ctftool icon indicating copy to clipboard operation
ctftool copied to clipboard

Published 20 hours ago verified publisher icon taviso

Get the error while trying to connect to the server

Open streetracer87 opened this issue 6 years ago • 11 comments

I'm getting the failed message. What can cause this issue?

image

streetracer87 avatar Aug 15 '19 03:08 streetracer87

What OS is this on? 0xc0000041 is STATUS_PORT_CONNECTION_REFUSED, it might be caused by the recent changes Microsoft made if you applied the August security patches.

I haven't had time to understand the recent changes yet, but will support it soon! I think Microsoft changed the size of the connection message, so it no longer matches.

taviso avatar Aug 15 '19 03:08 taviso

Can confirm this is the August Security Update

JoeDibley avatar Aug 15 '19 13:08 JoeDibley

I had the same problem "Failed to send message to server, giving up, 0xc0000024" running the ctftool.exe with non-admin account on a Windows 7 x64 VM with no updates at all.

image

ivanquin33 avatar Aug 15 '19 17:08 ivanquin33

Confirm too. It worked before applying the security update last night, and no longer today (Win10). Looks like a quick and dirty fix

k4nfr3 avatar Aug 15 '19 20:08 k4nfr3

same issue here, although no updates done to win7, but the exploit didn't sucess, instead the user just logged out untill he pass the authentication. this message keep appearing "Failed to send message to server, giving up, 0xc0000024"

1-loginui-system-failed 2-consent-systemfailed 3-scan-connect-scan 4-winver 5-updates

ibrasec avatar Aug 20 '19 21:08 ibrasec

Any news on this?

ingm4r avatar Aug 27 '19 13:08 ingm4r

Anyone diff the August Security Update yet to see what changed? If I get some time this weekend, I'll see what I can find.

ustayready avatar Aug 29 '19 16:08 ustayready

I'm told there are more changes planned for next Patch Tuesday to address the edit session attacks, so I'm reluctant to do too much work on this until the new patches are released. I guess we'll see what happens!

taviso avatar Aug 29 '19 17:08 taviso

That makes sense. I appreciate the heads up, I may stand down until after Tuesday too.

ustayready avatar Aug 29 '19 17:08 ustayready

I went ahead and looked into the MSU, looks like the only ALPC changes I found were in CoreMessaging.dll so I diff'd pre-August vs. August. Two partial matches:

Microsoft::CoreUI::Registrar::ServerConversationOperations::RegisterConversation Microsoft::CoreUI::Registrar::RegistrarServerCaller::LocalClientDisconnected_MessageCall

Figured I'd at least update this issue with some notes in case it becomes useful.

ustayready avatar Aug 29 '19 22:08 ustayready

I'm told there are more changes planned for next Patch Tuesday to address the edit session attacks, so I'm reluctant to do too much work on this until the new patches are released. I guess we'll see what happens!

any update on this after many months? :)

Ziowebbo avatar Dec 31 '19 17:12 Ziowebbo