back to article Bug-hunter reveals another 'make me admin' Windows 10 zero-day – and vows: 'There's more where that came from'

A bug-hunter who previously disclosed Windows security flaws has publicly revealed another zero-day vulnerability in Microsoft's latest operating systems. The discovered hole can be exploited by malware and rogue logged-in users to gain system-level privileges on Windows 10 and recent Server releases, allowing them to gain …

  1. Joe W Silver badge

    "Just want to get rich and give you fucktards in the West the middle finger. [...] human society deeply disgusts me."

    Yes. No thanks to egoists who just want to get rich and give everybody the finger...

    1. Mark 85 Silver badge

      Unless the bug bounties become, shall we say "competitive" there's no motivation not to have the attitude she has.

      1. Timmy B Silver badge

        "there's no motivation not to have the attitude she has."

        How about simply being a decent human being? How about realising that we are all beholden to each other to make this world a better place? How about simply acting like a damn grown up?

        1. deive

          The irony is the main problem in the West are greedy people who just want to get rich, and don't care about anyone else...

          1. Joe W Silver badge

            Sorry, but "everybody is a greedy a**hole" does not fly as a good excuse. But, yes, there are too many of those, good description of what is wrong. But essentially, by stopping using that excuse and trying to be a decent human being things might improve - maybe only on a local level, but hey, that's a start!

            (still, I totally support going BOFH on those who deserve it - isn't it ironic, don't you think?)

            1. Andy The Hat Silver badge

              Unfortunately that comment probably opens the poster to a criminal charges of aiding and abetting computer misuse and conspiracy to commit computer fraud ... up until that point it was simply a hole that had been discovered and released into the wild ... idiot

              1. Prst. V.Jeltz Silver badge

                whats the difference?

                releasing the whole to the wild is the damaging part , yelling " F U !!" is optional

            2. MrDamage

              A BoFH does not condone collateral damage to innocents. He or she would target the individual(s) for punishment, and the only repeated action amongst them, involves the carpet, shovel and bag of quicklime.

          2. bombastic bob Silver badge
            Megaphone

            "the main problem in the West are greedy people who just want to get rich, and don't care about anyone else"

            WRONG. You are merely pandering to the "bourgeois vs proletariat" (i.e. communist manifesto) perception of "us vs them" and if you believe that, you're circulating your misconceptions amongst those who agree with you, and it proves NOTHING.

            If you want to get down to it, the problem is the same one that's been there as long as there have been humans: A small group of elitists MANIPULATE PEOPLE and seek to CONTROL THEM, usually for nefarious purposes. Usually you find them in GOVERNMENT. People in BUSINESS, on the other hand, generally see everyone else as CUSTOMERS and, if they're smart, treat them accordingly.

            A good customer is like gold pressed latinum. yeah even the Ferengi would agree.

            People act according to THEIR OWN SELF INTEREST. period. I guarantee you there is NOBODY out there so altruistic (except maybe Jesus) to put EVERYONE ELSE ahead of himself and be self-sacrificing, etc. etc. etc.. Even those who jump on grenades have a self-interest in mind, such as "do it for the Corps/Country/friends". It may even be a matter of PRIDE. And this is _NOT_ a BAD thing... it is a GOOD thing!

            So if you assume people act according to their own best interests, those in business WILL make money [because losing money loses the business, duh] and they will pay their investors, who ONLY invest to earn money, and their employees, who ONLY work to earn money, and so on. Then when the free market determines the proper return for investments and what wages the work is worth [and not gummints, special interests, unions, etc.] then we're ALL better off, because it works _WITH_ human nature and not AGAINST it.

            SO if you you're looking for a SOURCE of "the problem", start with GUMMINTS, then ORGANIZED CRIME (almost the same as 'gummints' in many cases), then SOCIALIST ORGANIZATIONS and those who donate to them [i.e. Soros], as well as WHINY ACTIVIST JUDGES (and their l[aw]yer buddies) who ENABLE much of this.

            1. 404 Silver badge

              good morning, Bob...

            2. Anonymous Coward
              Anonymous Coward

              Cui bono

              Yes, Bob, but the problem with the US at the moment is you have an awful lot of large IT companies for whom the customers are advertisers and politicians, and the likes of you and I are the sheep they want to shear.

