Blog Archives
-
Zero day for Windows 7
Posted on November 25th, 2020 at 12:11 Comment on the AskWoody LoungeBleeping computer reports that 0-patch is releasing a fix for a zero day in Windows 7 and server 2008 R2.
I haven’t yet seen an out of band patch released to Windows 7 ESUs but I’ll keep you posted.
One clarification on that post, Sergiu says “At the moment, only small-and-midsize businesses or organizations with volume-licensing agreements can get an ESU license until January 2023.” You actually don’t need a volume licensing agreement in order to buy Windows 7 patches. Amy Babinchak is still selling Windows 7 ESUs and for anyone who bought them last year, she’ll be contacting you to see if you want the updates again this year. Microsoft hasn’t yet set it up so that the 2021 Windows 7 ESUs are on their price list, but I’m guessing December 1st is when they will post it to the price list. It’s expected to be twice the price of last years.
-
Patch lady – targeted attacks using zero day
Posted on October 30th, 2020 at 14:24 Comment on the AskWoody LoungePer https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/:
On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.
“We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley, that this is targeted exploitation and this is not related to any US election-related targeting.”
It will be patched November 10th.
So the good news is that this is targeted only – not by us mere mortals. Until then keep your tinfoil on and in the ready mode
-
SandboxEscaper drops another Win10 0day on Twitter
Posted on October 24th, 2018 at 09:38 Comment on the AskWoody LoungeRemember the Task Scheduler ALPC 0day dropped on Twitter at the end of August?
The same gal, @SandboxEscaper, just dropped another one. On Twitter. No forewarning. No chance for Microsoft to fix it.
Catalin Cimpanu has a good overview on ZDNet.
It’s another privilege elevation attack, which means the attacker has to be running on your machine before it kicks in, and the 0day can be used to change the running code from standard to admin.
The PoC, in particular, was coded to delete files for which a user would normally need admin privileges to do so. With the appropriate modifications, other actions can be taken, experts believe.
That makes it very mean, but not yet a potent attack.
Kevin Beaumon, @GossiTheDog, has taken a look at it:
So this works. Windows 10 and Server 2016 (and 2019) only. It’s similar to Task Scheduler exploit, it allows non-admins to delete any file by abusing a new Windows service not checking permissions again. https://t.co/q45Qj3DGSS
— Kevin Beaumont (@GossiTheDog) October 23, 2018
I’ll update this post with the CVE number as soon as I have it.
-
Details on the Task Scheduler ALPC zero-day
Posted on August 28th, 2018 at 07:59 Comment on the AskWoody LoungeKevin Beaumont (@GossiTheDog) just published an excellent overview of the newly touted ALPC zero-day in Task Scheduler. Complete with working exploit code.
The flaw is that the Task Scheduler API function SchRpcSetSecurity fails to check permissions. So anybody — even a guest — can call it and set file permissions on anything locally.
It’s a privilege escalation bug, allowing an offending program to leapfrog itself from running in user mode to take over the machine.
Catalin Cimpanu on Bleeping Computer posted the initial revelation from @SandboxEscaper, who posted original exploit code on GitHub, then deleted their Twitter account.
Nothing to worry about yet, but expect to see a fix for all versions of Windows before too long.
-
Patch Lady – Flash update out on June 7th
Posted on June 7th, 2018 at 14:39 Comment on the AskWoody LoungeBe aware that today a Flash update has been released. For those of you on Windows 7 you will need to either look to a prompt or go to the Adobe flash page for your update. For those on 10, and 8.1 you get your update from Microsoft.
https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player
“Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.”
Generally speaking it’s wise to ensure these flash updates are installed as soon as possible. Kirsty’s got the links for you here:
-
Pwnfest brings two zero-day system level hacks of Edge
Posted on November 11th, 2016 at 11:20 Comment on the AskWoody LoungeSo much for the most secure browser ever.
Darren Pauli at The Register reports that two Win10 1607 ( = Anniversary Update = Redstone 1) machines updated to this week’s security patch level were pwned in separate hacks.
It’s become a lucrative hobby. $140,000 each to Qihoo 360 (China) and LokiHardt (South Korea).
There’s also a hack using Flash on Edge on Win10 1607.
-
Microsoft’s latest Word security hole, KB 2953095, is part of an on-going embarrassment
Posted on March 25th, 2014 at 21:46 Comment on the AskWoody LoungeHas everybody forgotten that RTF – the sticking point in the latest zero-day, and dozens of zero-days before it – was invented and controlled by Microsoft?
InfoWorld Tech Watch.
-
If you use IE9 or IE10, Security Advisory 2934088 says get patched now
Posted on February 20th, 2014 at 22:16 Comment on the AskWoody LoungeThere’s a Fixit…
InfoWorld TechWatch