SoylentNews is people
SoylentNews
SandboxEscaper Drops Three More Windows Exploits, IE Zero-Day:
On the heels of releasing a Windows zero-day exploit on Wednesday, developer SandboxEscaper has dropped exploit code for four more flaws on Thursday morning.
On Wednesday, she dropped a Windows zero-day exploit that would allow local privilege-escalation (LPE), by importing legacy tasks from other systems into the Task Scheduler utility – and she promised four more unpatched bugs while she was at it.
SandboxEscaper held true to that promise, on Thursday releasing on GitHub the proof-of-concepts (PoCs) for another three Windows LPE flaws, and a sandbox-escape zero-day vulnerability impacting Internet Explorer 11. One of them however turns out to already be patched.
The exploits:
[...] a Windows Error Reporting (WER) bug (CVE-2019-0863), was actually patched earlier this month in Microsoft's May Patch Tuesday fixes
[...] zero-day impacting Internet Explorer 11, which could enable bad actors to inject a dynamic link library (DLL) into Internet Explorer."
[...] a bypass for a previously released patch addressing a Windows permissions-overwrite, privilege-escalation flaw (CVE-2019-0841)."
[...] A final flaw is an "installer bypass" issue in Windows update
Not just one's own personal machines need to be considered; it's all the other Windows-based systems that we interact with, too. Might be best to hold off on non-essential transactions for a while?
(Score: 3, Disagree) by ilsa on Friday May 24 2019, @03:32PM (3 children)
I find attitudes like yours extremely frustrating. I DO care about my privacy. Yet I am using Windows on my laptop. Why? Because Desktop Linux is shit. Unless you are using a very basic beige box generic desktop computer, and your work is limited to using LibreOffice and other basic desktop apps, you are going to run into a never ending stream of difficulties. I won't list all the issues here because I could be writing for the next several hours and still not be done. You can only put up with all that nonsense for so long before you eventually throw your hands up in the air.
So I could use a Mac? Sure! I'll just spend 6 grand on a machine that has the specs of a 2.5k machine, with no way to upgrade anything AND the single worst keyboard ever invented since the 80s.
So I am forced to use Windows, because it is literally the best option out there. Thankfully I have a 2nd m.2 slot so I am able to dual-boot linux for those times when Windows flat out isn't good enough, but I am more than frustrated by the whole situation.
People like you are no better than single-issue voters. The world cannot be reduced to single problems with single solutions. As far as the state of general desktop computing goes, there are NO good options. Just options that piss you off the least.
(Score: 0) by Anonymous Coward on Friday May 24 2019, @06:10PM
Desktop Linux just works nowadays, just grab a distro that does the work for you. If your hardware is obscure or brand new you might have to edit a text file, install a library, or wait for drivers to get written, but I have a much better experience on Linux than Windows. Suspend/resume just works, sound just works, function keys just work, boot time is less than 5 seconds, responsiveness is head and shoulders above ms bs, and between wine and qemu I can run just about anything I will need with no problems.
(Score: 2) by RamiK on Friday May 24 2019, @07:46PM (1 child)
Clearly no more than your convenience. Have you considered using a KVM switch between multiple machines and not ever installing a browser on the Windows one in the first place? A CIFS share is all you need to get the workflow going. Syncthing if you don't trust Windows to handle the networking would work too for most. You can even use Synergy [symless.com] to smooth it all out.
Don't give me cheap excuses about the workloads either. Most lab and CAD machines out there are air-gaped using this KVM setup with USB sticks doing the to-and-fro.
Dual booting is what we did when we were kids. Nowadays you can stack 3 NUCs for gaming, work and browsing if you really need it and it will take the same space as a single ATX tower.
Fact of the matter is, most people just don't give security and privacy more than a moment's thought. They shrug their shoulders like you saying "Desktop Linux is shit" and leave it at that. Then they'll install a smart TV in every room, connect them all to streamers on the wifi and buy a tablet and smartphone for each kid...
No good options my ass.
compiling...
(Score: 2) by ilsa on Monday May 27 2019, @04:59PM
You seriously expect the average person to have a multi-computer setup with a KVM and Synergy to bounce between everything?
Your argument, while technically correct, is completely ridiculous. Not everyone has the resources for that kind of setup. Even if they had the money, they likely don't have the expertise. Just because YOU know how to do that doesn't mean every single person on the planet does. If they did, us IT folk wouldn't have jobs because we wouldn't be needed.
And even if the technical skill is there, there is ALSO the matter of opportunity. Setting this kind of stuff up takes time. MAINTAINING this stuff takes even more time, especially in todays environment where developers think it's completely acceptable to throw the baby out with the bathwater and the user just has to suck it up. Maybe you have the free time to do such things, but I can very much assure you that you are definitely in the minority.
Your perspective is arrogant and completely divorced from the realities involved with defending one's privacy, and your attitude accomplishes nothing but breed acrimony.