News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of Paranoia – Day 18

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – 31 days of Paranoia – Day 18

    Viewing 3 reply threads
    • Author
      Posts
      • #225584 Reply
        Susan Bradley
        AskWoody MVP

        Today we’re taking a break from our normal paranoia to discuss a recent vulnerability.  The headlines imply that a guest user can gain admin rights vi
        [See the full post at: Patch Lady – 31 days of Paranoia – Day 18]

        Susan Bradley Patch Lady

        7 users thanked author for this post.
      • #225601 Reply
        anonymous
        Guest

        Well yes, RID hijacking is a privilege escalation attack, where a non-admin can gain admin rights. That is indeed quite different from being authenticate straight to admin.

        However, lots of organizations have users with access levels other than “none” and “admin”, and that’s where RID hijacking becomes a problem.

      • #225665 Reply
        rc primak
        AskWoody_MVP

        Libssh sounds like Linux terminology to me. Is this a Linux vulnerability, a Windows vulnerability, or both?

        -- rc primak

        • #225687 Reply
          anonymous
          Guest

          If the defective libssh is used in a Linux server role, yes. I do not know if Microsoft used any of the libssh code.

        • #225688 Reply
          anonymous
          Guest

          There might exist Windows programs which are using the indicated defective libssh.

      • #225698 Reply
        anonymous
        Guest

        The libssh, while disturbing, isn’t quite as bad as it appears at first glance.

        Sites like github were not vulnerable because they didn’t use the affected libraries.  Distros which use libssh2, such as RHEL6 and RHEL7, are not affected.

        Should you check your systems?  Absolutely, and patch them if you happen to be running a vulnerable version.

    Viewing 3 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – 31 days of Paranoia – Day 18

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.