Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Obliquely Acknowledges Windows 0-day Bug Published on Twitter (arstechnica.com)

Posted by msmash on from the for-the-record dept.

A privilege escalation flaw in Windows 10 was disclosed earlier this week on Twitter. From a report: The flaw allows anyone with the ability to run code on a system to elevate their privileges to "SYSTEM" level, the level used by most parts of the operating system and the nearest thing that Windows has to an all-powerful superuser. This kind of privilege escalation flaw enables attackers to break out of sandboxes and unprivileged user accounts so they can more thoroughly compromise the operating system. Microsoft has not exactly acknowledged the flaw exists; instead it offered a vague and generic statement: "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule." So, if the flaw is acknowledged (and it's certainly real!) then the company will most likely fix it in a regular update released on the second Tuesday of each month.

66 comments

  1. Moscow Don better watch his butthole! by Anonymous Coward · · Score: 0, Troll

    1. Trump goes to prison for life
    2. Trump's phat booty is raped by a well-hung inmate daily
    3. NO COLLUSION!
    4. Trump pretends it never happened
    5. Trump dies and is buried under the prison

    The End

    1. Re: Moscow Don better watch his butthole! by Anonymous Coward · · Score: 0

      Bruce Perens would sue you for such words. Careful.

    2. Re: Moscow Don better watch his butthole! by Anonymous Coward · · Score: 0

      Bruce Perens can suck a donkey dick.

  2. Microsoft OS is insecure by Anonymous Coward · · Score: 0

    Microsoft has proven itself time and time again to be an insecure platform to work on. Why most users don't abandon that platform and move to something a little more secure is beyond me (e.g some Linux distro, OS X, etc). Maybe people just don't care, in which case they deserve all the problems they get staying with Microsoft. I just hope some day people will value their privacy and security enough to say "I'm done with Microsoft" (I have), unless they have to use it on a work computer. How long will people keep putting up with crappy, 0-day infested spyware?

    1. Re:Microsoft OS is insecure by ArchieBunker · · Score: 3, Interesting

      As soon as Adobe makes a Linux build of their suite I'll switch over. Might as well call up SolidWorks and Pro/E while you're at it.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:Microsoft OS is insecure by Anonymous Coward · · Score: 0

      No doubt. Ive been a defender of Microsoft for many years. Hell Ive made it my lifes work for the most part.

      But its just getting to be too much. Its one after the other and the problem isn't the updates, its the framework on which Windows is built that causes all these bugs in the first place.

      The framework is broken, and it will continue to be broken. No amount of patches can fix that. Something needs to change.

    3. Re:Microsoft OS is insecure by Anonymous Coward · · Score: 0

      Until whatever tool sets and games they use are available on one of those other OSes. Most people care as much about the OS as they do about the brand of their stove.

    4. Re: Microsoft OS is insecure by Anonymous Coward · · Score: 0

      I've been using Linux since 1996 and I do love it.
      That being said if we where in a world of Linux everywhere on the desktop I wouldn't bet on a radical increase in security. More crap software, more crap drivers, more scrutiny of black hats, more dumb users, and so on. Add to that the systemd crapware and I'm sure we would see such privilege escalation quite more often than nowadays.
      I would love to be proven wrong though, mainly because the premise would be the disappearance of Windows.

    5. Re:Microsoft OS is insecure by Desler · · Score: 2

      Exactly. Nerds need to learn that users care about applications not the OS. It's why so many are fine with ChromeOS despite it being "not real Linux" which is only of concern to dorks.

    6. Re:Microsoft OS is insecure by Farmer+Tim · · Score: 0

      Most people care as much about the OS as they do about the brand of their stove.

      A kitchen isn’t a kitchen unless there’s Smeg on every appliance. I’m not alone in my opinion, we see lots of Gordon Ramsey’s Smeg on TV. And from experience, nothing smells quite like home made bread baked in the Smeg. Seriously, if you don’t think it matters you’ve never had a Smeg.