              You ought actually to read Marx instead of thinking you know what he said, because he explains how capitalism works. And he isn't wrong, in fact he forecast later developments pretty accurately. Which is why the cons and neocons made a bogey of Marx; because they didn't want the sheep reading the book and understanding the function of the shearer.

              Marx foresaw that capital would end up in fewer and fewer hands and that therefore they would control ever more of society, battening on people by controlling the supply of housing and food. If you have a monopoly or a combine monopoly of essentials for life, your customer retention is not a problem.

              I have a vote in elections for the government, I have no vote in Facebook and no realistic prospect of buying enough shares to control it.

              1. Paul Hovnanian Silver badge

                Re: Cui bono

                "Marx foresaw that capital would end up in fewer and fewer hands"

                Let me check my stock portfolio for a sec........ Yeah, Groucho. I guess you were right.

              2. JLV Silver badge

                Re: Cui bono

                > forecast later developments pretty accurately

                Which ones? Stalin? Pol Pot? Mao? Gulags? Katyn massacre? Great Leap Forward? The systematic rejection of individual choice in how to be governed, i.e. democracy, as implemented by his subsequent followers? The total failure of planned economies, past occasional initial success phases, time and again? Inquiring minds would like to know.

                Unfettered power, by corporations, individual or governments has an extremely high risk of abuse. Dogmatism and the claim to know better than everyone else is one way to get there.

                On the other hand, whatever you think of modern capitalism, it has had to tone down, or at least cover up, its greed a bit since the 1850s and Marx was very much a driving force behind things like unions or paid holidays getting adopted. Sure wasn’t the robber barons’ first choice.

              3. Anonymous Coward
                Anonymous Coward

                Re: Cui bono

                I have a vote in elections for the government, I have no vote in Facebook and no realistic prospect of buying enough shares to control it.

                A vote in elections is not quite enough to control the government either. But otherwise your point is valid: one is accountable to the public (more or less), the other is accountable to no-one by biggest bidders. In theory.

              4. Anonymous Coward
                Anonymous Coward

                Re: Cui bono

                You are right and right and right. Its the first in years outside academia that I see someone actually talking about Marx with any knowledge of what he postulated.

                I must add to your point that where history proved Marx wrong is not regarding his prediction on the trend in capitalism... Its was his prediction that the poor and powerless would somehow be organised and develop a common identity and rise up against the capitalist. In modern societies, they instead kick the dog, beat their wives, shoot their neighbors and drown their sorrows in drugs, the bottle or TV...

            3. Anonymous Coward
              Anonymous Coward

              " I guarantee you there is NOBODY out there so altruistic (except maybe Jesus)..."

              Jesus always came across as a true narcissist with a big ego and massive chip on his shoulder. Maybe I was reading the wrong book?

              1. Anonymous Coward
                Anonymous Coward

                is that the British version?

            4. JLV Silver badge

              Reading lucid, elegant and eloquent, flowing prose like Bob’s makes me really, really, wonder why seemingly no one else has picked up how useful CAPITALIZATION is at convincing others.

              1. Michael Wojcik Silver badge

                Didn't Isaac Asimov say that block capitals are the last refuge of the rhetorically incompetent?

            5. Anonymous Coward
              Anonymous Coward

              Bob..... Bob.... This is your lizard overlords.... we notice that you seem to have waaaaay too much time on your hands if you are posting on the register rather than grinding to make us richer - get back to work or it will be the electrified butt plug for you again !!!!!

              1. Anonymous Coward
                Anonymous Coward

                Didn’t you know?

                Each CAP-burst comes from a zzzzt-jolt on said butt plug.

                Boss Lizard

            6. MrDamage

              Oh dear

              Bob's forgotten to take his dried frog pills again.

            7. Anonymous Coward
              Anonymous Coward

              A Bombast too far !!!???

              Mr 'Bombastic',

              You were doing quite well untill the last paragraph !!!

              Even the comments regarding 'GUMMINTS' and 'ORGANISED CRIME' could be considered fair.

              BUT

              the rest states more about your own biases (Political or otherwise).

              From my experience there is nothing intrinsically special about 'Socialist' organisations that make them any more or less likely to be a problem .... ditto for Judges.

