Eye on Security: Vista 7 is 'Secure', They Promised

Dr. Roy Schestowitz

2010-11-30 21:34:07 UTC
Modified: 2010-11-30 21:34:07 UTC

Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news

● Breaking That Other OS

Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7Ã¢â¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?

This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.

● 'Nightmare' kernel bug lets attackers evade Windows UAC security

Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.

One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.

● Newly discovered Windows kernel flaw bypasses UAC

Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).

The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.

Gemini Links 21/08/2025: The Attraction of Back Alleys, Initramfs, and BSD ISPs: Links for the day
Slopwatch: Sites Gone Rogue, Google Promoting Lies, and DDoS Attacks by Plagiarism Giants: Charlatans and frauds engage in a war against artistic industries, mislabeling plagiarism as "AI"
Links 21/08/2025: Covid Cases on the Rise, "Social Media Trolls", Russia's Attacks Intensify: Links for the day
Links 21/08/2025: Stephanie Shirley Dies and "Groklaw Domain Hijacked?": Links for the day
Search in 2025 (Age of DDoS Attacks Under the Guise of "AI" "Innovation"): One common concern when things go "live" is that any random bot out there can execute queries, pumping up RAM and CPU usage, as happened when we used MediaWiki and WordPress
Using Slop for Images Does Not Make Your Site Look Advanced or Witty, It Just Makes Your Whole Work Look Like Presumed Plagiarism: Lazy slobs and Serial Sloppers use the guise/excuse of "AI" to plagiarise and spam the Web
Financing of the "Hey Hi" (AI) Bubble by Those Who Profit From Planetary Destruction (Global Warming): It's about personal gain, too
Richard Stallman Will Speak in Ethereum Cypherpunk Congress: it's good to see that the FSF pays considerable respect to it founder, who is moreover invited to speak at events
(At Least) Second Wave of Mass Layoffs in Microsoft This Month: This is not the first time this month that Microsoft has mass layoffs
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 20, 2025: IRC logs for Wednesday, August 20, 2025
IBM Operatives Inside The Register MS and More Shady Money to Follow: The Register MS bites every banknote it can sink its teeth into
On the Internet, Nobody Knows Microsoft and Windows Are Becoming Niche Players Until Data is Shown Correctly, Not Microsoft-Sponsored Articles in Microsoft Publishers: Microsoft controls a lot of publishers and thus it controls information
Slopwatch: Serial Sloppers and Slopfarms in Google News (e.g. Linux Journal and WebProNews): Google plays an active role (if not deliberately then through utter neglect and carelessness) in plagiarism
Links 20/08/2025: Mass Surveillance Framed as "Artificial Intelligence" (All Old Things Reworded to Misframe Old Computer Issues), Europe Resists Capitulation to US(SR): Links for the day
Gemini Links 20/08/2025: Trips and Permacomputing: Links for the day
Links 20/08/2025: Oracle Layoffs in India, "AI" Scammers/Profiteers Admit It's a "Bubble", Softbank-Saudi (Oil) Control Tech Companies: Links for the day
Social Control Networks Give You False Metrics to 'Addict' You To Them: Leaving social control media may seem hard, but the same is true for any other addiction
A Lot of What Happened in Twitter Was Bots, Botfarms, and Troll Farms. It's Even Worse Now (Under X.com) and People Are Noticing.: Last month we said the same was happening in YouTube
Microsoft May Have Become - at Least Partially - Like a Boiler Room Scam: Giving imaginary salaries using imaginary tokens based on imaginary value (with restrictions on conversion to cash)
In Vietnam, Microsoft's Search Engine "Market Share" Fell to Almost 0%, CocCoc More Than 5 Times Bigger: Why are people still investing in this company?
All That's Left of MSNBC (Microsoft-NBC) is Microsoft NOW: When plutocrats and large corporations (even deep in debt) buy all the communication channels
The Register MS, Paid to Promote "AI" Hype, Does "Sez" (Says) Pieces: every bubble-funded "news" site tries to make it a story about "AI"
Many Companies Are Run by Liars Who Ride Other People's Money: Or steal it
Before CoreAI There Was Builder.ai: GitHub isn't about "AI" (just a bunch of lies and storytelling for shareholders' patience)
Microsoft Windows in Croatia at New Lows: We've been keeping track of this trend for a while
Using the Best Tool/s for the Job: RSS Feeds and RSS Readers: Use RSS feeds. Reject those "modern" Web things
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, August 19, 2025: IRC logs for Tuesday, August 19, 2025
Gemini Links 20/08/2025: Neovim, XML, and Alhena 5.2.9: Links for the day
Accessibility Isn't Overrated: Making things simpler typically means better accessibility
The Register's Slopfest: Remember when The Register UK (yes, UK) had better standards?
Latest Version of Windows (Vista 11) is a Failure 4 Years After Its Fake 'Leak': Vista 11 became more scarce this month
Improving Our Archives: Our old archives are still accessed a lot. Making them better is well worth the investment.
Things One Learns as a Litigant in Person at the UK High Court: Don't fear the official manuals
Slopwatch: Lots of Fake Articles From Fake "Linux" Sites and About "Linux": Google says it's committed to "AI" (it means slop, not AI); that seems like an excuse to dodge accountability
Links 19/08/2025: "Eavesdropping on Phone Conversations Through Vibrations" and Air Canada in Chaos: Links for the day
Gemini Links 19/08/2025: Niche Spaces and "AI Pasta Sauce": Links for the day
Links 19/08/2025: "NASA Is Giving Up on Climate Change Science" and "Earth's Continents Are Drying Out at an Unprecedented Rate": Links for the day
Microsoft said “GitHub and its leadership team will continue its mission as part of Microsoft’s CoreAI organisation.” But it's just an empty shell created earlier this year.: In short, it's not too clear what Microsoft has just done except dumping GitHub - i.e. mostly a Web site that loses a ton of money (it always lost money) - into some mysterious new bucket
Phil Wyett evidence & Debian Zizian plagiarism, modern slavery tendencies: Reprinted with permission from Daniel Pocock
IBM Layoffs in MCC, or Marketing, Communications and Corporate Social Responsibility (CSR): IBM and Microsoft inflate their share price by circular financing
In Many Countries People Move Away From Vista 11: Vista 11 has been available for download for 4 years already, but adoption has been poor
Desktops/Laptops Fall to All-Time Lows in the UK, So Why Does British Media Quote a Famous Criminal on "End of the Smartphone Era"?: mobile usage (for Web access) has never been higher, based on an Irish surveyor, statCounter
The Groklaw Web Site Has Been Hijacked by Scammers: Groklaw.net isn't a safe site to access at this time
The Register MS gets Lazy, Uses Slop: Unlike 3-D renderings or "Classic" CG, slop images aren't quite original and definitely not fair use
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, August 18, 2025: IRC logs for Monday, August 18, 2025
Online Safety Act Does Not Tackle the Worst (and Biggest) Culprits: if our governments are serious about tackling online harms, then they need to look closely at GAFAM and social control media giants
Chat Control (1 and 2) in the European Union Sends the Wrong Message: This is an EU law
Slopwatch: Google News and Serial Sloppers (Fake Articles About "Linux"): Calling out the culprits
Gemini Links 19/08/2025: Digital Legacy and Chat Control: Links for the day

Eye on Security: Vista 7 is 'Secure', They Promised

Recent Techrights' Posts