      --
      Blank until /. makes another boneheaded UI decision.
    7. Re:Microsoft OS is insecure by Anonymous Coward · · Score: 0

      Yeah, port the Windows API layers to Linux and leave the old implementation behind. :)

    8. Re: Microsoft OS is insecure by Anonymous Coward · · Score: 0

      Not correct..
      All people that use OSS says the code is better looked, all bugs are corrected on the fly....etc....etc.
      At home i only use linux (either my Manjaro, raspbian, Slack). By my experience........ well...there are bugs with years to be solved....
      Like in Windose or Macsy.... things take their time.
      The diference, in my opinion, is how many black hat hackers look at a OS....in this line of thinking Windoze as been doing a god job, not a Great job but a good one.
      And probably they have more eyes on their code than OSS just think of all the companyies that work and inspect their code to create drivers for example.
      It is my true opinion that if OSS ad the exposure that Windoze as to the hackers XP would be a example of perfect security..... just 2 cents

    9. Re:Microsoft OS is insecure by Killall+-9+Bash · · Score: 2, Interesting

      I work in IT.

      Everyone loves ChromeOS. And then they ask "so how do i install outlook?" And then they ask "How do I allow this ActiveX control?" And then they ask "How do I install this printer?" And then they ask "is it too late to return these?"

      The only business users who can effectively use Chormebooks are ones where no one is working (i.e. kids using Slack).

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
    10. Re: Microsoft OS is insecure by Desler · · Score: 1

      All people that use OSS says the code is better looked, all bugs are corrected on the fly....etc....etc.

      That was definitely what is claimed but one only has to look at the OpenSSL and X.Org codebases to know those claims were false. Both are dumpster fires of poorly written, insecure code.

    11. Re:Microsoft OS is insecure by Anonymous Coward · · Score: 0

      A kitchen isn’t a kitchen unless there’s Smeg on every appliance.

      Smeggin' 'ell, you do realize that smeg is just shorthand for smegma, don't you?

      smeg-ma (NSFW: photos)
      noun
      Smegma (Greek smgma) is a combination of shed skin cells, skin oils, and moisture. It occurs in both male and female mammalian genitalia. In female bodies, it collects around the clitoris and in the folds of the labia minora; in males, smegma collects under the foreskin.

      Grud help you if you're smearing smeg all over your appliances.

    12. Re: Microsoft OS is insecure by Anonymous Coward · · Score: 0

      Exactly this.
      Everybody assumed openssl was secure because it was widely used and its FOSS so it must be secure.

      And nowadays things are even worse with poetteringware everywhere. Who needs a hole in the kernel when PID 1 spreads its legs wide open ?

    13. Re:Microsoft OS is insecure by Desler · · Score: 1

      The only business users who can effectively use Chormebooks are ones where no one is working (i.e. kids using Slack).

      Where in my post did I say anything about business users? And nowhere did I say all users would be fine with ChromeOS. Lastly, all those things you mention are application-layer programs which feeds into my point that the user couldn't care less about the OS when its the programs they want to use that matter. The applications drive what OS they use not the other way around. Which is why users are willing to continue to put up with Windows despite many people disliking it.

    14. Re: Microsoft OS is insecure by Anonymous Coward · · Score: 1

      Remember Windows does a lot more. Linux kernel + all drivers + X Windows + GNU Userland + Open SSL + KDE/GNOME project + package management systems + other misc xwindows tools (xdm, xterm etc) + backwards compatibility layers is the rough equivalent of a typical Windows desktop installation.

      Of COURSE the Linux kernel has a lot less bugs than all that code. Same as the Windows Kernel has a lot less bugs in it than WIndows as a whole.

    15. Re:Microsoft OS is insecure by 93+Escort+Wagon · · Score: 1

      And then they ask "How do I allow this ActiveX control?"

      Who still uses ActiveX? Do you live in Korea?

