Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- Traf-O-Data, the Company That Jeffrey Epstein's BFF (Bill Gates) (Co)Founded 53 Years and Went Out of Business Due to Heavy Losses
- Who will die first, Bill or Microsoft?
- A Note on SimilarWeb
- Or why SimilarWeb is meaningless for more than 99% of the sites on the Web
- IBM Said to be Shutting Down Offices or Sites in the United States
- the press can no longer avoid admitting that IBM moves many jobs to India
- LLM Slop as Attack Vector on the Reputation of Linux
- The attacks on Linux have escalated to information warfare
-
- Links 04/04/2025: Fury in South Korea, Flight MH370 Remains Mystery
- Links for the day
- Gemini Links 04/04/2025: Anger and Raspberry Pi CM4
- Links for the day
- Links 04/04/2025: LLM Slop Bubble Bursting and Korea Music Copyright Association Bans Slop 'Music'
- Links for the day
- Why Microsoft's Shares Sank Almost 20% in Recent Months (the Bubble is Imploding)
- verified press reports from the past 24 hours
- GNU/Linux Rises to Almost 5% in Algeria While Windows Sinks to All-Time Low
- GNU/Linux grew tenfold
- Where to Get More Gags
- A valued reader recommended that to us
- Links 04/04/2025: Tech Stock (Inc. GAFAM) Fall, Google Pretends to Do End-to-End Encrypted Emails (With Google in Control)
- Links for the day
- To Participate in Fedora Diversity You Must Use Proprietary Software
- Not for the first time either
- Yandex About to Be Three Times Bigger Than Microsoft (Bing) in Asia
- That's about 60% of the world's population
- Gemini Links 04/04/2025: Decoupling Updates, Elaho as Gemini Client
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, April 03, 2025
- IRC logs for Thursday, April 03, 2025
- Microsoft's Trouble in Africa and Asia
- A new all-time high for GNU/Linux
- Brett Wilson LLP Reported to the Solicitors Regulation Authority (SRA)
- The saddest thing in all this is that law firms can maintain high standards shall they wish to
- Links 03/04/2025: Tariff Pains and C.D.C. Cuts
- Links for the day
- StatCounter: Microsoft is Masking a Disaster, It's Way Behind DeepSeek Already and Interest in LLMs Has Waned
- it turns out the money "raised" for "Open" "AI" may not even exist at all
- Links 03/04/2025: SoftBank Money for Microsoft "Open" "AI" Probably Doesn't Even Exist, Wikimedia Foundation Blasts LLM Nuisance While Microsoft Admits Demand Has Shrunk
- Links for the day
- Gemini Links 03/04/2025: Patch Panel and Pictures
- Links for the day
- Islamic Republic of Iran: GNU/Linux at All-time High This Month, Windows Falls to 12%
- Vista 10 is up this month despite being "end of life" (EoL) soon
- Indonesia: All-Time Highs for GNU/Linux
- What's noteworthy right now is the growth of GNU/Linux
- statCounter Says GNU/Linux Usage is Up Again (Internationally)
- some preliminary April data
- Only on April 1st Can the Free Software Foundation Associate With Microsoft's Open Source Initiative (OSI)
- We saw some pranks that day linking the FSF to Microsoft (e.g. "endorsing" Windows)
- Confirmed in the Mainstream Media: A Lot of Microsoft "Workloads" Were Just LLM Slop (Helping to Fake Growth for Years, as Microsoft Had Paid "Open" "AI" to Become a "Client") and Demand is Rapidly Waning, Datacentres Canceled and/or Shut Down
- Anything to facilitate further accounting fraud
- Taiwan's Media Covers Closure of Microsoft's "AI" Lab, It's Time to Talk About the Gradual Death of Windows and Implosion of the "AI" Bubble
- Earlier this week we showed that mostly Asian media had the 'nerve' to mention Microsoft silently shutting down its 'AI' lab
- IBM Gets Rid of Kelly Chambliss as Mass Layoffs Reported in IBM Consulting, IBM Loses Key Contracts/Graft
- IBM Consulting has been in disarray lately
- More Gains for GNU/Linux, Based on Web Surveys
- the Steam site shows rapid growth for "Linux" this month
- Slopwatch: Anti-Linux Articles, Not Even Written by Humans
- Why aren't Web sites more vocal about this problem?
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, April 02, 2025
- IRC logs for Wednesday, April 02, 2025
- Links 03/04/2025: Apple Fined Over Secret Surveillance, "Elegant Writer For A More Civilized Age"
- Links for the day
- Gemini Links 02/04/2025: Books and Cold Tea
- Links for the day
- Links 02/04/2025: More Layoffs, Nokia Again Takes Advantage of Illegal and Unconstitutional Patent Court With Nokia Staff as 'Judges'
- Links for the day
- Links 02/04/2025: Seizures and Returns to Windows of 24 Years Ago
- Links for the day
- LLM Slop Helps Obscure and Distort News About Layoffs (IBM, GAFAM)
- It's hard to find accurate information
- Links 02/04/2025: Microsoft Developers Are Threatening to Go on Strike, World Backup Day Noted
- Links for the day
- Gemini Protocol Has Growing Appeal (the Web Got Too Bloated and Full of LLM Slop)
- For any "data plan" with bandwidth limits or "tiers" it would be cheaper to use/browse Geminispace
- The Web Can Survive LLM Slop, But Only If We Collectively Shun and Discourage Serial Sloppers
- Doing nothing ought not be a possibility
- Amid Secret Shut-downs and Mass Layoffs at Microsoft (4 Waves of Layoffs in 3 Months of 2025) Some Microsoft Staff Expected to Go On Strike
- workers going on strike
- Gemini Links 02/04/2025: No more on Mastodon and Gemini Mention Script in Go
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, April 01, 2025
- IRC logs for Tuesday, April 01, 2025
- My Motion Disbarring or “Striking Off” Brett Wilson LLP for Enabling Violent Americans Who Try to Crush Microsoft Critics in the United Kingdom by Multiple SLAPPs
- "Guns for hire" (for Microsoft people who received Microsoft salaries)
- The U.S. Patent and Trademark Office Hijacked Again by Patent Litigation Industry, as President Cheeto Prioritises Aggressors
- The "mafia" has taken over the "industry" and the Federal system (justice and constitutions trampled upon)
- Ubuntu Slop and FUD Manufactured With LLMs and Funded (by Oneself) 'Studies'
- Slop and FUD are ruining the Web