The vulnerability exists in the Access to Work or School tool and bypasses the February 2021 patch for CVE-2021-24084.
On the 0patch platform published by Unofficial fix for local privilege escalation vulnerability in Mobile Device Management Service affecting Windows 10 1809 and later.
The vulnerability exists in the Access to Work or School tool and bypasses a patch released by Microsoft in February this year for CVE-2021-24084 …
Earlier this month, security researcher Abdelhamid Naseri, who also discovered the original vulnerability, found that the fixed bug could still be exploited to gain administrator privileges. Naseri raised the issue to the general public in June 2021, but Microsoft has yet to fix it.
“As we know from the experience of HiveNightmare / SeriousSAM (vulnerability CVE-2021-36934 in Windows 10 and Windows 11 – ed.), The disclosure of an arbitrary file can be upgraded to local privilege escalation if you know which files to take and what to do with them,” – noted the co-founder of 0patch Mitja Kolsek.
Fortunately, the vulnerability can only be exploited if two prerequisites are met:
- System protection must be enabled on drive C and at least one restore point created. Whether system protection is enabled and reflected by default depends on different settings;
- The computer must have at least one local administrator account activated or have a credential cache of at least one member of the Administrators group.
While Microsoft has not released an official fix for the vulnerability, the 0patch service has published its free unofficial patches for all affected versions of Windows 10 (the issue also affects Windows 10 21H2, but 0patch does not support this version of the OS yet):
- Windows 10 v21H1 (32 & 64 bit) with all November updates
- Windows 10 v20H2 (32 & 64 bit) with all November updates
- Windows 10 v2004 (32-bit and 64-bit) with all November updates;
- Windows 10 v1909 (32 and 64 bit) with all November updates
- Windows 10 v1903 (32 and 64 bit) with all November updates
- Windows 10 v1809 (32 & 64 bit) May Update.
The vulnerability does not affect Windows Server, since these versions do not contain the functionality that contains it. Although they have similar diagnostic tools, these tools run in the context of the user running them, so they cannot be exploited, Kolsek explained.
The issue is also missing in Windows 10 version 1803 and earlier. Although they include the Access to Work or School tool, it does not work as it does in later releases and cannot be exploited. Windows 7 does not have this tool at all.
In order to install a micropatch from 0patch, you need to register on the platform and install the 0patch agent. After the agent is launched on the device, the patch will be installed automatically (unless prohibited by corporate update installation policies). A system restart is not required.
Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers
Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.
Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.
Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.
Xiaomi has released a profitable set of security camera and smart door locksmart door lock
Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.
The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.
Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.
As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.
In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.
“These are machines for sucking out personal data.” Prayer and mental health apps have poor security
Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.
The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.
The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.
These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.
The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.
They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing
Apple wants to use E Ink screens in the iPhone and iPad. The company is testing similar displays as auxiliary displays for flexible models.
Apple may start using E Ink screens in its devices. Well-known analyst Ming-Chi Kuo spoke about this. Apple is testing...
A new era in the Windows mobile game console market. GPD has already received the Ryzen 7 6800U APU for the Win Max 2 console
With the release of Ryzen 6000 mobile processors, equipped with very powerful iGPUs, a new era of Windows handheld game...
Nvidia unexpectedly updated the drivers for the “abandoned” GeForce GTX 600 and GTX 700 (Kepler). Users are advised to install the update
Nvidia has stopped updating Game Ready drivers for the GeForce GTX 600 and GTX 700 (Kepler family) since version 470,...
The number of Bitcoin addresses with one or more coins has reached a new all-time high
While Bitcoin continues to struggle to recover last year’s highs, the latest data shows that addresses holding at least one...
Software7 days ago
Microsoft ended support for the most stable version of Windows 10
Electric Cars6 days ago
Geely competes with Tesla and Rivian: the company will produce Radar electric pickups
Gaming7 days ago
Few people need PlayStaiton 5 without exclusives or is it just a shortage? Console sales plummeted
Electric Cars6 days ago
Europe is completely switching to electricity. European Union plans to register only electric vehicles from 2035