Researchers Bypass All Windows Protections by Modifying a Single Bit

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Bypass all Windows security measures by modifying a single bit. A single bit. :eek:

One of the security bulletins released by Microsoft on Tuesday fixes a privilege escalation vulnerability which, according to researchers, can be exploited by malicious actors to bypass all the security measures in Windows by modifying a single bit.
Click to expand...
 
"The security hole was identified and reported to Microsoft a few months ago by the security firm enSilo."

Yep. Sounds about right.
 
According to Microsoft, an attacker who manages to log in to the targeted system can..
Click to expand...
Do anything he damn well wants to.

I know the headline of "change a single bit" sounds scary, but let's be realistic here. It's an exploit that requires the attacker to log into the machine first.

Still, glad the security firm reported it a few months ago and then only posted it on their blog the day MS issued a patch. AKA, they didn't pull a Google dickmove.
 
BladeVenom said:
The real dick move is when MS knows about bugs for months, or even years and never fixes them until they are called out or after they are exploited.
Click to expand...

Welcome to the built in blind spot of the technological elite. If something isn't tracked online, it doesn't exist. It isn't that corporations are all evil, they're just reality challenged. :D
 
BladeVenom said:
The real dick move is when MS knows about bugs for months, or even years and never fixes them until they are called out or after they are exploited.
Click to expand...

Yeah, and allowing the flawed implementations into your next OS aka Windows 10 Preview.

I will never work for Microsoft. Ever.
 
By single bit are we talking about enable/disable a setting?

I heard if you get root access on a Linux operating you can do irreparable damage. I bet Linux will be gone by next week once that exploit gets out.
 
Magnus said:
Welcome to the built in blind spot of the technological elite. If something isn't tracked online, it doesn't exist. It isn't that corporations are all evil, they're just reality challenged. :D
Click to expand...
More of the corporate elite a problem doesn't exist(not worth the money) until the public knows about it.
 
westrock2000 said:
I heard if you get root access on a Linux operating you can do irreparable damage. I bet Linux will be gone by next week once that exploit gets out.
Click to expand...

very smart response, sir, i salute you and your illuminating wisdom...

...but, you know, it shouldn't be possible to a setting or anything else system related from an unpriviledged account. what you describe is an admin logging in and screwing up the system. it's not what this exploit is about, but you probably didn't read the article or even the snippet posted here.
 
BladeVenom said:
The real dick move is when MS knows about bugs for months, or even years and never fixes them until they are called out or after they are exploited.
Click to expand...

Bugs take months to track down, fix and then test to see what if anything the fix will effect.

If Microsoft released a bug that they tossed together in a single day that caused 10% of Windows based computers to crash on startup I bet you would be bitching about them not testing anything.

This goes for all companies. The larger the company and more complex their software is the longer they have to test every possible issue.
 
BladeVenom said:
The real dick move is when MS knows about bugs for months, or even years and never fixes them until they are called out or after they are exploited.
Click to expand...

MS can't do shit until lcpiper's people allow it first.
 
1 bit is being dramatic. Read their portion of the writeup, yes there is a problem that requires the change of at least one bit (or two as they use) on a flaf for the first part to work, but the exploit itself is far more complicated using uaf and buffer overflow techniques, and it looks like a fair amount of work to make it valid on all versions of windows.
 
tazeat said:
1 bit is being dramatic. Read their portion of the writeup, yes there is a problem that requires the change of at least one bit (or two as they use) on a flag for the first part to work, but the exploit itself is far more complicated using uaf and buffer overflow techniques, and it looks like a fair amount of work to make it valid on all versions of windows.
Click to expand...

*Flag

This place needs a fucking edit button.
 
tazeat said:
1 bit is being dramatic. Read their portion of the writeup, yes there is a problem that requires the change of at least one bit (or two as they use) on a flaf for the first part to work, but the exploit itself is far more complicated using uaf and buffer overflow techniques, and it looks like a fair amount of work to make it valid on all versions of windows.
Click to expand...

Yeah makes it sound like a single keypress gets you in.

Instead its an obstacle course.
 
^^^ *on second thought* Though hopefully the process gets done properly & we won't need to worry about that at all.
 
pcjunkie said:
Just going to throw this out there gently now that you gave it a second thought. :)

http://www.infoworld.com/article/28...s-headed-for-no-downtime-kernel-patching.html
Click to expand...

Yeah... hitting "Submit Reply" sometimes lets the dumb thoughts come out first before the really good ones arrive a few seconds later. :eek:

I'm quite happy that Linux will have this capability. MS needs to get their crap together since know that they've talked about live patching for a while but never implemented it.

I forget if I saw that back when they were brainstorming the features for Vista...
 
Getting user mode access to running as the system account in Windows OS's has been around since the dawn of Windows in a variety of ways. Sure, this particular method may be an exploit as it gives the user direct access to the system account and therefore kernel mode access. But it doesn't seem any bigger an exploit than crafting a service that proxies commands as the system account... which is done by countless legitimate applications on the market today.

The biggest security threat to computing is stupid users.
 
The biggest security threat to computing is stupid users.
Click to expand...

In this case I think the biggest danger is smart users. I mean a person who given the instructions at that website can implement the exploit or at least find a site that has an executable.
 
Change ANY bit in the O/S and watch it do strange and wonderous things it wasn't meant to do. That headline is pure sensationalism.
 
BladeVenom said:
The real dick move is when MS knows about bugs for months, or even years and never fixes them until they are called out or after they are exploited.
Click to expand...


W..h..i..c..h.... is ... exactly what this would have looked like if the story had broke last week right?
 
Just in time for Valentine's... I hope the bit will never be single again.
 
You must log in or register to reply here.
Back
Top