Tech

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling

Posted on Author admin Comments Off on Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling
A cartoonish padlock has been photoshopped onto glowing computer chips.

Enlarge

The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.

As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read. A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years.

Breaking Windows

The Windows vulnerability came to light by accident on Monday when a researcher observed what he believed was a coding regression in a beta version of the upcoming Windows 11. The researcher found that the contents of the security account manager—the database that stores user accounts and security descriptors for users on the local computer—could be read by users with limited system privileges.

Read 12 remaining paragraphs | Comments

Related Articles
Tech

Rocket Report: Astra to launch from Florida, NASA troubleshoots SLS issue

Posted on Author admin

Enlarge / SpaceX launched NASA’s IXPE mission on a Falcon 9 first stage that had previously flown four times. (credit: Trevor Mahlmann / Ars Technica) Welcome to Edition 4.26 of the Rocket Report! Don’t look now, but we’re less than two weeks from the momentous launch of the James Webb Space Telescope. The telescope is […]
Tech

FDA advisors green-light Pfizer boosters for people 65+ and at-risk groups

Posted on Author admin

Enlarge / Vials with COVID-19 Vaccine labels showing logos of pharmaceutical company Pfizer and German biotechnology company BioNTech. (credit: Getty | Photonews) A committee of independent advisors for the Food and Drug Administration has voted unanimously (18 to 0) in favor of authorizing a booster dose of the Pfizer/BioNTech COVID-19 vaccine for people aged 65 […]
Tech

4,700 Amazon employees had unauthorized access to private seller data

Posted on Author admin

Enlarge Thousands of Amazon employees, including those who developed private-label goods for the e-commerce giant, enjoyed years of access to sensitive third-party seller data, according to a new report. An internal audit in 2015 traced the issue to lax security protocols, including the use of a tool called “spoofer access,” which allowed Amazon employees to […]