      --
      #DeleteChrome
    16. Re:Microsoft OS is insecure by dissy · · Score: 5, Interesting

      I work in IT.

      Everyone loves ChromeOS. And then they ask "so how do i install outlook?" And then they ask "How do I allow this ActiveX control?" And then they ask "How do I install this printer?" And then they ask "is it too late to return these?"

      The only business users who can effectively use Chormebooks are ones where no one is working (i.e. kids using Slack).

      I work in IT too, and I found an excellent use for ChromeBooks. Remote access.

      Both remote desktop and our VPN client are available on the chrome store.
      Full laptop form factor chromebooks run $300, compared to a full fledged windows laptop from HP closer to $1000

      Once VPNed in, you can remote to your desktop or VM instance and do everything you would in the office, except perhaps full multi-monitor support.

      No one asks how to install Outlook because they already have it.
      No one really asks for ActiveX controls either, as the local apps using them have those controls pushed out to IE already, and anything else likely will gain a "no" reply.
      Same for the printers, office printers are installed with clicking a link on our intranet site, and home printers connected to the chromebook are forwarded over remote desktop to print to.

      Plus there are no worries about a windows laptop offsite being joined to the domain.
      No stupid syncing group policy except while logged in, no windows update errors due to not finding the WSUS server, no downloading updates over the VPN when it can find the WSUS server, no locally stored data to secure or backup or worry about being lost, no worries that Windows will expire the local SAM cache and tell the user they can't login to the laptop until after they login to the laptop and VPN in...

      They also have much lower end and simpler chromebook hardware in the $100-200 range.
      Not quite laptop form factor fully, but at a price point to be almost disposable.

      Maybe your infrastructure doesn't allow for this type of setup, and I can only vouch for the Cisco AnyConnect VPN client, but that doesn't mean there are no business use cases for the things.

    17. Re:Microsoft OS is insecure by Anonymous Coward · · Score: 0

      Microsoft has proven itself time and time again to be an insecure platform to work on. Why most users don't abandon that platform and move to something a little more secure is beyond me (e.g some Linux distro, OS X, etc).

      Because that's a lot of work and cost to get it just a little more secure.

    18. Re: Microsoft OS is insecure by Anonymous Coward · · Score: 0

      WIndows subsystem for Linux is the future.

      Don't @ me

    19. Re:Microsoft OS is insecure by Anonymous Coward · · Score: 0

      No, he definitely did not know that and from his post it is clear he was completely oblivious to that. I mean that is VERY clear that he most CERTAINLY did not know that so thankyou for pointing that out!

    20. Re:Microsoft OS is insecure by iggymanz · · Score: 2

      and AutoDesk and MasterCAM, let's move the whole industry over

    21. Re: Microsoft OS is insecure by Anonymous Coward · · Score: 0

      Show me these claims of people saying it's secured beyond reach or whatever you are claiming. No one said those things.

      The claim is if the code is open then it allows more people to find and fix flaws. And that's what happen. Someone audited the code for evil or good purposes and found the flaw, and it got fixed.

    22. Re:Microsoft OS is insecure by Eravnrekaree · · Score: 1

      I never understood why these companies do not simply write their software using Qt so that it will work across the operating systems, it makes financial sense to maintain just one code base that will run on all OSs.

    23. Re:Microsoft OS is insecure by dknj · · Score: 0

      You have just proved why no respectable IT organization owns ChromeBooks en masse.

    24. Re:Microsoft OS is insecure by Bert64 · · Score: 2

      So switch to Mac, there is a build of their suite available there.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    25. Re:Microsoft OS is insecure by Bert64 · · Score: 1

      A lot of corporate users use outlook web access, which works fine in chromeos...
      A lot of users use gmail, which works fine in chromeos.

      Very few activex controls are still out there, i've not encountered any of that crap for years...

