Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions

Posted by timothy on from the here-you-take-it dept.

An anonymous reader writes: By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows. The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000. Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges. All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.

2 of 127 comments (clear)

  1. Nice by Anonymous Coward · · Score: 3, Insightful

    Whatever you do, for the love of god, don't give us a broad outline of attack vectors, who might be vulnerable, or attack mitigation practices.

  2. Re:because in windows broken security is a feature by Etherwalk · · Score: 2, Insightful

    Microsoft doesn't give a damn about backwards compatibility.

    No doubt that's why we can still use the same API calls sixteen years later...