• Scientists discover security vulnerability that allows them to bypass all of Windows' security syste
    44 replies, posted
[video=youtube;ukAr6MiA788]http://www.youtube.com/watch?v=ukAr6MiA788[/video] [quote][B] It's possible to bypass all of the security mechanisms in Microsoft's operating system Windows and gain full system priviliges by changing a single bit in a call. [/B] Last tuesday's security updates for Windows are followed by a number of reports regarding the now fixed security vulnerabilites, in which some details are especially scary. The scariest one being the discovery that modifying a single bit in a certain call was enough to bypass all of the security systems found within the Windows operating systems. The security researcher Udi Yavo [URL="http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/"]describes[/URL] the odd vulnerability dubbed CVE-2015-0057 and shows how it makes it possible to code an omnipotent program. "A threat actor that gains access to a Windows machine (say, through a phishing campaign) can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization" In the core of the Windows operating system there's a module called Win32k.sys, which among other things is responsible for creating the GUI windows. By making a certain call for it, something of a cascade is created, resulting in a total escalation of the system priviliges. In other words, this means that a malicious piece of software wouldn't have to tussle with the OS's security related limitations, and would instead gain full system priviliges instantly. Even worse is the fact that the vulnerability isn't limited to a certain version of Windows, but can be found in every Windows from XP to the brand new Windows 10 Technical Preview. [/quote] Source: [URL]http://www.sweclockers.com/nyhet/20057-forskare-kringgar-windows-sakerhet-genom-att-modifiera-en-enda-bit[/URL]
oh boy
At least it's not a remote execution exploit and in order to actually do anything you'd need code running in the first place. It's still bad but it could be a lot worse
Very nasty bug, but keep in mind that in order to use this exploit you have to download and run a program from somewhere for them to do this, it's not like you can catch it from a web browser or something :v:
[QUOTE=Elspin;47134045]Very nasty bug, but keep in mind that in order to use this exploit you have to download and run a program from somewhere for them to do this, it's not like you can catch it from a web browser or something :v:[/QUOTE] 'Now Fixed' Just hope you guys updated your systems last Tuesday
Unless you're using XP this was fixed already, no need to worry anymore.
Well look at it this way; This is just one of the many hundreds of privilege escalation methods within windows. Some are as simple as easy as replacing Utilman.exe with cmd.exe. (Handy for removing passwords on local accounts in windows 8) Windows security is just, ehh.
[QUOTE=shadowboy303;47134267]Well look at it this way; This is just one of the many hundreds of privilege escalation methods within windows. Some are as simple as easy as replacing Utilman.exe with cmd.exe. (Handy for removing passwords on local accounts in windows 8) Windows security is just, ehh.[/QUOTE] Just be thankful it's closed source
[QUOTE=shadowboy303;47134267]Well look at it this way; This is just one of the many hundreds of privilege escalation methods within windows. Some are as simple as easy as replacing Utilman.exe with cmd.exe. (Handy for removing passwords on local accounts in windows 8) Windows security is just, ehh.[/QUOTE] The security of anything as insanely complex as an operating system is always gonna be just ehh This is why we have antivirus software and regular security patches from developers
[QUOTE=Scratch.;47134307]Just be thankful it's closed source[/QUOTE] Security through obscurity should always be last resort.
[QUOTE=Scratch.;47134307]Just be thankful it's closed source[/QUOTE] If it was open you could patch it near instantly.
At least im not using one of those freetard operating systems. I will take Windows over that crap any day despite this security bug. Security through obscurity is just a another layer of security for software and not just anyone can see all those bugs in the source code otherwise Windows really would be a dangerous platform to be using.
[QUOTE=Scratch.;47134307]Just be thankful it's closed source[/QUOTE] There is a kinda deep explaination though - probably deep enough for hackers to create an exploit: [URL]http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/[/URL]
Run your updates folks
uint8_t activateNSABackdoor = 1;
[QUOTE=Van-man;47135202]Security through obscurity should always be last resort.[/QUOTE] Not to mention it's not like Windows manage to be more secure. The half life of a security breach in opensource systems tends to be fraction of that on the others, and the frequency of these that make it into stable builds of stuff is lower as well...