              The general problem applies to all Political organisations of all flavours, where the 'Echo Chamber effects' encourage 'groups' to believe that they are special and normal adherence to the laws of the land are deemed not necessary as they 'know better' !!!

            8. TomG

              "People act according to THEIR OWN SELF INTEREST" slight correction; people act according to their perceived best interest.

              1. Michael Wojcik Silver badge

                people act according to their perceived best interest

                Even a passing glance at history or the relevant psychological research shows that is not true in general. People act according to a complex of psychic motivations which usually operate pre-consciously, and thus well prior to any reflective consideration of self-interest (accurate or not).

                Conscious consideration of self-interest or other goals may condition those responses, and sometimes people correct their initial reaction following reflective consideration.1 But on average perceived self-interest is far from being a primary conditioner of behavior.

                1It's also debatable whether various sorts of psychological rewards which are orthogonal or opposed to material advantage are in the subject's "self-interest", because self-interest can be defined in various ways. Ultimately this is a matter of definition, though, and there are certainly those who would lump, say, the satisfaction of an addiction or the reinforcement of a pleasing self-image, even at material cost, into "self-interest".

            9. Claverhouse Silver badge

              I was reading, back in the dear dead days beyond recall, the Clintonite 1990s, rather successful western companies were paying Chinese factory workers 13 cents [ USD ] an hour when a living wage there was 6 times that; and the Chinese government took the line that any job no matter how ill-paid was generous simply because it was a job; and over in the Economic Zones of the Philippines workers were paid $56 a week for 12 hour days with compulsory overtime if you wanted a job in the morning, and only 2 bathroom breaks a day: plus a shanty-town to live in when not working. Which wasn't that often.

              Interestingly enough, the Filipino GUMMINT endorsed all this, banned the wicked UNIONS, and kept the workers safe from talking to SOCIALIST ORGANIZATIONS, and refrained from collecting TAXES, as the corporations were lured with tax holidays that either rolled over or began anew with a phoenixly reborn business at a rate which would have bought a blush to Companies House in the days when any rascal could buy an off-the-shelf company with useful tax losses as easily, and for roughly the same cost, as we pay for a domain now.

              .

              FUCK THE FREE MARKET.

              .

              Plus women risked infertility from the chemicals supplied by the companies.

          3. Anonymous Coward
            Anonymous Coward

            So this means she is one of those Greedy people she hates. Not surprised at all.

          4. Glenturret Single Malt

            "...the main problem in the West are greedy people..."

            And this isn't a problem elsewhere too?

        2. Anonymous Coward
          Anonymous Coward

          "How about simply being a decent human being? How about realising that we are all beholden to each other to make this world a better place? How about simply acting like a damn grown up?"

          Well, without meaning to do a modern paraphrased Godwin, maybe if Trump had not decided to attack the 'East', forcing major Chinese companies to be isolated and forced down a route of nationalism on a whim then there would be less people trying to disrupt Western tech companies.

          I agree with the sentiments that sharing exploits to stop the 'bad' people exploiting them is admirable, but the more there is a war between Western and Eastern tech the more the underground cyber attacks will surely continue.

        3. Augie

          That would also have to be shown with politicians. Considering most act like petulant school children on a good day, one does not share much hope.

        4. bombastic bob Silver badge
          Pirate

          It's more fun to dump the bug data/details and watch the chaos unfold...

        5. Roland6 Silver badge

          >How about simply being a decent human being?

          This one cuts both ways. As has been pointed out, a big (US) company is making money out of this software - are the people with the chequebooks being "decent human beings" by not rewarding bug finders at rates that reflect the work involve?

          I thus suggest "decent human beings" don't expect everyone to cover their own costs and work for free. In some respects I suggest finding a security hole and them crafting an exploit to use that hole is more akin to creating a work-of-art, so perhaps bug finders should be sending the results of their work to auction.

          1. Anonymous Coward
            Anonymous Coward

            > In some respects I suggest finding a security hole

            >and them crafting an exploit to use that hole

            >is more akin to creating a work-of-art,

            >so perhaps bug finders should be sending

            >the results of their work to auction.