      If you're going to buy a chromebook, you buy a compatible printer to go along with it, assuming you actually need to print something. Most consumer printers are cheap and disposable and regularly replaced because they fail or become incompatible with the latest os updates.

      There are lots of users for whom chromeos works great, infact there are many users who's only interaction with the internet is from a mobile device and have never used a traditional computer at all.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    26. Re:Microsoft OS is insecure by Bert64 · · Score: 2

      And also a lot more secure, if a remote user connects them to a random free wifi network the chance of them being compromised and becoming a foothold on your corporate network is massively reduced.

      A corporate windows (or macos to a lesser degree) laptop connecting to a third party wireless network often leaks a LOT of information at the network level (eg it tries to perform dns lookups for your internal domain), and often contains a lot of data that can be extracted. A chromebook will do none of these things, and is far less likely to be compromised in any case.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    27. Re: Microsoft OS is insecure by Bert64 · · Score: 1

      There would still be problems, but security would still be better because you'd be starting from a better base...

      Windows has a lot of bad legacy design, and then lots of cruft bolted on top trying to implement security alongside a system that was never designed with it in mind (im referring to windows specifically and all the crap thats been inherited from dos and win3x/9x, not NT which although a more sensible design has had the aforementioned cruft bolted on top of it).

      You have massive complexity, design flaws that cannot be fixed without breaking compatibility, and a lot of legacy hanging over from a system which didn't even have a concept of users or privileges.

      Windows still stores passwords using an unsalted algorithm, and still allows authentication by hash (so effectively it stores plain text passwords)...
      Windows still runs several highly complex network-listening services by default at a high privilege level and which are hard to turn off (they recommend hiding the problem with a firewall rather than actually fixing it by removing the services).
      The shear complexity makes it extremely difficult to manage and monitor, new techniques are constantly being discovered and noone knows the whole system well enough to truly understand whats going on. Linux is extremely simple by comparison.
      Windows users are expected to download and run arbitrary binaries, although there is now a repository system in the form of the windows store it is still not widely used. Downloading random binaries requires a high level of technical literacy in order to verify the legitimacy of the site and the binaries downloaded.

      So the whole world using linux wouldn't be perfect, but it would be better... A good example of this is Android, while there are malware problems on android in reality they are very few and far between compared to windows, despite the huge number of active android devices.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    28. Re: Microsoft OS is insecure by Bert64 · · Score: 1

      A typical linux distro on the other hand comes with a lot more tools than windows does...

      The Linux kernel also does a lot more than the windows kernel, it has many more features, runs on a much wider array of hardware and includes drivers for a lot more hardware (windows drivers are typically provided by third parties).

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    29. Re:Microsoft OS is insecure by Anonymous Coward · · Score: 0

      How did he prove this? ... We're floating the same idea but instead of using chromebooks we would be using android phones + Miracast + wireless keyboard/mouse.

    30. Re:Microsoft OS is insecure by Ritual · · Score: 0

      Linux has just as many privilege escalation exploits. It's just the nature of our current CPU architecture. It's impossible to secure if someone is allowed to run their own software. Add networking and these shit tier Web Library's we all use everyday like Flash and Java all that nonsense that are heaps of insecure garbage, if your local software doesn't compromise your machine; remote code exploits will. I would go as far to say that the software we use to browse the web and collaborate are left intentionally insecure. IN this day and age the government is openly promoting back doors and surveillance for everyone. They have outlawed encryption (that works and they can't break). Don't be so naive that "if only we had linux as our main OS we would be secure". No we wouldn't.

    31. Re:Microsoft OS is insecure by ArchieBunker · · Score: 1

      I think my next build is going to be ESXI based so I can run OSX without too many hardware headaches. Keep a Windows VM for when you need it.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    32. Re:Microsoft OS is insecure by Killall+-9+Bash · · Score: 1

      Who still uses ActiveX?

      Banks. Yes. I agree with your look of horrified realization.

