Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- Computers Got Smaller, So GNU/Linux Got Bigger
- Many people here recognise the lack of urgency (or need) to get expensive new laptops
- GNU/Linux Grows at Windows' Expense and Microsoft Trolls Infest and Maliciously Target Articles About It
- Microsoft is - and has long been - organised crime
- They Say I'm Mr. Bombastic
- They didn't take good lawyers
-
- Links 09/06/2025: Science, Hardware Projects, and Democracy Receding
- Links for the day
- BetaNews is a Plagiarism and LLM Slop Hub, the Chief Editor Isn't Addressing This Problem Anymore
- SS Fagioli is basically a parasite leeching off or exploiting other people's work
- Links 09/06/2025: Chaos in Los Angeles and Hurricane Season
- Links for the day
- Links 09/06/2025: Windows TCO and Many Data Breaches
- Links for the day
- Abuse Inside the Polish Patent Office (UPRP) - Part VI: Political Stunts by Former President Edyta Demby-Siwek and the Connection to Profound Corruption at EUIPO
- it's like a money-laundering operation where one politician rewards another at taxpayers' expense
- Gemini Links 09/06/2025: Pipelines and Splitgate
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, June 08, 2025
- IRC logs for Sunday, June 08, 2025
- Links 08/06/2025: Tiananmen Carnage Censorship Persists, North Korean Goes Offline
- Links for the day
- Gemini Links 08/06/2025: Love as an Ethnographic Method and Monitorix Gemini-Frontend v0.1
- Links for the day
- Links 08/06/2025: Exposure of More GAFAM Surveillance and Social Security Records Compromised
- Links for the day
- Linux Foundation is a Mediator for Microsoft et al, Not for Small Companies That Support Rather Than Attack the GPL
- Many people still wrongly assume that because it is called "Linux Foundation", then it is pro-Linux and represents the same mindset
- This Past Friday, Confirming What We Said All Along About Brett Wilson LLP: It's Shrinking, Has Considerable Debt, Loss of Net Assets Despite the Microsoft SLAPP Money
- The documents only became publicly available less than 2 days ago
- Some of the Many Reasons We Sued Microsofters for Harassment
- perpetrators of harassment
- For 20 Years Many People Were Sharecropping for Canonical's Oligarch, Now He's Deleting All Their Contributions
- "Ubuntu has erased instead of archiving the trove of material at Ubuntu Forums"
- There Was Always Too Much 'Crazy Stuff' Going on Around Freenode
- What many IRC users lost sight of
- Exposing Crime is Not a Crime (It Never Was)
- In the eyes of rich and powerful people, those who speak about their crimes are the "criminals"
- GNU/Linux Distros Abandoning Microsoft GitHub
- Will curl be next to leave Microsoft GitHub?
- Expect More XBox Mass Layoffs Soon If the Rumours Are True
- From a Microsoft media operative
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, June 07, 2025
- IRC logs for Saturday, June 07, 2025
- Europe Needs to Move Away From GAFAM; The Sooner, the Better
- Europe - not just the EU - must abandon GAFAM as soon as possible
- The Issue Isn't GNOME's Promotion of Diversity But GNOME Corruption, Abuse, Censorship, and Worse
- So-called "Conservative" (republican, pro-Trump, bigoted) people want you to think the problem with GNOME is politics
- When the News Sources Become Scarce and Increasingly Full of Polluted/Contaminated 'Content' (With LLM Slop and Slop Images)
- Integrity matters
- "Linux" Sites That Spew Out LLM Slop
- We're lacking enough material for another "Slopwatch"
- Abuse Inside the Polish Patent Office (UPRP) - Part V: Breaking the Law, Just Like EPO
- We'll hopefully cover some of the pertinent details later this year
- Links 08/06/2025: Security Lapses, CISA Cuts, and More
- Links for the day
- Gemini Links 07/06/2025: Mime Types and Geminisphere Introduction
- Links for the day
- Links 07/06/2025: Slop Companies Retain All Private Data, More Books Banned in the US
- Links for the day
- Gemini Links 07/06/2025: "A Monk's Guide to Happiness" and "Wireless Earbuds"
- Links for the day
- Links 07/06/2025: More Rumours of Mass Layoffs in Microsoft's XBox Division, New COVID Variant
- Links for the day
- Drug Addiction is a Real Problem, It Destroys Families
- a rather sensitive matter
- Abuse Inside the Polish Patent Office (UPRP) - Part IV: Political Scrutiny and Errors/Inconsistencies in Official Documents
- When such organisations receive scrutiny they start focusing on cover-up and muzzling of facts (or crushing people who say the truth)
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, June 06, 2025
- IRC logs for Friday, June 06, 2025