            Funnily enough that is more or less what is happening - a PC with half a dozen bits of famous malware is up for auction

        6. Alan Mackenzie

          Being a decent human being

          Just being a decent human being doesn't pay the rent, nor buy food. I don't know, but I'm guessing that finding these vulnerabilities takes weeks and months of research. Couple that with the fact that much of this research will be speculative and yield no fruit. Maybe it's Microsoft and friends who should start "acting like grown ups" and start paying these researchers properly for their results.

          1. Kiwi Silver badge
            Holmes

            Re: Being a decent human being

            Just being a decent human being doesn't pay the rent, nor buy food.

            Actuially if we were all to act like decent humans, there would neither be a need to pay rent nor </buy> food.

            I'm growing enough of certain things that I can give away more than I can eat. One of my neighbours grows other things and also gives away more than they can eat - so between the two of us we're more than sufficient in certain fruits and veges. We have the two smallest (by 1/2!) plots on the block (and it's not a small block), lots of other houses with lots of room out back for decent gardens, and people with enough time on their hands to tend more than one of these plots. Our neighbourhood could be self-sufficient for fruit and veges if we worked together.

            Among us we also have the means to repair any vehicle or structure, any computer or electrical repairs, even a plumber just up the road. But as a whole we'd rather pay a lot to someone 20 miles away than a little to the neighbour two doors away.

            And yes, we have people who can prepare timber for building.

            If we were to "be excellent to each other" then, well, much of the world's issues would be long gone. All it really takes is a little sharing with your neighbour, helping them to help someone else who can help you out.

        7. amanfromMars 1 Silver badge

          Deep See Swims

          How about realising that we are all beholden to each other to make this world a better place? .... Timmy B

          Now when that is not exactly true, it can become problematical, Timmy B. Just ask Tony Blair. It does though make for a much more helpful approach to implementing solutions when true.

          Whenever UKGBNI Parliamentary Governance Collapses do GCHQ's Special IntelAIgent Services Break Cover in InterNetional Defence of the Realms with Other Worldly Wise Solutions?

          Novel Channels of Creative Discourse for Practical Realisation ..... Earthly Virtualisations for SMARTR Populations being one such AIMasterPlan in Advanced IntelAIgent Developments.

          1. Timmy B Silver badge

            Re: Deep See Swims

            I totally disagree. We are, and rightly should be, looking after each other. Just because some people don't it doesn't mean that the principle doesn't stand.

            1. amanfromMars 1 Silver badge

              Re: Deep See Swims

              I totally disagree. We are, and rightly should be, looking after each other. Just because some people don't it doesn't mean that the principle doesn't stand. .... Timmy B

              How very odd, Timmy B, that you should disagree with a comment that agrees with you.

              That's a failure of intelligent information parsing, methinks, and that can very easily be problematical.

        8. LyingMan

          Did you refer to POTUS?

        9. GruntyMcPugh Silver badge

          @Timmy B: "How about simply being a decent human being?"

          Well, she's gone public, and the exploit will get patched, so there's that. Someone who was utterly nefarious would have either tried to sell the exploit on the QT, or used it themselves to hold people's data hostage, and she's not done that. What it makes me wonder is if she's the first person to discover these vulnerabilities, because better funded state institutions have entire divisions of people looking for them. State actors don't share, they don't get stuff patched, they hoard exploits (or try to, sometimes their hoards get discovered) and they use those exploits against their own citizens. So she's achieved one goal, the middle finger has definitely been given to the West's intelligence community.

    2. Reg Reader 1 Bronze badge

      I agree that one should be a decent human being and do the right thing and I or any/most of you would do that. On the other hand, many Corporations make most of their money in the developed economies and outsource their work to the developing economies whenever possible or simple reduce staff leaving existing staff with an increased workload. I find it very hard to have have any sympathy for any of them.

    3. Tail Up

      How true it is, Joe W. Think giving a finger means a result of not willing or a fear to untighten the whole grip, because of, of course, reasons. What a tasteless being...

    4. Michael Wojcik Silver badge

      There seems to be widespread opinion in the hacker community (insofar as such a thing exists) that SandboxEscaper has emotional and behavioral issues. I don't mention that as an excuse for her behavior or to reconcile her statements and actions, but merely to point out that critiquing her as hypocritical or unethical somewhat misses the point. From what I've heard, I'm not sure she can be rational, in a sustained way, about these behaviors.