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  3. Headline misleading by Geoffrey.landis · · Score: 2

    Unless there's more than is in the summary, the headline should read "Microsoft does not Acknowledge Windows 0-day Bug Published on Twitter".

    --
    http://www.geoffreylandis.com
    1. Re: Headline misleading by tysonedwards · · Score: 1

      Itâ(TM)s the use of phrase âoe(and it's certainly real!)â that has some thinking: the privilege escalation bug is real, but not acknowledged, so wait for Patch Tuesday and letâ(TM)s see what happens.

      --
      Thirty four characters live here.
    2. Re:Headline misleading by Anonymous Coward · · Score: 0

      You must be new here.

    3. Re:Headline misleading by Desler · · Score: 1

      No, this is New Here.

    4. Re: Headline misleading by Anonymous Coward · · Score: 0

      Patch Tuesday no longer exists (unless you want it)
      https://www.secureworldexpo.co...

  4. The Emperor's Clothes by Anonymous Coward · · Score: 0

    One of my favorite fables. Microsoft should probably stop dicking their hackers around with their bounty program and just pay them. Obviously guy could have made bank selling this to the NSA, GRU, or Mossad. But gave it away for free obviously to make the point that Microsoft expects him to work for free.

    I'm actually hoping he drops a new one every day for a week.

    1. Re:The Emperor's Clothes by Anonymous Coward · · Score: 0

      What do you expect from M$ when some of their branches and departments were even closed, due to losses. I remember just last year, around 50,000 M$ employees were axed due to company "restructuring". You mean MS fired some of its employees and would pay those debugging crackers tens of thousands of dollars?

  5. Microsoft Obliquely accepts LInux by Anonymous Coward · · Score: 1

    I mean, if we're going to spin words here...

  6. This person got sick of MSFT bug submission by guruevi · · Score: 2

    If you see the comments and write up in the documents and demo he released. It's fairly easy to exploit, in lay terms: the Task Scheduler read/writes to a location as SYSTEM and you can ask it to write any permissions to that file. Since the location of that file is publicly accessible for everyone, you could replace a job file with a DLL and then the system will write permissions for it to be executable as SYSTEM.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:This person got sick of MSFT bug submission by Anonymous Coward · · Score: 0

      The "he" is a "she", you insensitive clod!

  7. Then Move To Linux! AND TO MONTREAL! by Anonymous Coward · · Score: 0

    ...the Montreal winters became so unbearable that I realized I couldnâ(TM)t live that way any longer...

    I was having thoughts about hurting the people around me or other âoedarkâ thoughts. Indeed, these had plagued me for years.

    When the lows of those oppressive Montreal winters hit, the thoughts became unrelenting.

    I won't go into detail about the content of those thoughts, but suffice it to say they were filled with terrible things that made me feel like a danger to those around me.

    --------- and awaaaaay we goooo.

    You hate. We all hate it. But it's the best of the those hated things. And I hate it. But no plans on taking it out on anyone. I leave that for the wacko Trumpers. They will do it no matter what. Because Trump. That's why.

  8. Another HUGE Windows 10 problem. by Futurepower(R) · · Score: 2

    Windows 10 will soon force monthly charges.

    Basically, if there is a monthly charge for Windows 10, Microsoft will make more money if there are more bugs in updates. They will apparently fix the bugs only for those who are paying monthly.

    1. Re:Another HUGE Windows 10 problem. by Desler · · Score: 3, Interesting

      The Microsoft Managed Desktop which is what those articles discuss willnot be forced on to anyone and are specifically being targeted to business users. Nowhere in the Mary Jo Foley article does it say that anyone will be forced into the service. What your spreading is actual fake news.

    2. Re: Another HUGE Windows 10 problem. by Anonymous Coward · · Score: 0

      First they came for the business users...but I didn't care because I wasn't a business user...

    3. Re:Another HUGE Windows 10 problem. by jezwel · · Score: 1

      Basically, if there is a monthly charge for Windows 10, Microsoft will make more money if there are more bugs in updates. They will apparently fix the bugs only for those who are paying monthly.