[QUOTE=Scratch.;47134096]'Now Fixed' Just hope you guys updated your systems last Tuesday[/QUOTE] Seeing as it's a win10 bug only I'm also hoping none of you are dumb enough to be running what isn't even a release candidate as your daily driver OS
[QUOTE=latin_geek;47136477]Seeing as it's a win10 bug only I'm also hoping none of you are dumb enough to be running what isn't even a release candidate as your daily driver OS[/QUOTE] Incorrect [quote=article]Even worse is the fact that the vulnerability isn't limited to a certain version of Windows, but can be found in every Windows from XP to the brand new Windows 10 Technical Preview.[/quote] I actually think this is way more serious than people are crediting it for. How many people don't run Windows Update for various reasons? Yes arbritrary code has to run on the system first to exploit this vulnerability but anyone that's had to clean a Windows PC of malware knows that's not a particularly difficult challenge, then there's vulnerabilities in big plugins like Flash and Java, which again, if not updated, and they often aren't, are more easy attack vectors straight from web pages.
[QUOTE=latin_geek;47136477]I'm also hoping none of you are dumb enough to be running what isn't even a release candidate as your daily driver OS[/QUOTE] I've replaced 7 with 10 TP, did the same with 8 before it was released I don't have anything particularly important on this PC, it's just an entertainment machine
Remember that good ol gdi exploit that ran pre-98 to win 8.1
[QUOTE=TheCreeper;47135371]At least im not using one of those [B]freetard operating systems[/B].[/QUOTE] What
[QUOTE=TheCreeper;47135371]At least im not using one of those freetard operating systems. I will take Windows over that crap any day despite this security bug. Security through obscurity is just a another layer of security for software and not just anyone can see all those bugs in the source code otherwise Windows really would be a dangerous platform to be using.[/QUOTE] With a closed source system you can't be sure that code wasn't added purposely as a backdoor. I'm unsure of the specific project management practices in place by Linux and related operating systems, but most open source projects have a review process before patches are allowed to be merged into production code. The amount of personal pride and public pressure the people who write and approve these patches are under makes it very unlikely linux will get a government-sponsored bug backdoor. Additionally with opensource software, you have thousands of nerds looking over the code for just such bugs, whereas Microsoft employees are governed in their actions by Microsoft.
[QUOTE=Electrocuter;47134179]Unless you're using XP this was fixed already, no need to worry anymore.[/QUOTE] Not everyone updates immediately. In fact a lot of people don't update very often at all. I wait at least 2-3 weeks personally since Microsoft has had a fairly bad track record lately with breaking peoples' OSes when they go to update.
[QUOTE=sasherz;47137313]With a closed source system you can't be sure that the bug wasn't added purposely as a backdoor. I'm unsure of the specific system in place by Linux and related operating systems, but most open source projects have a review process before patches are allowed to be merged into production code. Additionally with opensource software, you have thousands of nerds looking over the code for just such bugs, whereas Microsoft employees are governed in their actions by Microsoft.[/QUOTE] Closed source does require a level of trust, but don't forget that this level of exploit can still happen with Open Source software; as the Shellshock exploit proved.
[QUOTE=subenji99;47137460]Closed source does require a level of trust, but don't forget that this level of exploit can still happen with Open Source software; as the Shellshock exploit proved.[/QUOTE] Which was patched basically the day it was announced.
[QUOTE=Map in a box;47139438]Which was patched basically the day it was announced.[/QUOTE] and then re-exploited because that patch wasn't good enough.
Shellshock wasn't an exploit, it was completely standard functionality that a lot of retarded developers were using incorrectly. And the response to all of the news has certainly been faster than the response from Microsoft for the security vulnerabilities that went unpatched for [B][I]3 fucking months[/I][/B] after they were informed.
[QUOTE=nikomo;47139699]Shellshock wasn't an exploit, it was completely standard functionality that a lot of retarded developers were using incorrectly. And the response to all of the news has certainly been faster than the response from Microsoft for the security vulnerabilities that went unpatched for [B][I]3 fucking months[/I][/B] after they were informed.[/QUOTE] Microsoft has to test patches fairly extensively, though, and they need to give businesses time to do the same. I don't know how you'd fix this kind of stuff, but if the exploit isn't easily uncovered and held under wraps for 90 days, why risk breaking thousands of users' installations?
[QUOTE=GoDong-DK;47139743]Microsoft has to test patches fairly extensively, though, and they need to give businesses time to do the same. I don't know how you'd fix this kind of stuff, but if the exploit isn't easily uncovered and held under wraps for 90 days, why risk breaking thousands of users' installations?[/QUOTE] Thats easily disproven by how a lot of their updates have bricked machines along with causing lots of bsods.
[QUOTE=Map in a box;47139922]Thats easily disproven by how a lot of their updates have bricked machines along with causing lots of bsods.[/QUOTE] But wouldn't that imply that they should take [I]more[/I] time for testing before the updates go live, and not try and push it out faster?
Sorry, you need to Log In to post a reply to this thread.