      It's unfortunate because she's clearly a talented software-security researcher.

  2. Pier Reviewer

    Bug class

    All of SBE’s vulns have been of the same class.

    That’s not a dig at SBE. That’s a dig at MS. When you find a vuln, the best thing to do is assume they’ve screwed up in the same way more than once and go looking for the same mistake elsewhere in the code. It’s a very efficient method of finding vulns.

    The first bug that was dropped was a fair while ago, and sounded like it could well be endemic. MS, with source code home advantage should have gone to town finding where else the same type of mistake had crept in and fixed it. Instead, we have this...

    1. UKHobo

      Re: Bug class

      MS, with source code home advantage should have gone to town finding where else the same type of mistake had crept in and fixed it. Instead, we have this...

      I agree but no self respecting middle level PHB is going to sanction the minions to go on a crusade searching for similar issues. It's that person's mission to hide all issues from their upper management.

    2. AndrueC Silver badge
      Boffin

      Re: Bug class

      When you find a vuln, the best thing to do is assume they’ve screwed up in the same way more than once and go looking for the same mistake elsewhere in the code. It’s a very efficient method of finding vulns.

      That should be part of standard bug fixing process. That and trying to come up with some kind of change (code, or even process) that would make such a bug hard to repeat in future or at least raise a red flag if it did.

  3. Timmy B Silver badge

    Some suggestions....

    "human society deeply disgusts me."

    Then you have three choices:

    1. STFU.

    2. Leave.

    3. Make it better.

    1. Thoguht Silver badge

      Re: Some suggestions....

      Unfortunately, there is a fourth choice:

      4. Try to destroy it

      1. Timmy B Silver badge

        Re: Some suggestions....

        There is always the "be a dick" option, of course. But why? It's like saying that if you don't like eating cabbage you may as well starve yourself to death as you can't be bothered to eat other veggies.

        1. Joe W Silver badge

          Re: Some suggestions....

          and then you are the problem, not the solution (well, except in a very terminal sense, like in the cabbage example above)

        2. Pascal Monett Silver badge

          Re: It's like saying that if you don't like eating cabbage...

          Wrong simile. If you don't like eating cabbage, you can not eat it.

          Once you're born here, it doesn't matter if you like it or not : there's only one way out.

          That is, until we have at least one colony somewhere else, but I suspect that that bitch would still gripe whatever the planet/moon/space station.

          1. Timmy B Silver badge

            Re: It's like saying that if you don't like eating cabbage...

            Not quite. You can eat things you don't like (starving people will), or find something else you like more. If you don't like where you were born you can try to change it. You don't have just the choice to leave. Though that is one choice.

            Simile works as I didn't use an example where you were forced or eating would kill you. It's just a preference.

      2. Anonymous Coward
        Anonymous Coward

        Re: Some suggestions....

        I like this option best.

      3. Reg Reader 1 Bronze badge

        Re: Some suggestions....

        @Thoguht

        "Unfortunately, there is a fourth choice:

        4. Try to destroy it"

        Oh yes, that's the Trump/Bannon method.

    2. Uffish

      Re: Some suggestions....

      Three sugestions only! That is a bit Spartan.

  4. revenant Silver badge

    She should look in the mirror

    There's plenty in Western society to be disgusted by, but in tramping the wilds avoiding human contact, she is bypassing communities full of people that have similar feelings.

    In my experience most people simply want to live reasonably comfortable lives amongst similarly-minded people, and are not out to screw everyone else. What disgusts her about Western society is largely driven by politicians, business leaders and those who aspire to 'elite' status who, for sure, just want to be rich and give the middle finger to everyone else.

    Her words condemn her as being just the same.

    1. Gob Smacked

      Re: She should look in the mirror

      Guess she has Aspergers syndrome and this has not been pickup up by the environment earlier. Asperger people can be great contributors to society, but they often can't deal with people around them and need much personal space. Often being bullied in early life gets these kind of results, but under all the hard talk, most aspergers just want to be good people...

  5. GreggS

    She hates the West and likes exploring trails in northern England. Is she Russian? All she needs to add is enjoys cathedrals and that would be the giveaway.

    1. Timmy B Silver badge

      "She hates the West and likes exploring trails in northern England".

