Fruity hacking group juiced by Microsoft's October patch parade Kaspersky Lab researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week. Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers. Ivanov's …
Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.
Am I reading this right? They have a special user mode .... for font processing? Can't be arsed to properly validate input? Is the code too spaghetti?? Is it running Turing-complete code from the Internet in there or something? WTF!!
"This is a very good solution but the code has the same bug in the TTF processing," Ivanov says.
The mind boggles. I think the lizard people are strong in Redmond.
And no, its is NOT a very good solution. It's an incrediably retarded "solution" for a problem that shouldn't exist.
meterpreter-style script
Yah, nice neologism! What is a "meterpreter"???
You seem surprised. This is Win10 Microsoft after all
FIFY - I think it was said more than 2 decades ago that someone said that building a firewall based on Windows (NT it was, I think) is the same as building a prison out of merengue.
I have as yet to see a single piece of code come out of Redmond that could be considered safe. They are so incapable they'd manage to screw up writing a "Hello World" program. They're the Trump of the software world.
(trying to use up my rant quota for this month - better have it out before beer o'clock :) ).
"FIFY - I think it was said more than 2 decades ago that someone said that building a firewall based on Windows (NT it was, I think) is the same as building a prison out of merengue."
I'm not aware of a single exploit ever for the Microsoft firewall type solutions like Proxy Server and Forefront TMG...even though they were very widely deployed.
TTF Font rendering is actually partly using a virtual machine. Truetype is a horrible and complex beast.
That said, why it wasn't doing it in an isolated user in the first place is a bit of a mystery, but then WMF files were just function pointers to GDI functions and we used them for 20+ years even while they were being exploited.
But Truetype rendering - and pretty much all font-rendering - is a horrible job. Everything from font hinting bytecode machines to sub-pixel rendering integrating with graphics drivers.
Lee D wrote:
But Truetype rendering - and pretty much all font-rendering - is a horrible job. Everything from font hinting bytecode machines to sub-pixel rendering integrating with graphics drivers.Strange then how RISC OS was performing fully vector rendered, hinted and anti-aliased font plotting back in 1989 on an 512KB 8MHz ARM2 Acorn Archimedes.
"What is a "meterpreter"???"
www.offensive-security.com/metasploit-unleashed/about-meterpreter/
for "Powershell", which was used to write this.
I wonder what is the most limited computer language used to write a virus? Probably excluding the plain text that says "This is a virus which operates on the honour system. Please e-mail it to your friends and delete some of your files. Thank you."
Because I've got several laptops, some can be ignored for months.
One was last updated 23 May 2016 (five months ago). Upon trying to update this month, it appeared to hang up. After all the usual faffing and trying to invoke corrective action, one advice posted recommended to just let it run. So I did. It had CPU at an intermittent 25% for THREE DAYS. Then everything went back to normal, and Updates proceed at the expected speed.
This weirdness also happened the same way for another netbook that had been off since April (six months). Days of solid CPU doing something, then back to normal.
Good thing I have more than one laptop.
Weird.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
