Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions

An anonymous reader writes: By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows. The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000. Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges. All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.

Re:because in windows broken security is a feature

[Dog-Cow]

For all those idiot shit-faces moderating this Informative, try reading "The Old New Thing" blog by Raymond Chen. He actually works for MS, and he details many instances of Windows backwards compatibility work.