Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- IBM's CEO Roasted, Sizzled and Grilled for Dumb and Inconsistent Vapourware Promises
- It looks like being a chronic liar is what it takes to lead the company once synonymous with computing
- Who Imitates Who? Plagiarist as Client (From Microsoft), 'Plagiarism' at the Law Firm?
- let's revisit the subject
-
- Links 11/06/2025: More Vulnerabilities Found in 'Smart' Phones, China Extends Reach in the Pacific
- Links for the day
- Gemini Links 11/06/2025: Grain and Steam Next Fest
- Links for the day
- Links 11/06/2025: "Quantum" Hype From IBM, US Closer to Martial Law, and “The Nation” Celebrates Milestone
- Links for the day
- IBM's Goal Is Not (and Never Was) Computer Users' Freedom
- More than 1.5 decades ago I found IBM to be an "ally of convenience" because of OpenDocument Format (ODF)
- Wayland Shows the IBM/Red Hat Way of Doing Things
- IBM is trying to 'kill' X
- GitHub is Proprietary, Controlled by Microsoft, and GPL Violation Warehouse
- "IRS tax filing software [will be] released to the people as free software" ... In general this is good news
- Slopfarm Catastrophe
- Seems like BetaNews (or BetaNoise) has just suffered a major data loss and restored the site from a week-old backup
- Abuse Inside the Polish Patent Office (UPRP) - Part VIII: Illegal Working Conditions
- How many people need to die for these people to get their massive salaries?
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, June 10, 2025
- IRC logs for Tuesday, June 10, 2025
- Links 10/06/2025: Apple Hype and Physical Attacks on Bloggers
- Links for the day
- Gemini Links 10/06/2025: Loon Lake, Farming, and Forth
- Links for the day
- Links 10/06/2025: Jaws at 50 and US Democracy Crushed Very Rapidly (Martial Law Seems Imminent)
- Links for the day
- Abuse Inside the Polish Patent Office (UPRP) - Part VII: Washing Their Hands After Corruption and Abuse
- "Tragedy or comedy?"
- Culling Bad RSS Feeds of Bad Sites
- Not throwing out the baby with the bathwater
- If 'Microsoft v Techrights' is Dealt With by a 'Microsoft Court' (or a Court Outsourced to Microsoft)
- More on that later
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, June 09, 2025
- IRC logs for Monday, June 09, 2025
- Gemini Protocol Turns Six in 10 Days From Now
- If you haven't tried it yet, then give it a go today
- Live as You Preach
- technology is fast becoming dysphoric
- Gemini Links 09/06/2025: Addition Addiction and Nitride
- Links for the day
- Links 09/06/2025: Science, Hardware Projects, and Democracy Receding
- Links for the day
- Computers Got Smaller, So GNU/Linux Got Bigger
- Many people here recognise the lack of urgency (or need) to get expensive new laptops
- BetaNews is a Plagiarism and LLM Slop Hub, the Chief Editor Isn't Addressing This Problem Anymore
- SS Fagioli is basically a parasite leeching off or exploiting other people's work
- Links 09/06/2025: Chaos in Los Angeles and Hurricane Season
- Links for the day
- GNU/Linux Grows at Windows' Expense and Microsoft Trolls Infest and Maliciously Target Articles About It
- Microsoft is - and has long been - organised crime
- They Say I'm Mr. Bombastic
- They didn't take good lawyers
- Links 09/06/2025: Windows TCO and Many Data Breaches
- Links for the day
- Abuse Inside the Polish Patent Office (UPRP) - Part VI: Political Stunts by Former President Edyta Demby-Siwek and the Connection to Profound Corruption at EUIPO
- it's like a money-laundering operation where one politician rewards another at taxpayers' expense
- Gemini Links 09/06/2025: Pipelines and Splitgate
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, June 08, 2025
- IRC logs for Sunday, June 08, 2025