Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of Paranoia – Day 17

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – 31 days of Paranoia – Day 17

    This topic contains 5 replies, has 3 voices, and was last updated by  gborn 2 months ago.

    • Author
      Posts
    • #225351 Reply

      Susan Bradley
      AskWoody MVP

      So you know you’ve been hacked.  Now what?  You can tell your passwords have been reset and you can’t get into your accounts.  You have evidence that
      [See the full post at: Patch Lady – 31 days of Paranoia – Day 17]

      Susan Bradley Patch Lady

      2 users thanked author for this post.
    • #225455 Reply

      anonymous

      Everyone should be reviewing the spam /junk email and report those to the abuse email for IP address in the email header file. I start doing that and my junk email dropped from 400 to 100 over last year or so. Hopefully in another year it will drop to 10 or less junk email….

    • #225573 Reply

      gborn
      AskWoody MVP

      Susan – well, here is your next topic for another day of paranoia

      Windows Vulnerability RID Hijacking  allows user rights transfer (guest account becomes admin)

      https://borncity.com/win/2018/10/19/windows-rid-hijacking-allows-guests-to-become-an-admin/

      • #225580 Reply

        Susan Bradley
        AskWoody MVP

        To gain access the attacker already has admin rights.  Game is over before that attack begins.

        Susan Bradley Patch Lady

        • #225581 Reply

          Susan Bradley
          AskWoody MVP

          He was able to hijack the build in Administrator account with RID 500 and assign the privileges to an integrated guest account. ”  So he hacked the admin account.  He was already god on the box.   The key is not what they can do after you are hacked, it’s how they get on the box in the first place.

          Susan Bradley Patch Lady

          • #225624 Reply

            gborn
            AskWoody MVP

            I haven’t the fantasy to think about all the possible scenarios, where an attacker gain admin rights (think of DLL hijacking, VC++ vulnerabilities etc.). The real beef behind the attack: It allows to hijack the build in Administrator and assign the privileges to an integrated guest account – or a standard user account -> in my understanding ‘no UAC prompt’. The 2nd thing to keep in mind: It opens a backdoor to hide all operations behind the hijacked account (no one will recognize, the guest accound is being mis used). It’s a lot of ‘paranoia’ to cause head ache – imho.

            Edit to remove HTMH.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – 31 days of Paranoia – Day 17

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.