      It's amazing how many people that hate the West are very, very happy to enjoy all the benefits of the West. Like being able to freely explore trails.

      Really she's just immature.

      1. amanfromMars 1 Silver badge

        A Heavenly Surprising Prize ..... ZeroDays Rule, .... ZeroDay Rules

        Really she's just immature. .... Timmy B

        As per any young Villanelle, Timmy B? That would be almighty challenging and rewarding helping her and sister spirits grow unbelievably strong and secure in host environments ..... Pandoras' Boxes Servering Lead Intel to Invested Clientelle for All Powerful AIMaster Command and Control Leverage/Virtually Almighty Great Game Play ‽ .

        In a mad artificial world do the really crazy follow or lead media trails with daily tales from or for Seriously Vetted Source Centres/Misinformation Hubs/Disinformation Networks?

        There is quite a difference and marked advantage in being one for rather than from the other.

        1. Tail Up

          Re: A Heavenly Surprising Prize ..... ZeroDays Rule, .... ZeroDay Rules

          "any young Villanelle" - IRL not just any, amanfromMars, and there are much one might be agree with in this pathetic sentence/sentiment (-:

          The next year hike trip is being planned since this post. One knows the agenda. AId invite valid.

  6. Anonymous Coward
    Anonymous Coward

    Another day, another Windows problem

    Would all Microsoft apologists please use this thread so we have all the excuses in one place? That makes it easier to copy them for the next bug, probably tomorrow.

    Cheers.

  7. Buzzword

    She? How do you know?

    If the author is pseudonymous, how do you know that they are female?

    1. Gareth.

      Re: She? How do you know?

      She has previously posted on Twitter - although that account has since been suspended - and is still active on at least one other social media site. Some of those posts concern details of her (sadly quite troubled) personal life.

      1. Anonymous Coward
        Anonymous Coward

        Re: She? How do you know?

        "still active on at least one other social media site. Some of those posts concern details of her (sadly quite troubled) personal life."

        You are correct.

        Unfortunately, Google now makes you log in using a valid Google account to read her blog.

        From reading earlier entries in her blog, it seems her troubles were either caused by, or made worse by, her belief that the FBI wanting to "get in touch" with her.

        Hence, her middle finger held high to the West.

        1. anonymous boring coward Silver badge

          Re: She? How do you know?

          Not the CIA? If it’s the FBI she would be a ‘Murcan then.

  8. Anonymous Coward
    Terminator

    1988 called and wants its exploit back

    .. the exploit code .. clobbers pci.sys's access permissions so that it can be modified and overwritten by the user, thus opening the door to privileged code execution.”

    Didn't the Morris Worm use something similar, injecting a command into the task scheduler that over-wrote the password file.

    1. Michael Wojcik Silver badge

      Re: 1988 called and wants its exploit back

      Not really. The Morris Worm exploited vulnerabilities in fingerd, sendmail, and rsh/rexec. It did attack passwords, but not by overwriting /etc/passwd.1 It tried some heuristics and a small dictionary against the password hashes;2 according to a 1984 study this approach could be expected to succeed on about 30% of accounts on typical UNIX machines of the day.

      The fingerd exploit was a BOF against gets() - perhaps the quintessential BOF, and likely the impetus for the interest in stack-smashing that eventually led to Levi's famous phrack article.

      The sendmail exploit abused the DEBUG command in sendmail, which was essentially a deliberate command-injection vulnerability, from a more innocent era.

      The use of rsh/rexec wasn't a program vulnerability but the architectural insecurity of the r-commands, which were often configured to allow remote execution to local users without credentials. The Morris Worm used that mechanism to spread among machines within organizations that used the r-commands.

      See Spaf's analysis for more details.

      1It didn't know anything about the shadow password file, which some UNIX variants, but not all, had started to use in '88.

      2UNIX crypt-derived passwords of that era were salted hashes generated by iterated DES encryption of a zero block using the password as the DES key. Due to the salt and the network bandwidth and storage limitations of the time, the worm had to rehash the dictionary for each salt value; it couldn't use a precomputed dictionary. Obviously retrieving hashes and doing an offline lookup or attack would have been more efficient, but dangerous (the cracking server could be identified), and in any case password cracking wasn't the worm's main goal or attack vector.

