Connect with us
0patch has a patch for an unpatched vulnerability in Windows 0patch has a patch for an unpatched vulnerability in Windows

Security

0patch has a patch for an unpatched vulnerability in Windows 10

Published

on

The vulnerability exists in the Access to Work or School tool and bypasses the February 2021 patch for CVE-2021-24084.

On the 0patch platform published by Unofficial fix for local privilege escalation vulnerability in Mobile Device Management Service affecting Windows 10 1809 and later.

The vulnerability exists in the Access to Work or School tool and bypasses a patch released by Microsoft in February this year for CVE-2021-24084

Earlier this month, security researcher Abdelhamid Naseri, who also discovered the original vulnerability, found that the fixed bug could still be exploited to gain administrator privileges. Naseri raised the issue to the general public in June 2021, but Microsoft has yet to fix it.

“As we know from the experience of HiveNightmare / SeriousSAM (vulnerability CVE-2021-36934 in Windows 10 and Windows 11 – ed.), The disclosure of an arbitrary file can be upgraded to local privilege escalation if you know which files to take and what to do with them,” – noted the co-founder of 0patch Mitja Kolsek.

Fortunately, the vulnerability can only be exploited if two prerequisites are met:

  1. System protection must be enabled on drive C and at least one restore point created. Whether system protection is enabled and reflected by default depends on different settings;
  2. The computer must have at least one local administrator account activated or have a credential cache of at least one member of the Administrators group.

While Microsoft has not released an official fix for the vulnerability, the 0patch service has published its free unofficial patches for all affected versions of Windows 10 (the issue also affects Windows 10 21H2, but 0patch does not support this version of the OS yet):

  • Windows 10 v21H1 (32 & 64 bit) with all November updates
  • Windows 10 v20H2 (32 & 64 bit) with all November updates
  • Windows 10 v2004 (32-bit and 64-bit) with all November updates;
  • Windows 10 v1909 (32 and 64 bit) with all November updates
  • Windows 10 v1903 (32 and 64 bit) with all November updates
  • Windows 10 v1809 (32 & 64 bit) May Update.

The vulnerability does not affect Windows Server, since these versions do not contain the functionality that contains it. Although they have similar diagnostic tools, these tools run in the context of the user running them, so they cannot be exploited, Kolsek explained.

The issue is also missing in Windows 10 version 1803 and earlier. Although they include the Access to Work or School tool, it does not work as it does in later releases and cannot be exploited. Windows 7 does not have this tool at all.

In order to install a micropatch from 0patch, you need to register on the platform and install the 0patch agent. After the agent is launched on the device, the patch will be installed automatically (unless prohibited by corporate update installation policies). A system restart is not required.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers

Published

on

Nvidia lost LHR mining protection is also hacked under

Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.

Nvidia lost.  LHR mining protection is also hacked under Linux.  This was done by NBMiner developers

Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.

Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.

Continue Reading

Security

Xiaomi has released a profitable set of security camera and smart door locksmart door lock

Published

on

Xiaomi has released a profitable set of security camera and

Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.

The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.

Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.

Xiaomi has released a profitable set of security camera and

As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.

In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.

Continue Reading

Security

“These are machines for sucking out personal data.” Prayer and mental health apps have poor security

Published

on

These are machines for sucking out personal data Prayer and

Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.

“These are machines for sucking out personal data.”  Prayer and mental health apps have poor security

The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.

The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.

These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.

The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.

They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing

Continue Reading

Most Popular