Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- What LibreOffice and TDF Get Right About Document Formats (and What They Get Wrong)
- OOXML is a phantom - it is something nobody implements, not even Microsoft!
- Cannot Speak About IBM Wrongdoing or Jobs Being Sent Overseas (Lower Salaries)
- IBM has long attacked the media, the whistleblowers, and even online forums
- European Patent Office (EPO) Series: The CIA-Funded Centre-Left in Portugal
- In the political turmoil which followed the fall of the old regime, the communists seemed to be acquiring a dominant position and there was a very real risk that Portugal could end up aligned with the Eastern Bloc if they were not stopped
- Yesterday Afternoon The Register MS Published a Fake Article That Says "AI" 31 Times Because It Got Paid to Do This
- What will happen when all those loans for slop (Ponzi scheme) stop and companies' marketing budgets - which include media bribes for hype campaigns - are no more?
- Extraordinary General Meeting of Staff Union of the European Patent Office Ahead of Intensifying Strikes
- We will, in the meantime, run a series about EPO corruption, which is now connected to corruption in Portugal and to corruption inside the EU
-
- Communities and "Prosumers."
- today's meetup will be about community
- Gemini and Gopher Links 10/06/2026: Roasting, Changes, and Harms of Slop
- Links for the day
- IBM Genies in the Bottle
- for ordinary people working who at at IBM, it's not hard to see that IBM is floundering
- Microsoft Azure Shrinking With More Mass Layoffs
- "Reports suggest the layoffs will impact close to 200 out of 400 workers, who are set to cease employment at Azure on July 6"
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, June 09, 2026
- IRC logs for Tuesday, June 09, 2026
- European Patent Office (EPO) Series: The Centre-Right "Social Democratic Party" in Portugal
- Quite an achievement for a former Maoist radical and aspiring champion of the Portuguese proletariat to be invited to join Goldman Sachs
- SLAPP Censorship - Part 102 Out of 200: Maybe One Day Whistleblowers From Brett Wilson LLP Will Tell Us What Really Happened
- Maybe one day some former staff of Brett Wilson LLP will also approach us to blow the whistle
- Gemini Links 09/06/2026: "The Mist of the Lands Between", Board Game Concept
- Links for the day
- 2026: The Year Slop Companies "Made an Exit" (Threw in the Towel Over to Wall Street)
- Remember 2026 as the year two major slop companies (which we won't name) sought an IPO
- Links 09/06/2026: NSO Group still cracking, "FOI tribunal throws out £14k costs claim against journalist Barnie Choudhury"
- Links for the day
- Links 09/06/2026: "Smartphones Broke Dating" and "EU Open Source Strategy"
- Links for the day
- This Coming Friday
- Richard Stallman (RMS)
- Several Slopfarms That Target "Linux" Seem to Have Died
- Or perished severely
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, June 08, 2026
- IRC logs for Monday, June 08, 2026
- Gemini Links 09/06/2026: Tanana River, Cassette Beasts, and Emacs
- Links for the day
- IBM's Quantum Bubble Already Deflating
- Shares down over $55 in a few days
- European Patent Office (EPO) Series: The Brotherhood of São Bento
- The Palácio São Bento – or São Bento Palace – is the seat of the Portuguese National Assembly in Lisbon
- SLAPP Censorship - Part 101 Out of 200: Women Come to Realise They Don't Wish to Participate in Attacking Vulnerable Women
- It relates to another topic that we shall be covering in the coming weeks
- Links 08/06/2026: Proprietary Loaded With Security Holes, Armenia Defies Russia
- Links for the day
- Gemini Links 08/06/2026: NetHack 5.0.0 and Slop as Cannibalism
- Links for the day
- Links 08/06/2026: "Rising Emissions, Depleting Water" Due to the Pyramid Scheme of Slop; "Canada Needs to Rebuild Public Telecoms"
- Links for the day
- Brett Wilson LLP Reported to Police for Trying to Throw Large Parcel Into Our Home
- This morning the campaign of intimidation...
- GAFAM Bots Are Not "Good Bots"
- There's nothing "Good" about Google
- Links 08/06/2026: Criticism of Microsoft Trying to Criminalise Pointing Out Bug Doors, TikTok Now "Climate-Denying Social Media App"
- Links for the day
- Slop Has no ROI, an Economy Built on False Assumptions of Slop is Doomed
- we're all going to suffer from this Ponzi scheme
- The Cyber Show Has "Exciting Guests Coming" and a Gemini Capsule
- "Site development is ongoing but now settling into a more stable form"
- GNU/Linux Measured at 10% in Liechtenstein This Month
- it seems like statCounter wrongly classified some GNU/Linux clients as Mac clients and is now issuing a correction
- Communicating With Freedom - Part III - Quibble Envisioned as a New and Easily Accessible Communications Platform Based on LibreJS
- the FSF really needs to become more active if not proactive in promoting those sorts of things
- Clownflare Says Majority of Web Traffic is Now Bots, But the Net is Another Story
- Bots are to Clownflare what lawsuits are to lawyers
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Sunday, June 07, 2026
- IRC logs for Sunday, June 07, 2026
- The Strikes at the European Patent Office Planned to Carry on for the Entire Year, Maybe Future Years as Well
- There's a cautionary tale somewhere
- Number of Patent Grants Has Plunged 23% Amid Strikes at the European Patent Office, Today There Are More Strikes (Strike Participation at Over 3,000, More Than Doubled Since Winter)
- There is a growing crisis at the European Patent Office
- E.E.E. Still Ongoing, the War on Copyleft/GPL Enables That
- It also imperils security.