  9. Anonymous Coward
    Anonymous Coward

    Wouldn't it be fun

    To drop each zero day the following day after Microsoft fixed the last one.

    Perhaps braindead corporate customers that blindly put their faith in Microsoft might wake up...

    1. Pascal Monett Silver badge

      Re: Wouldn't it be fun

      No, it wouln't. I doubt that Micrsoft's customers are all blind or braindead - they are, however, hopelessly addicted.

      Some are trying to fight that, which is why many, many servers in the corporate world are being switched to some flavor of Linux. The advent of Google Docs, among other things, means that small businesses no longer have to have Windows on their machines, so progress is being made.

      In any case, punishing users for the master's failures is unfair by any count.

      1. Anonymous Coward
        Anonymous Coward

        Re: Wouldn't it be fun

        The advent of Google Docs, among other things, means that small businesses no longer have to have Windows on their machines, so progress is being made.

        Is that not:

        (a) swapping one proprietary file format for another and;

        (b) voiding business secrecy and privacy via another route (instead of Windows 10)?

        I know the answer to (b), but on account of not being in a position to use Gdocs (because of aforementioned (b)) I have no idea in what format that works so I would genuinely like to know.

        Due to some politics and security requirements we mainly use Libre/OpenOffice and derivatives and use the European government document standard, ODF. There are maybe 2 machines left in our company with MS Office, also because we have no great wielders of spreadsheets (Excel is about the only product that has no comparable competition).

        1. bombastic bob Silver badge
          Devil

          Re: Wouldn't it be fun

          "The advent of Google DocsLibre/Open Office, among other things, means that small businesses no longer have to have Windows on their machines"

          more relevancy, though acknowledged "among other things" as including that...

        2. Anonymous Coward
          Anonymous Coward

          Re: Wouldn't it be fun

          No and no.

          A) Google docs works in open formats (as well as Microsoft closed formats), and works on anything that can run a browser, including a totally locked down read-only secure boot device.

          B) Google paid business platforms have a totally different privacy policy to their free consumer products.

          I would prefer to use Google docs over office any day, it works much better, and is massively cheaper, per seat and TCO

          1. vaporland

            what i don't like about google docs (and APIs)

            they change that shit without warning. at least when I ran office, if i didn't connect to the internet and didn't update the software, i had a stable operating environment.

            I work with Google APIs (gmail, oauth, drive, calendar) and when I go in to configure something and they've changed it AGAIN and I have to poke and stab at it to find what I need, that is my major frustration with web / mobile applications.

            other than that caveat, i can do some really cool stuff.

    2. Anonymous Coward
      Anonymous Coward

      Re: Wouldn't it be fun

      Ah yes sure that'll fix it because there are no security flaws in non-windows based software from other companies or open source developers.

      Reminds me of that song "There Are No Cats In America".

      1. Anonymous Coward
        Anonymous Coward

        Re: Wouldn't it be fun

        A secure boot, locked down device like a Chromebox is infinitely more secure than windows. Go look and understand chain of trust secure boot ..

        1. anonymous boring coward Silver badge

          Re: Wouldn't it be fun

          Infinitely? Infinity is quite a large number, you know...

    3. anonymous boring coward Silver badge

      Re: Wouldn't it be fun

      I like that idea!

  10. Blitheringeejit
    WTF?

    Not sure if it was a good idea...

    ...for El Reg to include links to a blog maintained by a self-confessed (indeed self-aggrandised) malware author. Drive-by, anyone?

    1. Prst. V.Jeltz Silver badge

      Re: Not sure if it was a good idea...

      she gets about a bit

      https://sandboxescaper.blogspot.com/p/travel-photos.html

      1. DCFusor Silver badge

        Re: Not sure if it was a good idea...

        Dunno, if smart - which appears to be the case, why not toss out all sorts of fake clues. All intelligence community "state actors" do that - make it look like some other country or actor did it. Anyone can find a buncha pictures, you don't have to take them yourself.

        (cough)UMBRAGE(cough)

        So, theory would be it's some fat American slob in mom's basement wanting enough dough for more video games or similar?

        1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Not sure if it was a good idea...

        Fascinating.

