Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- Thankfully We've Made Copies of More Interesting Data From statCounter
- If statCounter (the Web site or the 'webapp') vanished overnight, we'd still have something left of it
- More Silent Layoffs at IBM/Red Hat
- when the media counts such layoffs or presents tallies the numbers are very incomplete
-
- Following the Line of Cocaine All the Way to the Top
- Even a million denials and spin-doctoring won't distract from the core issue
- The Cocaine Patent Office - Part I: António Campinos Brought Corruption and Nepotism to the EPO, Then Came the Cocaine
- High-level manager at the European Patent Office (EPO) caught in public with cocaine, the Office has some answering to do
- Purchasing/Possessing Computers Isn't the Same as Controlling Computers
- Let's strive to put computers back under the control of their users, no matter who purchased these (usually the users)
- Gemini Links 27/10/2025: Alhena 5.4.3 and Fixing Bash
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, October 26, 2025
- IRC logs for Sunday, October 26, 2025
- Links 26/10/2025: Microsoft Spies on Gamers, Open Transport Community Conference
- Links for the day
- Links 26/10/2025: LLM Slop / Plagiarism Programs Continue to Disappoint, CISA Layoffs Threaten Systems
- Links for the day
- Gemini Links 26/10/2025: Gemsync and Joining the Small Web
- Links for the day
- India.com a Click-baiting, SEO-Spamming, Slopfarming Heap
- They do this almost every day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Saturday, October 25, 2025
- IRC logs for Saturday, October 25, 2025
- Without XBox Consoles, XBox is No More, It's Just a Brand (More Rumours of Microsoft Ending XBox, Then Laying Off Lots of Staff)
- All signs indicate that Microsoft wants to "exit" the XBox business (not brand), but it does not want to publicly admit this as it would alarm staff and shareholders
- Gemini Links 25/10/2025: Portugal, Midnightpub, and "Tech Right Admins"
- Links for the day
- Almost 2026 Already (When We Turn Twenty)
- In just over a year the site will turn 20
- When "Sponsored Feature" in The Register MS Means Ponzi Scheme Promotion From the Communist Party of China (CPC)
- the promotion of a financial scam
- Week of EPO Leaks: Workers of the EPO Are Getting a Pay Cut While Prices Rise Fast
- More to come in the next few days
- Microsoft is Finally Giving Up on XBox, The Chief Says the Grapes Are Sour Anyway
- Microsoft loses hundreds of dollars on each XBox that it sells
- Slopwatch: LinuxSecurity, UbuntuPIT, and Various Slopfarms Propped up by Google News
- Why can't Google News do better than this?
- Links 25/10/2025: Two New Smokescreens for Scam Altman and ‘TikTok USA’ Remains in Limbo
- Links for the day
- Bad faith: can't change Debian Social Contract (DSC) without unanimous consent of every joint author
- Reprinted with permission from Daniel Pocock
- Confirmed: Very Close Friend of Bill Gates and Microsoft's Biggest Patent Troll Nathan Myhrvold Flew the Lolita Express (a Gateway to Pedophilia), According to Bill Gates-Sponsored Seattle Times
- There is no speculation or any "conspiracy theories" here;' those are verified facts
- Gemini Links 25/10/2025: "The Highest Leader of The Global Civil Society Community", SSL Certificates Causing Bitrot
- Links for the day
- Links 25/10/2025: Target Layoffs and "Shutdown Sparks 85% Increase in US Government Cyberattacks"
- Links for the day
- "Big Data" Was a Big Lie
- Remember "Big Data"? Remember "Data Scientists"...?
- statCounter Has Been Broken for a Long Time
- Considering the huge proportion of Web requests that come from LLM bots (more so this past year or two), statCounter may struggle to justify the operating costs
- Techrights Anniversary Party on November 7th
- Let us know if you need any accommodation-related arrangements
- Trends That Must Alarm Microsoft and Mozilla
- Expect Firefox to no longer be supported by various sites in the US
- Why Microsoft Became the Layoffs Leader
- The corporate media is projecting or signalling its own dishonesty when it tells us that Microsoft is a very "valuable" company while the data shows Microsoft is also a "market leader" in layoffs
- Speaking for Ourselves and Letting the Facts Speak for Themselves
- we've already published over 50,000 pages
- For Second Time in a Day The Register MS Takes Money From Private Companies to Sell a Ponzi Scheme
- Do not have empathy for those who have zero empathy towards you
- IBM is Misleading IBM Shareholders
- IBM is still all about vapourware and buzzwords
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, October 24, 2025
- IRC logs for Friday, October 24, 2025