from the this-is-a-patch-for-the-non-working-patch dept.
Zero-day bug in all Windows versions gets free unofficial patch:
A free and unofficial patch is now available for a zero-day local privilege escalation [(LPE)] vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions.
The bug, tracked as CVE-2021-34484, was incompletely patched by Microsoft during the August Patch Tuesday. The company only addressed the impact of the proof-of-concept (PoC) provided by security researcher Abdelhamid Naceri who reported the issue.
Naceri later discovered that threat actors could still bypass the Microsoft patch to elevate privileges to gain SYSTEM privileges if certain conditions are met, getting an elevated command prompt while the User Account Control (UAC) prompt is displayed.
CERT/CC vulnerability analyst Will Dormann tested the CVE-2021-34484 bypass PoC exploit and found that, while it worked, it would not always create the elevated command prompt. However, in BleepingComputer's tests, it launched an elevated command prompt immediately, as shown below.
Luckily, the exploit requires attackers to know and log in with other users' credentials for exploiting the vulnerability, which means that it will likely not be as widely abused as other LPE bugs (including PrintNightmare).
The bad news is that it impacts all Windows versions, including Windows 10, Windows 11, and Windows Server 2022, even if fully patched.
[...] While Microsoft is still working on a security update to address this zero-day flaw, the 0patch micropatching service has released Thursday a free unofficial patch (known as a micropatch).
Related Stories
For most people, Windows 10 will stop receiving critical security updates on October 14, 2025, roughly a decade after its initial release. For people using computers that can't upgrade to Windows 11 or organizations with dozens or hundreds of PCs to manage, Microsoft is making another three years of Extended Security Updates (ESUs) available, but only if you can pay for them. And the company is ready to start talking about pricing.
In a blog post published earlier this week, Microsoft's Jason Leznek writes that the first year of ESUs will cost $61 per PC for businesses that want to keep their systems updated.
And as with the Windows 7 ESUs a few years ago, Microsoft says that the price will double each year—so the second year of ESUs will cost $122 per PC, and the third year will cost a whopping $244 per device.
[...] Though Windows 11 launched in October of 2021, its adoption has mostly stalled out this year, and Windows 10 remains the most widely used version of Windows by a substantial margin. Statcounter data says that Windows 10 runs on 69 percent of all Windows PCs worldwide and 67 percent of PCs in the US, compared to about 27 and 29 percent for Windows 11 (respectively). The latest Steam Hardware Survey shows Windows 10 running on 54 percent of surveyed gaming PCs, compared to about 42 percent for Windows 11.
Related stories on SoylentNews:
(Score: 4, Touché) by Opportunist on Tuesday November 16 2021, @01:23PM (5 children)
...they need to trick an unprivileged user into executing malware.
So much for "not as dangerous". As long as we have users that click anything, there sure ain't no shortage of entry points.
(Score: 5, Insightful) by canopic jug on Tuesday November 16 2021, @01:49PM (4 children)
As long as we have users that
click anythinguse the computers as advertised, there sure ain't no shortage of entry points.They are just using the computers as advertised, so don't blame the victim in this case. Recall that it wasn't until M$ Outlook that it was feasible to spread malware via e-mail, and many of those were and are "no-click" breaches.
Nowadays. even the browsers, all browsers, are a close second. They are built out of decades of unrefactored, write-only spaghetti code. It gets exponentially worse once you factor in their ability to run unvetted, foreign code on your computer without asking. By itself that is a disaster waiting to happen even without combining that access with faulty, inherently insecure processor architectures [arxiv.org]. In that way it is the browsers which are the weak point common across all operating systems. However, not all systems are equal. M$ Windows is in a class by itself in regard to not just susceptibility to malware but active cultivation of it.
Money is not free speech. Elections should not be auctions.
(Score: 1, Funny) by Anonymous Coward on Tuesday November 16 2021, @04:05PM (2 children)
Sounds like we have a volunteer to rewrite the code? In Java?
(Score: 3, Funny) by DannyB on Tuesday November 16 2021, @05:29PM (1 child)
Shirley, you mean to rewrite it all in C#.
For security.
Why is it so difficult to break a heroine addiction?
(Score: 2) by GlennC on Tuesday November 16 2021, @06:15PM
I see hash just fine...and don't call me Shirley.
Sorry folks...the world is bigger and more varied than you want it to be. Deal with it.
(Score: 3, Interesting) by Common Joe on Tuesday November 16 2021, @08:01PM
I remember before Outlook existed, in the days when the computer center I worked in had PCs that ran WordPerfect in DOS in monochrome colors, we were regularly disinfecting the hard drives of those machines because viruses spread on floppy disks. No user clicks required.
(Score: 5, Interesting) by DannyB on Tuesday November 16 2021, @03:09PM (4 children)
If I applied every free Microsoft Unofficial Patch, there would not be one single square inch of my jacket remaining visible. It would be all patches.
