Zero day exploit in windows 10 1903

[GoodBytes]

3 minutes ago, HarryNyquist said:

Talk about a bad translation lol.

 

It looks like the malicious entity needs an account on the system (or access to one) to begin with.

Normally I would agree, however, remember that a program can use this to execute the exploit, and possibly find a way to elevate itself in some way to execute a system attack. So if you are infected, and your A/V doesn't detect the program that has this exploit, you can have it compromise your system.

[LukeSavenije]

10 minutes ago, GoodBytes said:

The version of Windows 10 in the video is older than 1903.

And at no point it says it affects 1903 only.

 

oh... probably missed that then

[Zodiark1593]

2 hours ago, mr moose said:

So basically this prick thinks its a good idea to make exploits public before giving the relevant people a chance to fix them. 

Nothing illegal about that.

[Chunchunmaru_]

1 hour ago, Captain Chaos said:

 

See how that skyrocketed as Win10 was released?  Win10 had more vulnerabilities in 2 years than Win7 had in 5. 

 

 

And while it is getting better in recent years, it's still nowhere near good.  In fact it's still worse than 8.1 or 7.

 

 

 

That could actually mean there are more people in the security team for finding vulnerabilities, which would be reasonable, still better than if someone else or hackers finds out by themselves

[Doobeedoo]

Well shit, not cool. 

[GoodBytes]

2 hours ago, Chunchunmaru_ said:

That could actually mean there are more people in the security team for finding vulnerabilities, which would be reasonable, still better than if someone else or hackers finds out by themselves

Also, the graph has issues.

Windows 7 and Vista should be together as Windows 7 was mostly polishing Vista interface, and a few new features here and there which many of them if not all, doesn't affect security, and the removal of Vista Gadgets which was found to be a big security issue.

Windows 8 has much less users, so you have less attention by security experts.

 

Another thing to consider, is that security issues can date back to older version of Windows, so how where do they position the security flaw? In this situation, do they mark it on current version of Windows even though it might work for Windows XP (for example), or they mark it for the first version of Windows with the security flaw.

[Bitcolbyin]

2 hours ago, Ryujin2003 said:

I caught that too. Either way, he/she/they/them is an asshole.

transgender

[Bitcolbyin]

2 hours ago, AluminiumTech said:

Wait. I'm very confused.

 

Is the hacker a man or a woman? cos there's 2 references to being a woman but then 3 references to being a man in the quoted section of the source.

transgender

[Den15]

I guess the real problem is that the windows user base is MASSIVE, so the crackers go where people are.

 

I think it's much harder to crack some LFS build and it would hit waaaay less people, that's why winderp will always be the champion in threats.

 

If I remember correctly the user doesn't give the computer direct instructions on windows... maybe it's managed by some piece of software (it was a while ago one of my professor said it and I can't recall it correctly to search on the interwebs, maybe it was "library manager" idk), so that means an attacker would have to take control of this manager to access everything, while on Linux you use mostly the terminal for direct (abstract) commands (because most of us are not fluent in machine language) and for admin/root privileges you have to type your password all the time.

[Chunchunmaru_]

17 minutes ago, Den15 said:

I guess the real problem is that the windows user base is MASSIVE, so the crackers go where people are.

 

I think it's much harder to crack some LFS build and it would hit waaaay less people, that's why winderp will always be the champion in threats.

 

If I remember correctly the user doesn't give the computer direct instructions on windows... maybe it's managed by some piece of software (it was a while ago one of my professor said it and I can't recall it correctly to search on the interwebs, maybe it was "library manager" idk), so that means an attacker would have to take control of this manager to access everything, while on Linux you use mostly the terminal for direct (abstract) commands (because most of us are not fluent in machine language) and for admin/root privileges you have to type your password all the time.

You are comparing Linux servers and Windows, btw you are just talking about API's in GUI programs, the same can happen on Linux too

[Den15]

3 hours ago, Chunchunmaru_ said:

You are comparing Linux servers and Windows, btw you are just talking about API's in GUI programs, the same can happen on Linux too

I was actually talking about desktops.

 

But yeah, it can happen in Linux, but way less frequently, but mostly because of the small user base.

 

So windows itself uses an API for everything the user does? (that's a legitimate question, I don't know the answer)

[DrMacintosh]

If it’s a local exploit then it’s not a big concern. 

[LAwLz]

13 minutes ago, DrMacintosh said:

If it’s a local exploit then it’s not a big concern. 

1) There is no such thing as a local-only exploit.

2) It's mostly an issue for machines where you for multiple users and some of them aren't suppose to have admin privileges. For those cases (not really home users) it's a big deal. 

[mr moose]

8 hours ago, Zodiark1593 said:

Nothing illegal about that.

Might not be illegal but it is still a C&*T's act.

[19_blackie_73]

18 hours ago, LukeSavenije said:

i didn't yet

 

but you know windows... it'll soon be there, randomly

Funnily enough windows didn't even want to install 1809 until now

I'm waiting on that day forever but the changes in 1809 don't seem relevant enough for me so I don't push it manually especially because of the disaster the update was surrounded with

[Ace2213]

On 5/23/2019 at 8:47 AM, Captain Chaos said:

 

 

What's this Internet Explorer thing? Is it like a VR headset for navigating the interwebs?

[Ace2213]

On 5/23/2019 at 10:22 AM, GoodBytes said:

and the removal of Vista Gadgets which was found to be a big security issue.

It was never a "security issue" beyond installing gadgets from unverified sources. I still use gadgets on Win10 with no issues.

[Salv8 (sam)]

On 5/23/2019 at 8:40 PM, Arika S said:

And here I am still on 1803.

same, didn't update because of this very thing.

[colonel_mortis]

The actual details of the vulnerability, at a high level, are:

• Write a file to a particular directory (users have write access to that directory by default) and give that file the permissions that you want
• Run the vulnerable task. This task modifies the permissions of the files in that directory by reading the old permissions, adding SYSTEM:delete, then writing it back to the file.
• Try to swap the file that we wrote with the target file between when the permissions were read and when they are written, so that the new permissions are written to the target file.

Actually exploiting this race condition takes a while (the author says it takes ~15 minutes) because there's an extremely narrow window where it works, but it does allow any user to set arbitrary or mostly arbitrary permissions on a file of their choice. This can then be used to escalate privileges.

 

It does only work if the attacker already has write access to your computer, but escalation of privilege attacks are still bad.