I guess this is what happens
when linux devs get access to a slightly more sophisticated permissions system?
After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows. A variety of releases were emitted by the team. These include the latest maintenance release, 2.35.2, along with updates for older maintenance tracks (v2.30.3, v2.31.2, v2.32.1, v2.33.2 …
Since some configuration variables (such as core.fsmonitor) cause Git to execute arbitrary commands, this can lead to arbitrary command execution when working on a shared machine.”
Git runs arbitrary commands from arbitrary locations.
Yes, it you want per-user config, it should be stored in protected per-user storage, and it you want arbitrary commands, they should be in trusted locations,
In a properly configured native program, the trusted locations would also be configured in trusted per-user storage. But the world does seem to be drifting away from properly configured multi-user PCs: most of my users consider 'sharing a PC' to be on a level with 'sharing a toothbrush' or 'sharing underwear'.
Microsoft has made it official. Windows Subsystem for Linux 2 distributions are now supported on Windows Server 2022.
The technology emerged in preview form last month and represented somewhat of an about-face from the Windows giant, whose employees had previously complained that while the tech was handy for desktop users, sticking it on a server might mean it gets used for things for which it wasn't intended.
(And Windows Server absolutely had to have the bloated user interface of its desktop stablemate as well, right?)
Microsoft has dropped a preview of its next batch of Windows fixes, slipping a resolution for broken Wi-Fi hotspots in among the goodies.
The release – KB5014668 for Windows 11 – addresses the Wi-Fi hotspot functionality broken in June's patch Tuesday alongside some less necessary features like "search highlights," which "present notable and interesting moments of what's special about each day."
KB5014697, which was released on June 14 for Windows 11, had a selection of issues. Some .NET Framework 3.5 apps might fail and connecting to a Windows device acting as a hotspot wouldn't always work. The only fix was to roll back the patch or disable the Wi-Fi hotspot feature.
Updated Microsoft's latest set of Windows patches are causing problems for users.
Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).
KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.
Microsoft has blocked the installation of Windows 10 and 11 in Russia from the company's official website, Russian state media reported on Sunday.
Users within the country confirmed that attempts to download Windows 10 resulted in a 404 error message.
Microsoft celebrated the demise of Internet Explorer by releasing another Insider Dev Channel build of Windows 11 and no, Surface Pro X users need not apply.
The wind has been sucked from the sails of Microsoft's bleeding edge build of Windows by the rapid move of the new tabbed File Explorer functionality from the Dev to the Beta Channel, possibly before all the Dev Channel Insiders had a chance to check it out.
Perhaps a shame, since build 25140 contained plenty of fixes for the new code (as well as a Euphemia typeface for languages that use the Canadian Syllabic script.)
Internet Explorer breathed its last for many users this week, and netizens have observed its passing in their own special way.
One joker chose to celebrate the passing of the former web bigwig with a tombstone where one could go and pay homage to the malign influence exerted by the browser.
Right after the latest release of the KDE Frameworks comes the Plasma Desktop 5.25 plus the default desktop for the forthcoming Linux Mint 23.
The end is nigh for support for Internet Explorer 11 on some editions of Windows 10. That is, unless users look a little too hard at Windows' internals.
Support is ending today for the Internet Explorer 11 desktop application on the Window 10 semi-annual servicing channel.
From tomorrow – June 15, 2022 – customers still clinging to the past will have to do so without the (seemingly) neverending patches for Microsoft's browser.
Microsoft has added tabbed File Explorer functionality to the Window Insider beta channel, opening up the possibility of it making an appearance in the next major Windows Update.
File Explorer Tabs turned up in the bleeding edge Windows Insider Dev Channel last week, although – as is so frustratingly often the case – Microsoft opted for a staggered rollout. (It's not as if you joined the Insider channel for the latest and greatest to actually get your hands on the latest and greatest, right?)
Since then, things went well enough for Microsoft to roll out the tabs in build 22621.160 for the Beta Channel. Build 22621 is currently in the Release Preview Channel and is expected to be the basis for Windows 11 22H2, due at some point in the coming months.
Two of the more prolific cybercriminal groups, which in the past have deployed such high-profile ransomware families as Conti, Ryuk, REvil and Hive, have started adopting the BlackCat ransomware-as-as-service (RaaS) offering.
The use of the modern Rust programming language to stabilize and port the code, the variable nature of RaaS, and growing adoption by affiliate groups all increase the chances that organizations will run into BlackCat – and have difficulty detecting it – according to researchers with the Microsoft 365 Defender Threat Intelligence Team.
In an advisory this week, Microsoft researchers noted the myriad capabilities of BlackCat, but added the outcome is always the same: the ransomware is deployed, files are stolen and encrypted, and victims told to either pay the ransom or risk seeing their sensitive data leaked.
Biting the hand that feeds IT © 1998–2022