ms-cxh and ms-cxh-full handlers
2022-1-16 18:46:58 Author: www.hexacorn.com(查看原文) 阅读量:600 收藏

January 16, 2022 in Archaeology, Uncategorized

Another 2 bits I posted to Twitter — noticed that there is a built-in “ms-cxh” handler that was unknown to me (CXH stands for Cloud Experience Host) and there is also its near cousin “ms-cxh-full” (which I spotted while I was looking at the Registry settings for ms-cxh).

The first one accepts a number of strings which in return launch dedicated Dialog/Wizard offering specific Windows functionality including adding new user, changing PIN, password, etc. f.ex.:

ms-cxh://SETADDNEWUSER

ms-cxh://NTHENTNGCONLY

List of available strings I found in Windows binaries:

  • ms-cxh://AADPINRESETAUTH
  • ms-cxh://AADSSPR
  • ms-cxh://AADWEBAUTH
  • ms-cxh://FRX/AAD
  • ms-cxh://FRX/INCLUSIVE
  • ms-cxh://FRX/INCLUSIVE?start=OobeProvisioningStatus
  • ms-cxh://FRX/TEAMEDITION
  • ms-cxh://FRXRDXINCLUSIVE
  • ms-cxh://MOSET/AADLOCAL
  • ms-cxh://MOSET/CONNECTTOWORK
  • ms-cxh://mosetmamconnecttowork?mode=mdm&username=%s&servername=%s
  • ms-cxh://mosetmdmconnecttowork
  • ms-cxh://MOSETMSA
  • ms-cxh://MOSETMSALOCAL
  • ms-cxh://MSACFLPINRESET
  • ms-cxh://MSACFLPINRESETSIGNIN
  • ms-cxh://MSACXSIGNINAUTHONLY
  • ms-cxh://MSACXSIGNINPINADD
  • ms-cxh://MSACXSIGNINPINRESET
  • ms-cxh://MSAPINENROLL
  • ms-cxh://MSAPINRESET
  • ms-cxh://MSARDX
  • ms-cxh://MSASSPR
  • ms-cxh://NTH
  • ms-cxh://NTH/AADRECOVERY
  • ms-cxh://NTHAADNGCFIXME
  • ms-cxh://NTHAADNGCONLY
  • ms-cxh://NTHAADNGCRESET
  • ms-cxh://NTHAADNGCRESETDESTRUCTIVE
  • ms-cxh://NTHAADNGCRESETNONDESTRUCTIVE
  • ms-cxh://NTHAADORMDM?ngc=enabled
  • ms-cxh://NTHENTNGCFIXME
  • ms-cxh://NTHENTNGCONLY
  • ms-cxh://NTHENTNGCRESET
  • ms-cxh://NTHENTNGCRESETDESTRUCTIVE
  • ms-cxh://NTHENTORMDM
  • ms-cxh://NTHENTORMDM?ngc=enabled
  • ms-cxh://NTHNGCUPSELL
  • ms-cxh://NTHPRIVACY
  • ms-cxh://RDXRACSKUINCLUSIVE
  • ms-cxh://SCOOBE
  • ms-cxh://SCOOBE%ws
  • ms-cxh://SCOOBE/UPGRADE
  • ms-cxh://SETADDLOCALONLY
  • ms-cxh://SETADDNEWUSER
  • ms-cxh://SETCHANGEPWD
  • ms-cxh://SETPHONEPAIRING
  • ms-cxh://SETPHONEPAIRING?scenarioId=SwiftKeyCloudClipboard
  • ms-cxh://setsqsalocalonly
  • ms-cxh://TSET/ADDFAMILY
  • ms-cxh://WLT
  • ms-cxh://WLTUC

When I tested ms-cxh-full – I just ran opened “ms-cxh-full://foo” from Run dialog box and it messed up the desktop of the test system by blocking any window from being visible/interactive (with some exception for Taskbar, and Taskbar previews). Interestingly, when I posted it @SoloCarry6 and @cyb3rops pointed me to some other posts on the internet where people ran “ms-cxh-full://0” and got their desktop locked. Since no one knew how to disable it, here’s a quick solution:

  • Press WIN+R — this will open invisible Run dialog box
  • Run “taskkill /f /im UserOOBEBroker.exe” — this will terminate the “UserOOBEBroker.exe” process.

文章来源: https://www.hexacorn.com/blog/2022/01/16/ms-cxh-and-ms-cxh-full-handlers/
如有侵权请联系:admin#unsafe.sh