Overclock.net › Forums › Industry News › Software News › [bit-tech] Microsoft warns of Windows flaw
New Posts  All Forums:Forum Nav:

[bit-tech] Microsoft warns of Windows flaw

post #1 of 52
Thread Starter 
Quote:
Microsoft has released a security bulletin alerting customers to a privilege escalation vulnerability in its latest and greatest operating systems. Yes, the ones re-built from the ground up for heightened security. Whoops.

The bug occurs when you enable Microsoft's IIS webserver, or if you install the SQL database engine. When exploited, any code run under the IIS or SQL user can be instantly and invisibly upgraded to run under the LocalSystem account – which allows for modification to any file on the computer. Game over, basically.

The flaw is common to all Windows releases including Windows XP Service Pack 2, Windows Vista, Windows Server 2003, and Windows Server 2008. Embarrassingly, Vista is vulnerable even if you've applied the recently-released Service Pack 1. Although there are no known exploits for the issue at the moment, it's still a pretty major hole, and one Microsoft will be keen to plug as soon as possible.

The good news is that because the flaw relies on IIS or SQL being active – aside from an attack against Server 2003 involving the Distributed Transaction Coordinator – it's mainly Windows-based web hosts who'll be sweating until Microsoft releases a patch.

Home users aren't completely off the hook, however: although the hole requires IIS or SQL to be installed and active, the flaw actually resides within Windows itself rather than in the add-on software – it's the way Windows handles the SeImpersonatePrivilege that's at issue here. Accordingly, it's not inconceivable that an exploit could be written that would bypass this requirement and allow standard home installs to be attacked as well.
Source
post #2 of 52
Man I am really starting to hate windows. Wish more games were on Linux.
    
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Ghz GIGABYTE GA-EX58-UD3R BFG GTX285 OC2 691/1566/2592 OCZ Obsidian 6GB 
OSMonitorKeyboardPower
Win7 Pro 64 245BW G15 BFG 800 
CaseMouse
CoolerMaster CM690 G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Ghz GIGABYTE GA-EX58-UD3R BFG GTX285 OC2 691/1566/2592 OCZ Obsidian 6GB 
OSMonitorKeyboardPower
Win7 Pro 64 245BW G15 BFG 800 
CaseMouse
CoolerMaster CM690 G5 
  hide details  
Reply
post #3 of 52
Quote:
The flaw is common to all Windows releases including Windows XP Service Pack 2, Windows Vista, Windows Server 2003, and Windows Server 2008. Embarrassingly, Vista is vulnerable even if you've applied the recently-released Service Pack 1.
I thought vista was built "from the ground up."

They shoulda used this in pwn2own.
post #4 of 52
Quote:
Originally Posted by Tufelhunden View Post
Man I am really starting to hate windows. Wish more games were on Linux.
facepalm
post #5 of 52
oops , patch coming?
    
CPUMotherboardGraphicsRAM
Q6600 @ 3Ghz GA-P35-DS3L Rev. 2.0 Powercooler 4870 8Gb GSkill 
Hard DriveOptical DriveOSMonitor
500Gb WD+640Gb WD Lite-on 20x Vista Home Premium 64x 1920x1200 24" +1400x1050 20" 
PowerCase
650 watt OP650 CM Stacker 830 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 @ 3Ghz GA-P35-DS3L Rev. 2.0 Powercooler 4870 8Gb GSkill 
Hard DriveOptical DriveOSMonitor
500Gb WD+640Gb WD Lite-on 20x Vista Home Premium 64x 1920x1200 24" +1400x1050 20" 
PowerCase
650 watt OP650 CM Stacker 830 
  hide details  
Reply
post #6 of 52
Windows vista wasnt built from the ground up...
It's just XP with a facelift.
Da Crushinator
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 2.4 Ghz Asus IPIBL-LB G33 Chipset Radeon HD 3650 **temporary** 8 GB PC2 6400 
Hard DriveOSMonitorKeyboard
640 GB Vista HP 64 Bit Samsung 223BW HP Keyboard 
MouseMouse Pad
Razer Copperhead Something from walmart with a tiger on it :D 
  hide details  
Reply
Da Crushinator
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 2.4 Ghz Asus IPIBL-LB G33 Chipset Radeon HD 3650 **temporary** 8 GB PC2 6400 
Hard DriveOSMonitorKeyboard
640 GB Vista HP 64 Bit Samsung 223BW HP Keyboard 
MouseMouse Pad
Razer Copperhead Something from walmart with a tiger on it :D 
  hide details  
Reply
post #7 of 52
Quote:
Originally Posted by h4rdcor3 View Post
facepalm
I take it they can? Cause if I could run the new games I would. Point me in the right direction please.
    
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Ghz GIGABYTE GA-EX58-UD3R BFG GTX285 OC2 691/1566/2592 OCZ Obsidian 6GB 
OSMonitorKeyboardPower
Win7 Pro 64 245BW G15 BFG 800 
CaseMouse
CoolerMaster CM690 G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Ghz GIGABYTE GA-EX58-UD3R BFG GTX285 OC2 691/1566/2592 OCZ Obsidian 6GB 
OSMonitorKeyboardPower
Win7 Pro 64 245BW G15 BFG 800 
CaseMouse
CoolerMaster CM690 G5 
  hide details  
Reply
post #8 of 52
Quote:
Originally Posted by lecastor View Post
Windows vista wasnt built from the ground up...
It's just XP with a facelift.
Just like how the Ultra is just an overclocked GTX?
post #9 of 52
So, because a security vulnerability is found, we decide to hate windows. I thought that these flaws were normal and that patches , thats released are supposed to fix these flaws. I could understand if the flaw was known for a while but it wasn't.....
So I'm sure they're trying to fix it. I can bet my bottom dollar that as soon as they fix it, a new one will pop up/
    
CPUMotherboardGraphicsRAM
Intel Core i7 7820k @4.8GHZ ROG RAMPAGE VI APEX PNY 1080 Ti  64GB Corsair Vengeance 3200MHZ 
Hard DriveOptical DriveCoolingOS
[Samsung 950 Pro 512GB][2X Samsung 840 250GB Ra... 16X LITESCRIDE DVD-RW EK Double Res, Double Pump, GPU, CPU combo Windows 10 x64 
MonitorKeyboardPowerCase
55IN 4K  Ducky Shine Corsair RM 1000i Modular STH10 
Mouse
Corsair m95 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 7820k @4.8GHZ ROG RAMPAGE VI APEX PNY 1080 Ti  64GB Corsair Vengeance 3200MHZ 
Hard DriveOptical DriveCoolingOS
[Samsung 950 Pro 512GB][2X Samsung 840 250GB Ra... 16X LITESCRIDE DVD-RW EK Double Res, Double Pump, GPU, CPU combo Windows 10 x64 
MonitorKeyboardPowerCase
55IN 4K  Ducky Shine Corsair RM 1000i Modular STH10 
Mouse
Corsair m95 
  hide details  
Reply
post #10 of 52
Quote:
Originally Posted by Tufelhunden View Post
I take it they can? Cause if I could run the new games I would. Point me in the right direction please.
your original statement gave the impression that you wanted to move to linux because windows has bad security which is a very poor argument.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [bit-tech] Microsoft warns of Windows flaw