Eye on Security: Vista 7 is 'Secure', They Promised

Dr. Roy Schestowitz

2010-11-30 21:34:07 UTC
Modified: 2010-11-30 21:34:07 UTC

Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news

● Breaking That Other OS

Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7Ã¢â¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?

This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.

● 'Nightmare' kernel bug lets attackers evade Windows UAC security

Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.

One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.

● Newly discovered Windows kernel flaw bypasses UAC

Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).

The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.

[Meme] Being Believed, Not Censored or Defamed: Daniel Pocock, Zini, and John Sullivan (FSF)
Taking Things Up a Notch: we strive/aim towards 15-25 new pages per day, i.e. around 500 per month or 6,000 per year
Improving Site Navigation for Easier Discovery and Catch-ups: This site is run by code we wrote ourselves
LibrePlanet 2024 Recordings: Let's hope independent recordings by viewers can help recovery of "lost talks" (recordings)
GNU/Linux Reaches 11% Market Share in the United States Of America - an All-Time High: The United States Of America is where the operating system started (Boston) and where Linus Torvalds works (Portland)
Links 11/05/2024: XBox Crisis, Spotify Exodus Continues: Links for the day
Gemini Links 11/05/2024: Why to Delete GitHub: Links for the day
In Europe, Bing Fell Every Month This Year, Lost a Considerable Share Since "Bing Chat" and All the Chatbot Hype: Microsoft's Bing has had many layoffs lately
Links 11/05/2024: Analysis of the Microsoft Crisis and Backdoor-Looking Bugs: Links for the day
Attacking the Messenger?: Stack Overflow and LLM licencing
Microsoft Fired Loads of Staff in Kenya, Which is Another Large Country Where GNU/Linux Has Grown a Lot: Microsoft pays Kenyans only 2 dollars an hour for an IT/office job
Knowing the True History of Debian, Owing to Irish Debian Developer Daniel Pocock (Currently Running to Become Member of the European Parliament): Irish-Australian and scapegoat of a highly dysfunctional 'Debian family'
Attacking by Credentials: Modest people do not demand fancy titles
Microsoft Windows Used to Have 99% of the OS Market in Jordan, Now It's Just 13% (Less Than iOS): Based on the data of statCounter, GNU/Linux in Jordan climbed from 0.62% in May 2014 to nearly 5% right now
More Nations Are Reaching and Exceeding 5% Market Share for GNU/Linux, Microsoft Wants to be Bailed Out Again: Microsoft is once again reaching out to Biden for a bailout - a subject we'll cover in a video some time this weekend
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, May 10, 2024: IRC logs for Friday, May 10, 2024
[Meme] What Do You Call a Woman Who Does BDS on Free Software? Elana Hamasman.: Here are some confused thoughts
[Meme] Mission Aborted: Mission Aborted: cancel RMS
Gemini Links 10/05/2024: Love Is Infinite and Books vs Internet: Links for the day
Links 10/05/2024: Fears Over TSMC, Microsoft Loses Major Patent Case: Links for the day
Links 10/05/2024: Burner Phones in 6-Eyes Government, “Hatred and Demonization” on the Rise: Links for the day
Microsoft Layoffs and Closures Now Reported in Africa: Microsoft Uninstalls Nigeria as it closes African Development Centre (ADC) in Lagos
[Video] Richard Stallman, "I Saw You Playing Your Recorder in Paris" (Due to Proprietary Software Only): Corporate autocrats do not want counterparts or alternatives to even exist
Five Years After the Extensive Campaign of Defamation Against Richard Stallman He's Still Giving Public Talks: "Richard Stallman will give a talk, in French, Free Software and Freedom in a Digital Society at Centrale Supelec in Saclay, on May 15."
Microsoft Is Rebranding Its 'Chatbot' Search for the Third Time Because It Fails to Gain Adoption: it always means that something has failed - not that they'll openly admit it
Richard Stallman Gives a Talk in Paris Next Week (in French) and It's About Freedom: another talk, which he has only just announced
Pace Up, Distractions Down: We've made our curation process faster and more efficient
In Algeria, GNU/Linux Estimated to Have Grown Tenfold in a Decade: a sharp rise in GNU/Linux usage
[Meme] Red Hat Diversity: Red Hat: don't mention Haghighi
Our Sister Site Turns 20 in Exactly One Month: twentieth anniversary of the site
Corporate Media Focuses on Who's Suing Red Hat, Not What It's Sued For: The unfortunate thing is, anybody who has an opinion on this lawsuit will inevitably be framed as "pro-Trump" or "anti-Trump"
Links 10/05/2024: Many More Microsoft Layoffs on the Way: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, May 09, 2024: IRC logs for Thursday, May 09, 2024
Microsoft OSI Uses Its Money to Hire PR Agencies That Spy and Spread Mindless Openwashing of GPL-Violating Microsoft Ploy: `We're under attack. But the attackers smile at us and hire PR firms to spy, mislead etc.
Gemini Links 10/05/2024: geminispace.info to Shut Down in 3 Weeks: Links for the day
In Nigeria, Africa's (by Far) Largest Population, Microsoft Bing is the 0%: To Microsoft, Africa is just "someplace" to get intensive, hard-working human 'resources' (tech labour) at 2 dollars 'apiece' as in per person per hour
Links 09/05/2024: Journalists in Detention, China Banning Songs or Anthems: Links for the day
Support for harassment and abuse victims: Reprinted with permission from Daniel Pocock
Gemini Links 09/05/2024: Being Sick Enough and End of “World of Ends“: Links for the day
Links 09/05/2024: 'Hey Hi' (AI) Bubble Implodes Some More, Microsoft Layoffs So Widespread It's Hard to Keep Track: Links for the day
Speaking of Enshittification and Freedom, We've Still Not Begun Tackling the UEFI 'Secure' Boot Mess (Preventing GNU/Linux From Even Booting!): Microsoft continues to fly under the radar and commit competition crimes with impunity
Microsoft Has Just Confirmed Mass Layoffs in Nigeria, It Now Adds Insult to Injury With Price Hikes for Locals: It's not like Microsoft paid them good salaries
Software Enshittification or Freedom? It's not a hard choice!: Reprinted from Alexandre Oliva
Links 09/05/2024: More Microsoft Layoffs on the Way: Links for the day
Amid Microsoft Layoffs in Nigeria GNU/Linux Climbs Above 6% Market Share (Not Including ChromeOS): Hundreds are being laid off by Microsoft in Nigeria, based on yesterday's reports
[Meme] Blame the Robots or the 'Hey Hi' (AI), It Always Works in Today's Media: Companies do not have financial troubles! They have "efficiencies"...
News Reports Say Many More Microsoft Layoffs on the Way, Rumours Say Red Hat Also Imminently a Target: Microsoft is slipping out of control
Links 09/05/2024: Diplomacy Efforts With China, AstraZeneca Stops Experimenting With COVID-19 Vaccines: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 08, 2024: IRC logs for Wednesday, May 08, 2024
Gemini Links 09/05/2024: Registered Computer Professionals and TLS (The Long Slog): Links for the day

Eye on Security: Vista 7 is 'Secure', They Promised

Recent Techrights' Posts