Do these patches fade when machine washed?
Why is it so difficult to break a heroine addiction?
(Score: -1, Flamebait) by Anonymous Coward on Tuesday November 16 2021, @04:39PM (3 children)
Save time, just tattoo "stupid" across your forehead.
(Score: 2) by DannyB on Tuesday November 16 2021, @05:26PM (2 children)
It should be a Windows Logo along with the word Stupid. Also tattoo it in your right hand.
But now we're talking about tattoo's instead of patches.
How about a Microsoft 'unofficial free patch' that sticks to your skin and leeches Microsoft loyalty drugs into your system?
Why is it so difficult to break a heroine addiction?
(Score: 2) by Runaway1956 on Wednesday November 17 2021, @01:39PM (1 child)
The slow release drug patch reminds me of Apple, more than Microsoft. The drug is probably in the skin of your iDevice, the more you handle it, the more of the drug you get. Not sure about the MacBook. Those who have paid the exorbitant price for a MacBook probably don't need the drugs, they are already too invested to consider using anything else.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 2) by DannyB on Wednesday November 17 2021, @02:54PM
If it detects insufficient absorption of the drug, it flashes up an alert:
YOUR HOLDING IT WRONG!
(sic)
Why is it so difficult to break a heroine addiction?
(Score: 3, Insightful) by Anonymous Coward on Tuesday November 16 2021, @05:16PM (1 child)
So its unsafe to run unknown executables from the internet? As the article says, it could give some haxxor system level access!
And to fix it I just need to run some unknown executable from the internet? From some kind generous 3rd party? And they'll keep me safe from the haxxors?
(Score: 3, Funny) by DannyB on Tuesday November 16 2021, @05:27PM
Nailed it in one Mr. Garibaldi.
Why is it so difficult to break a heroine addiction?
(Score: 2) by DannyB on Tuesday November 16 2021, @05:33PM (3 children)
The good news, from TFA:
Wait, isn't that bad news? Is it really so hard to get some other users' credentials? How difficult to log their stokes inserted in between the keyboard usb plug and the computer? Often on the back of the computer where nobody will even notice.
But then the bad news from TFA:
Isn't that just business as usual?
Why is it so difficult to break a heroine addiction?
(Score: 2) by Common Joe on Tuesday November 16 2021, @08:16PM (2 children)
[Sigh.] No. It isn't. Today, I watched a user change their password. Then they clicked the eye icon to visibly display the password so they could verify it was correct. (In their defense, there was no confirmation box.) Then they pointed at it and the said, "Look! The [web-based] program says my password is strong!" "No, ma'am. The measuring program is incorrect. Your password is not strong." I won't say what her password was. Let's just say that it's along the lines of "hunter2". After I finished helping her, I opened up another computer for another user to work on it. Inside, he left me his username and password on a post-it so I could work on it. It was along the lines of "hunter2!"
I won't tell you about the rest of my day because I have a bottle of high proof alcohol I need to finish before I go to bed.
(Score: 0) by Anonymous Coward on Tuesday November 16 2021, @09:15PM
Nobody's going to brute force hunter2! on any student's account. Relax, motherfucker. It's that or be available to help them reset their passwords every session.
(Score: 2, Interesting) by Anonymous Coward on Wednesday November 17 2021, @03:46AM
When my work implemented their new ERP system, we had a ton of contractors doing tons of work on the systems. They wanted direct ssh access without vpn (they tried to run multiple vpn clients [diff customers?] at once on their windows laptops resulting in "vpn doesn't work" and they just blankly stared when a bastion host was suggested). They also didn't understand how to use pubkey auth?!!! Management said, give them what they want.
There were other red flags. But, world accessible ssh via password auth was enough for me to run john the ripper against their password hashes. We didn't force any password complexity rules etc. on these systems since only (supposedly) technical people who know not to use shitty passwords had accounts on them. Instantly, two passwords were cracked-- "123" and a password that was the same as the username with "1" appended. I immediately added password complexity rules to pam (and for a while ran libpam-cracklib).
We spent millions on these idiots, and they didn't respect their customer enough to a) use the secure access method provided by the customer b) learn how to use ssh properly or c) use a credential pair that doesn't expose the customer to unnecessarily high risk esp. in combination with a and b.
The consultants were from a large company that controls a very large percentage (probably majority) of the ERP space in our industry.
The problem is that a lot of people, at all technical levels, just don't give two fucks about security. Not even the most basic measures.
(Score: 3, Interesting) by Hartree on Tuesday November 16 2021, @06:09PM (7 children)
Where do I download patches for my laptop running WFWG 3.11?
(Score: 2) by DannyB on Tuesday November 16 2021, @07:14PM (4 children)
Isn't Windows 95 the security fix for WfWG 3.11?
Upgrade Today!
All your Windows problems will be no more.