      I find this interesting as essentially this is what most companies already do with software, though on a different scale - annual maintenance charges that provide bug-fixes and updates. Many are moving to monthly fees so that the user has "more flexibility" around how much of a service they want to consume.
      Oops, your monthly charge is usually a fair bit more than an annual charge divided by 12 months. You've got all that extra flexibility remember?
      Anyone need full time access? Coincidentally your monthly fee paid annually is more than maintaining a perpetual licence...
      Been using a product for a few years, and have embedded it into your processes and workflow? Must be time for (yet another) price increase!

      Back OT. Monthly charges should be low enough that users are fine with the cost - a couple dollars here or there will easily slide under the radar, plus shareholders have a smoothed out (and greater) profit delivery that is less dependant on new releases.
      Now, your supposition that there is money to made by having more bugs? Potentially true - get your subscriber count high as they need your bugfixes. Sounds like a predatory business model.
      Regulation that forces vendors to return $$$ or credit subscribers (more likely) where there is disruption to their paid service service will need to be created. The chances of that seems pretty small though.

  9. When they discover a hidden door by Anonymous Coward · · Score: 0

    and you have to tell the people who use it that you have to wall it up... It's curious how many "accidental" security issues just let someone literally take full control of the computer. It's almost as if they were purposefully built, and intentionally covered up. Hm.

  10. 0h noze Windo$e is a peece of $hi7!... by Anonymous Coward · · Score: 0

    ...except this sort of thing has been happening on various *nix systems for many years now.

      Yes, Windoze 10 is a piece of shit, and should be migrated away from, but for different reasons.

  11. Questions: 1) Charging later? 2) No control? by Futurepower(R) · · Score: 2

    Questions:

    1) Do you think Microsoft won't begin charging everyone later? That's what Adobe Systems did after releasing Creative Suite version 6. It is now Adobe Creative Cloud.

    2) Will "business users" want Microsoft to have more control over their computers?

    1. Re:Questions: 1) Charging later? 2) No control? by Anonymous Coward · · Score: 0

      I paid a hundred dollars for my Windows 10 license, so I don't see why they would charge me again for something that I bought.

  12. Here's hoping... by Anonymous Coward · · Score: 0

    Maybe I can use the exploit to uninstall Cortana, "Telemetry" (i.e. spyware) and Edge. All useless crap I don't want on my PC.

    Here's hoping !

  13. More complete vulnerability description by Anonymous Coward · · Score: 1

    This is /. so you don't have to oversimplify.
    What's actually going on is that the task scheduler has an API that allows you to set the DACL (discretionary access control list, the list of permissions for various user accounts or groups) for a task's folder and .job file in the Tasks folder. Since the task scheduler runs under the system account, it should impersonate the caller when doing so, since otherwise when setting the permissions, the kernel will check if system, rather than the caller, is allowed to set the specified permissions. This is done correctly for the folder, but due to an oversight the task scheduler doesn't impersonate the caller when setting the DACL on the .job file.
    Now, any user can create a job and were it not for a bug like this one there'd be no reason to disallow this since the job would only run with privileges that were already available in some way to the user creating the job in the first place. But this fact can be used to exploit the bug, by dropping a hard link to some file in the Tasks folder and then using the API to set a new DACL on it. Because of the bug you can gain write access for files that are normally read-only for you and on which you normally cannot set a new DACL.
    The scenario used by the POC is as follows: Locate a dynamic link library that gets loaded into a process running as system. These are normally shielded from modification by normal users and even system, because normally only TrustedInstaller can modify these files. It's important it isn't already loaded, otherwise we'll get a sharing violation later when we try to edit it. Drop a hard link to this dynamic link library into the Tasks folder and edit the DACL to give you write access. Modify the dynamic link library to contain your exploit code. Perform whatever action needed to trigger loading the library, and presto!