News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of Paranoia – Day 18

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – 31 days of Paranoia – Day 18

    This topic contains 6 replies, has 3 voices, and was last updated by

     rc primak 8 months ago.

    • Author
    • #225584 Reply

      Susan Bradley
      AskWoody MVP

      Today we’re taking a break from our normal paranoia to discuss a recent vulnerability.  The headlines imply that a guest user can gain admin rights vi
      [See the full post at: Patch Lady – 31 days of Paranoia – Day 18]

      Susan Bradley Patch Lady

      7 users thanked author for this post.
    • #225601 Reply


      Well yes, RID hijacking is a privilege escalation attack, where a non-admin can gain admin rights. That is indeed quite different from being authenticate straight to admin.

      However, lots of organizations have users with access levels other than “none” and “admin”, and that’s where RID hijacking becomes a problem.

    • #225665 Reply

      rc primak

      Libssh sounds like Linux terminology to me. Is this a Linux vulnerability, a Windows vulnerability, or both?

      -- rc primak

      • #225687 Reply


        If the defective libssh is used in a Linux server role, yes. I do not know if Microsoft used any of the libssh code.

      • #225688 Reply


        There might exist Windows programs which are using the indicated defective libssh.

    • #225698 Reply


      The libssh, while disturbing, isn’t quite as bad as it appears at first glance.

      Sites like github were not vulnerable because they didn’t use the affected libraries.  Distros which use libssh2, such as RHEL6 and RHEL7, are not affected.

      Should you check your systems?  Absolutely, and patch them if you happen to be running a vulnerable version.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – 31 days of Paranoia – Day 18

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.