Windows 10 Hit Repeatedly By Serious New Vulnerability

By -

 Windows 10 desperately needed changes to its upgrade system and they are finally rolling out. That said, they’re not a magic bullet and Microsoft has now warned users about an update which is going to be hit multiple times over the next few weeks, and before the company can do anything about it. 

The threat comes from SandboxEscaper, a well-known exploit broker, who has found multiple holes in Microsoft’s CVE-2019-0841 security update. Moreover, while Microsoft has posted a warning on June 7 and has attempted three fixes so far, SandboxEscaper has now released a fourth and promised to further exploits of it will follow. The result is Microsoft is left playing whack-a-mole and Windows 10 users should be vigilant.

As reported by  security researcher Nabeel Ahmed states that SandboxEscaper has found a way to give anyone with access to a Windows 10 and Server 2019 machine permissions that result in “Full control”. Tech News notes that Microsoft “will certainly not have enough time to fix this one” for several days and then SandboxEscaper will publish another.

And it is clear SandboxEscaper has found something substantial. Tech News notes that this is the fourth zero-day LPE (local privilege escalation) the hacker has released this month. It’s not a good look for Microsoft.



It also comes on the back of Microsoft’s promise to give Windows 10 users more "control, quality and transparency" over software updates. But the end result is worth reading about because it isn’t quite what you’d expect, and there’s little benefit in Microsoft delivering a stable update anyway (as CVE-2019-0841 was) if it is full of holes.

At least this latest exploit requires someone to already have access to your computer, unlike other Windows 10 updates in the last year which have deleted your personal data, made Windows 10 downgrade itselfbroken app updatescrippled gaming performance or made Chromium browsers up to 4x slower.

Microsoft may have finally started to do the right thing by Windows 10 users, but it’s clear there’s still a lot of work to be done in convincing anyone who hasn’t yet upgraded to Windows 10 to take the plunge.

Comments

Post a Comment

Popular Posts

Hacker steals data of millions of Bulgarians, emails it to local media

By -
Image
  Source of the data breach appears to be the country's National Revenue Agency A mysterious hacker has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications. The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. In a  message posted on its website  on Monday, the NRA said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack. "We are currently verifying whether the data is real," said the NRA. Hours after this article's publication, the Bulgarian Ministry of the Interior  confirmed the hack . HACKER STOLE 110 DATABASES, LEAKED 57 According to reports from local media [ 1 ,  2 ,  3 ,  4 ,  5 ], who received part of the data, the hacker said they stole the personal details of over five million Bulgarians, of the country's total populatio
Read more

​Linux totally dominates supercomputers

By -
Image
It finally happened. Today, all 500 of the world's top 500 supercomputers are running Linux. Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list . Today it finally happened:  All 500 of the world's fastest supercomputers are running Linux . The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the  November 2017 TOP500 Supercomputer list . Overall, China now leads the supercomputing race with 202 computers to the US' 144. China also leads the US in aggregate performance. China's supercomputers represent 35.4 percent of the Top500's flops, while the US trails with 29.6 percent. With an anti-science regime in charge of the government, America will only continue to see its technological lead decline. When the  first Top500 supercomputer list was compiled in June 1993 , Linux was barely more than a toy. It hadn't even adopted Tux as its masc
Read more

Microsoft tries to stem its self-made collaboration-tool confusion

By -
Image
Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into t
Read more