Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions

An anonymous reader writes: By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows. The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000. Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges. All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.

Nice

Whatever you do, for the love of god, don't give us a broad outline of attack vectors, who might be vulnerable, or attack mitigation practices.

Re:because in windows broken security is a feature

[Etherwalk]

Microsoft doesn't give a damn about backwards compatibility.

No doubt that's why we can still use the same API calls sixteen years later...

Re:I really feel sorry

Actually, for the mid to upper level users, we're the ones that feel sorry for you. You put up with a lot of bugs, glitches, exclusions, and ugliness to have your "freedom." Not to mention the paranoia and zealotry that stains the Linux brethren. Meanwhile the rest of us just enjoy using computers for what we want to do. Very little time is needed for us to keep Windows running. Good thing too, because we're busy working, creating, and playing with the largest software selection in the universe.