

Link to post
Share on other sites

Pedro asked "Hmm that's weird. Is anybody else experiencing the RET ROP settings becoming deactivated after a reboot?"

 

I don't know exactly when it happened, but yes, I noticed that:

all the REP ROP Gadget settings (both 32 and 64 bit)

the anti-heap spraying, and

the anti-exploit fingerprinting

were all spontaneously UNchecked on my Win7x64 Pro system.

After saving screenshots (attached), I restored to default settings and applied... and so far, they've been holding

 

 

EDIT:   I had DEactivated the IE shield on that system  --- Could that have somehow implemented these changes?

post-1081-0-67012200-1441623196_thumb.pn

post-1081-0-18178300-1441623215_thumb.pn

Link to post
Share on other sites

Hello All:

 

MBAE 1.08.1.1016 was installed over-the-top of MBAE 1.07.1.1015 Premium installs in the following two systems:

 

1.) MBAE Version 1.08.1.1016 Premium is working fine with a XP Home x86 SP3 test bed system running Microsoft Office XP (2002) where the only MBAE exclusion necessary is for Microsoft Office Excel (10.0.6871.0) 2002 (32bit) and I too needed to UNtick MBAE GUI > Settings > Advanced settings > OS Bypass Protection > MS Office/RET ROP Gadget detection (32bit) to allow Excel 2002 to launch without error. Neither M.S. Word 2002, nor M.S. Powerpoint 2002 required any additional exclusions.

 

EDIT: As expected, through the reports of others, Opera's 12.17.1863.0 32bit browser also required a similar exclusion under Chrome Browsers.

 

2.) On a Windows 10 Pro x64 system with Microsoft Office 2010, the M.S. Office applications seem to be launching/running trouble free without exclusions/changes to MBAE 1.08.1.1016 Premium so far.

 

Thank you to all.

Edited by 1PW
Link to post
Share on other sites

When I clicked on restore default I think a check was added for Dynamic Anti-Heapspraying for Browsers. I cant be sure, but I think I saw at least one check added when I clicked on restore default. I can't be positive which mitigation the check was added for, but I had the application hardening tab open when I saw the check added.

Link to post
Share on other sites

Tarnak reports an issue with Opera.  I use Opera 12.17 and find that the ROP issue occurs with this version.  I was wondering if Tarnak is using the old Opera or the current Chrome version of Opera.  The old and new Opera browsers are, I imagine, completely different from each other.

Link to post
Share on other sites

Tarnak reports an issue with Opera.  I use Opera 12.17 and find that the ROP issue occurs with this version.  I was wondering if Tarnak is using the old Opera or the current Chrome version of Opera.  The old and new Opera browsers are, I imagine, completely different from each other.

Yes would be interesting to know which version triggers it. Upon initial attempt to repro it didn't trigger with the latest Opera.

It was Opera 12.15...so, old Opera. Hope that helps. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.