Complete Domain Takeover
Ransomware folks can now go from simple RDP access to complete domain takeover in a few secs, till Microsoft patches arrive.
Admins must be shaking.
The day has a 'y' in it, so it must be time for another zero day to drop for a Microsoft product. In this case, a local privilege-elevation vulnerability to gain control of fully patched Windows 10, 11, and Server systems up to the 2022 build. Dubbed InstallerFileTakeOver by its author Abdelhamid Naceri, the proof-of-concept …
Sorry but that guy is a Muppet and deserves a public birching.
If he has beef with Microsoft then he should take it up with them not put the livelihoods of many people at risk because he feels a bit short changed. I wonder how many people could be victims of Ransomware because of his selfish actions. Or worse still how many people could could suffer life changing injuries or die if a hospital was attacked?
He is nothing but selfish wanker.If you don't like what MS pay go and find fault with some other company or even get a proper job and see the misery that people like you cause to the rest of us.
I really think it is time that governments made it illegal to reveal exploits in this way especially Google.
Really? Woke up on the wrong side of the curb?
Ok, usually I would agree with you on how not to disclose exploits, and there is a history of irresponsible disclosures, and those quite often originate at a hand full of companies (ok, mostly one). However this one is (if I interprete the article correctly) merely an extension of an earlier CVE, one that MS faild to patch correctly. Again. This means the information is already out there, and "security through obscurity" just won't work (well, even less than usually).
It seems to be better when the EU issues guidelines prohibiting to store privacy sensitive information on MS servers and accountants should refuse to sign off financial reporting from companies whose business critical systems involve MS products.
MS is a joke, not something people should do things with that may harm others.
Microsoft has made it official. Windows Subsystem for Linux 2 distributions are now supported on Windows Server 2022.
The technology emerged in preview form last month and represented somewhat of an about-face from the Windows giant, whose employees had previously complained that while the tech was handy for desktop users, sticking it on a server might mean it gets used for things for which it wasn't intended.
(And Windows Server absolutely had to have the bloated user interface of its desktop stablemate as well, right?)
Microsoft has dropped a preview of its next batch of Windows fixes, slipping a resolution for broken Wi-Fi hotspots in among the goodies.
The release – KB5014668 for Windows 11 – addresses the Wi-Fi hotspot functionality broken in June's patch Tuesday alongside some less necessary features like "search highlights," which "present notable and interesting moments of what's special about each day."
KB5014697, which was released on June 14 for Windows 11, had a selection of issues. Some .NET Framework 3.5 apps might fail and connecting to a Windows device acting as a hotspot wouldn't always work. The only fix was to roll back the patch or disable the Wi-Fi hotspot feature.
A security flaw in Apple's Safari web browser that was patched nine years ago was exploited in the wild again some months ago – a perfect example of a "zombie" vulnerability.
That's a bug that's been patched, but for whatever reason can be abused all over again on up-to-date systems and devices – or a bug closely related to a patched one.
In a write-up this month, Maddie Stone, a top researcher on Google's Project Zero team, shared details of a Safari vulnerability that folks realized in January this year was being exploited in the wild. This remote-code-execution flaw could be abused by a specially crafted website, for example, to run spyware on someone's device when viewed in their browser.
Updated Microsoft's latest set of Windows patches are causing problems for users.
Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).
KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.
Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances.
The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.
This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come.
UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.
Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.
In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].
Microsoft has blocked the installation of Windows 10 and 11 in Russia from the company's official website, Russian state media reported on Sunday.
Users within the country confirmed that attempts to download Windows 10 resulted in a 404 error message.
Microsoft celebrated the demise of Internet Explorer by releasing another Insider Dev Channel build of Windows 11 and no, Surface Pro X users need not apply.
The wind has been sucked from the sails of Microsoft's bleeding edge build of Windows by the rapid move of the new tabbed File Explorer functionality from the Dev to the Beta Channel, possibly before all the Dev Channel Insiders had a chance to check it out.
Perhaps a shame, since build 25140 contained plenty of fixes for the new code (as well as a Euphemia typeface for languages that use the Canadian Syllabic script.)
If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.
First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.
Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.
A GitHub bug could have been exploited earlier this year by connected third-party apps to hijack victims' source-code repositories.
For almost a week in late February and early March, rogue applications could have generated scoped installation tokens with elevated permissions, allowing them to gain otherwise unauthorized write or administrative access to developers' repos. For example, if an app was granted read-only access to an organization or individual's code repo, the app could effortlessly escalate that to read-write access.
This security blunder has since been addressed and before any miscreants abused the flaw to, for instance, alter code and steal secrets and credentials, according to Microsoft's GitHub, which assured The Register it's "committed to investigating reported security issues."
Biting the hand that feeds IT © 1998–2022