Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions

Posted by timothy on from the here-you-take-it dept.

An anonymous reader writes: By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows. The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000. Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges. All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.

2 of 127 comments (clear)

  1. Was bound to happen... by __aaclcg7560 · · Score: 2, Funny

    Mr. Potato Head has gone to dark side, becoming Hot Potato and joining forces with Evil Bernie and Evil Ernie to rule the world. One Windows machine at a time.

  2. And, Suddenly... by Anonymous Coward · · Score: 1, Funny

    Thousands of slashdotters have a simultaneous joygasm.