Upgrade available on a dozen 3-1/2 inch hard shell floppy disks.
Why is it so difficult to break a heroine addiction?
(Score: 3, Insightful) by edIII on Tuesday November 16 2021, @08:17PM (1 child)
I found a single security fix patch for Windows 7. It's called Debian :)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Funny) by Hartree on Tuesday November 16 2021, @10:22PM
In the same vein, I've found a patch for Debian, as well. It's called Devuan. ;)
(Score: 2) by Hartree on Tuesday November 16 2021, @11:13PM
See the system description below. I had Win 95 on it years back and still have a hard drive for it with that somewhere. In 2001, this was my main travel system. Had it hooked up to a Kyocera Palm Phone a couple years later and thought I was stylin' cruisin' the web at 14.4K or so in the back seat of a Greyhound bus rolling down highway 41. (Was on a trip from Indianapolis to Ft. Pierce Florida. Guess which song I had playing on my MP3 player. ;) ). The other passengers were impressed by web surfing on a laptop via cellphone. Was a very different time.
(Score: 0) by Anonymous Coward on Wednesday November 17 2021, @01:30AM
There were no security issues with Win3.11 because there were no security issues back then because almost nobody was on a network, or on a network exposed to the Internet. To get full access to someones personal Win3.11 machine all you had to do was turn it since everyone used the same account. Sure you could get a virus from a floppy or program downloaded from a BBS, but back then hacking/cracking was for notoriety in the hacking culture, or censorship (today it's called "cancel culture"), not money or blackmail or selling the personal data to the highest bidder.
If you knew how, when you were on the internet using 3.11 you could find so many companies that had much hardware that was exposed without passwords including printers. People were gentlemanly on the internet back then. Seriously. Almost no one stole infor even if you had access to it, other than just looking at companies files to satisfy some sense of curiosity or accomplishment. At worst if someone was mischievous they might pipe some large txt file to some company's printer so it printed 500 pages overnight. (Hahhaha I just made company X waste a package of paper..hahhahaha)
Back in the win3.11 days, the worst security problem was someone running WinNuke against your IP , which would bluescreen and crash your machine.
The second worse security problem with Win 3.11 was having to stay up pasts midnight and dial into the MS BBS with my 14400 modem and download the latest virus updates. (long distance rates were 90% cheaper after midnight :)
Oh but of course some of us were not ignorant of of the few dangers that existed even back then. The rule of thumb back then was don't run software from someone or someplace you don't trust, just like it is today.
(Score: 2) by dltaylor on Tuesday November 16 2021, @10:21PM (1 child)
Last "laptop" I saw with WfWG was a Compaq "sewing machine". Guess I'll have to dig out the diskettes and try it on my oldest Dell.
(Score: 2) by Hartree on Tuesday November 16 2021, @11:02PM
This one's a Thinkpad 560E with a blazing fast Pentium 150 processor, pcmcia ethernet, and modem cards and an external floppy drive.
Somewhere I've got a hard drive for it with Win95, but it's currently got DOS/WFWG on it. Just resurrected it a month ago by replacing the keyboard and a number of case components from another one I had that has motherboard problems. Bought this used in 2000, and I think I've got my money's worth out of it.
(Score: 1) by Frigatebird on Tuesday November 16 2021, @08:03PM (2 children)
They sell me a defective operating system, and then give me a patch for free? What huge philanthropists are this Microsoft!
(Score: 0) by Anonymous Coward on Wednesday November 17 2021, @01:51PM (1 child)
Someone pays for Windows?
There are so many different ways to get Win10 and/or Win11 for free, I can't imagine someone actually pays for it. Unless, of course, you paid for it when you bought your machine. I never do that, buy a No-OS machine, and/or build your own from components.
And, if I couldn't find a "legal" way to download Windows for free - I'd pirate it anyway. Working keys are published all over the web. Note, I didn't say "legal keys", I said "working keys".
(Score: 2) by canopic jug on Thursday November 18 2021, @04:52AM
And, if I couldn't find a "legal" way to download Windows for free - I'd pirate it anyway.
That's still paying them. Historically, M$ has made 80% of the price of Windows as monopoly rents. By extending their market you're still paying them that 80%. You're not sticking it to anyone but yourself when you do that. Copying is an intentional part of M$ marketing strategy for that reason, as it keeps people off the competition.
The original 1998 article might [cnet.com] not quite be lost in time but here is a more recent one quoting it:
M$ may be slow, but they generally grind through with their plans if for no other reason than inertia usually when those plans are centered around extending and abusing a monopoly position.
All that can change quickly though. If one counts mobile phones / smartphones, netbooks, and tablets in the same category as desktops and notebooks, then M$ marketshare on the client side is down to about 30%. There goes the monopoly and with it the monopoly rents which have been keeping that company afloat for all this time. Now on to address their monopoly on OEMs ...
Money is not free speech. Elections should not be auctions.