  11. LewisRage

    Already Patched

    From SBE's reddit post here https://old.reddit.com/r/AskNetsec/comments/brcr4n/new_windows_lpe_from_nonadmin/

    "Have fun. (won't work in insider builds, since hardlinks are patched)"

  12. Richard 1

    Easy to find.

    If this person is going to sell vulnerabilities then I would assume that she will quickly become of interest to various government agencies. She wouldn't be too hard to find as she's happily posting her destinations. A quick delta of flights into the local areas of her treks should quickly narrow down the list of perps.

    1. Anonymous Coward
      Anonymous Coward

      Re: Easy to find.

      Who do you think the biggest customers of 0-days are?

  13. bombastic bob Silver badge
    Devil

    60k can be earned in better ways

    someone with the security know-how to spot bugs like that COULD _EASILY_ earn more than this amount in an annual salary by being a Linux admin or security professional consulting with businesses, etc..

    The criminal mindset, however, precludes making this wiser [and less risky with respect to legality] choice.

    I think I'd get a salary that's TWICE the 60k, every year, doing a legit IT admin position, with everything else that comes with it. You know, like the BOFH. Despite the occasional problems with management, users, consultants, sales-droids, and so on, there's a nice 2nd floor window...

    1. LDS Silver badge
      Devil

      "I think I'd get a salary that's TWICE the 60k, every year, doing a legit IT admin position"

      Sure, until they substitute you with some cheaper green card holder, or send your job offshore... once they moved all your servers to the cloud...

  14. Lee D Silver badge

    If a user can create an arbitrary scheduled task to run any given executable, it's game over anyway.

    That Windows helpfully repermissions your file that you want to run from a legacy imported scheduled task is really just icing on the cake.

    Presumably pci.sys is used because it's a "known" signed file that Windows trusts anyone to activate?

    Ordinary users should not have the capability to schedule tasks, nor should they have the ability to access the folder where scheduled tasks are kept, nor should they be able to execute arbitrary executables. Hell, they shouldn't even *see* the scheduled tasks panel, there could be privileged information in there!

    The problem is not some "new" exploit... it's just the same old complete lack of security on basic features, and "trusting users" the same way people did back in the days of Windows 3.1 or DOS.

    1. LDS Silver badge

      "Ordinary users should not have the capability to schedule tasks"

      Why? Plain users may have several reason to schedule tasks, and you don't want to give admin permissions to every user who may need to schedule a task.

      Even in Linux you have per-user crontab files and jobs.

      The fact that the task scheduler should be better implemented is a different thing.

    2. Anonymous Coward
      Anonymous Coward

      You complete tosser. Of course regular users should have the ability to schedule tasks. But those tasks should run with the same permissions as that user and nothing more.

  15. disgruntled yank Silver badge

    waxed lyrically

    Another story having to do with Brazil?

  16. DenTheMan

    A zero a day keeps the NSA at play.

    Alternatively,

    Must have outsourced the coding to China.

  17. MrKrotos

    Two more bugs on github

    https://github.com/SandboxEscaper/polarbearrepo/tree/master/angrypolarbearbug2

    https://github.com/SandboxEscaper/polarbearrepo/tree/master/sandboxescape

  18. Anonymous Coward
    Anonymous Coward

    I wonder...

    Did anyone else think, “I wonder if the “she’ referred to looks like Trinity in The Matrix”

  19. anonymous boring coward Silver badge

    That's my kind of gal!

  20. Anonymous Coward
    Anonymous Coward

    Nothing better

    Life just doesn't get any better than this, a damn fine coffee in the morning, Bombastic Bob, Amanfrommars and now the Sanboxescaper blogs.

    Like somebody else said, she's my kind of Gal. A hacker that likes hiking.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nothing better

      Sounds like she needs a friend and a job. GCHQ?

  21. Tail Up

    4:3 это сцуко хоккей!!! ty US, RU

    1. Anonymous Coward
      Anonymous Coward

      ++

      Tail Up ++. Better than a crossword puzzle with me coffee.

  22. Anonymous Coward
    Anonymous Coward

    Skillz

    Or just a lot of time on their hands..either way, hats off...world's a safer place because of the bugs being put in the open...good...Or wait..world's worse off because bugs have been put in the open....blasted sysops.

  23. Michael Wojcik Silver badge

    Pennines

    SandboxEscaper's blog post reminded me of this classic.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020