The vulnerability exists in the Access to Work or School tool and bypasses the February 2021 patch for CVE-2021-24084.
On the 0patch platform published by Unofficial fix for local privilege escalation vulnerability in Mobile Device Management Service affecting Windows 10 1809 and later.
The vulnerability exists in the Access to Work or School tool and bypasses a patch released by Microsoft in February this year for CVE-2021-24084 …
Earlier this month, security researcher Abdelhamid Naseri, who also discovered the original vulnerability, found that the fixed bug could still be exploited to gain administrator privileges. Naseri raised the issue to the general public in June 2021, but Microsoft has yet to fix it.
“As we know from the experience of HiveNightmare / SeriousSAM (vulnerability CVE-2021-36934 in Windows 10 and Windows 11 – ed.), The disclosure of an arbitrary file can be upgraded to local privilege escalation if you know which files to take and what to do with them,” – noted the co-founder of 0patch Mitja Kolsek.
Fortunately, the vulnerability can only be exploited if two prerequisites are met:
- System protection must be enabled on drive C and at least one restore point created. Whether system protection is enabled and reflected by default depends on different settings;
- The computer must have at least one local administrator account activated or have a credential cache of at least one member of the Administrators group.
While Microsoft has not released an official fix for the vulnerability, the 0patch service has published its free unofficial patches for all affected versions of Windows 10 (the issue also affects Windows 10 21H2, but 0patch does not support this version of the OS yet):
- Windows 10 v21H1 (32 & 64 bit) with all November updates
- Windows 10 v20H2 (32 & 64 bit) with all November updates
- Windows 10 v2004 (32-bit and 64-bit) with all November updates;
- Windows 10 v1909 (32 and 64 bit) with all November updates
- Windows 10 v1903 (32 and 64 bit) with all November updates
- Windows 10 v1809 (32 & 64 bit) May Update.
The vulnerability does not affect Windows Server, since these versions do not contain the functionality that contains it. Although they have similar diagnostic tools, these tools run in the context of the user running them, so they cannot be exploited, Kolsek explained.
The issue is also missing in Windows 10 version 1803 and earlier. Although they include the Access to Work or School tool, it does not work as it does in later releases and cannot be exploited. Windows 7 does not have this tool at all.
In order to install a micropatch from 0patch, you need to register on the platform and install the 0patch agent. After the agent is launched on the device, the patch will be installed automatically (unless prohibited by corporate update installation policies). A system restart is not required.
In 2018, Google had an AI ready for a ChatGPT-style chatbot, but it was closed due to security issues.
In recent months, the ChatGPT chatbot has been on the news pages, and this has forced many companies to catch up with OpenAI. Among them are Microsoft, Google and a number of Chinese corporations. However, reportedly, the situation could be different.
As early as 2018, Google is said to have had a natural language processing AI similar to ChatGPT. However, company executives closed the project, considering it too dangerous. One of the developers was research engineer Daniel De Freitas, and Noam Shazeer, a software engineer at Google, also contributed to the project.
The project was called Meena and was a chatbot that could talk about different topics. With him you could discuss TV shows, have discussions about philosophy and joke. At the same time, the developers believed that this technology could be added to the search engine, however, in the end, Google stopped development. The company said the bot did not meet its AI security standards.
Note that later, on the basis of these developments, the LaMDA chat bot was created, which flies into the basis of Bard. Thus, the development nevertheless reached the mass user, albeit with a great delay.
Two-way satellite communications and military-grade security. Presented smartphone Motorola Defy 2
The British company Bullitt Group and Motorola, now owned by the Chinese Lenovo, introduced a new smartphone of the protected Motorola Defy series. The highlights of the Motorola Defy 2 are support for two-way satellite communication, combined with 5G fifth-generation cellular networks, and a very durable design.
The smartphone is resistant to dust, sand, dirt and water (IP68 and IP69K) and has been tested to military standard Mil-Spec 810H for extreme high and low temperatures, humid environments, salt fog, vibration and shock. The Motorola Defy 2 can be washed with soap and water and can also be cleaned with alcohol wipes.
The smartphone itself is equipped with a 6.6-inch Full HD + display with a refresh rate of 120 Hz, an 8 MP front camera, a main triple camera (50 MP, 8 and 2 MP), SoC MediaTek Dimensity 930, 6 GB of RAM and 128 GB flash memory that can be expanded with microSD cards, and a 5000 mAh battery with support for 15W charging and Qi wireless charging.
MediaTek Bullitt and 3GPP NTN technology, Bullitt satellite messaging service are supported. The smartphone is running Android 12 operating system, two major Android updates and 5 years of security updates are promised.
The Motorola Defy 2 smartphone will be available from Q2 2023 on select carriers in North America, Latin America and Canada starting at $599.
Hogwarts Legacy hacked and uploaded to torrent
Empress hacker hacked into Hogwarts Legacy and today posted it on a torrent – anyone can download the game. The ISO file is just over 88 GB.
The Denuvo V17 provided protection for the Hogwarts Legacy, but it failed. Empress has previously said that it is going to hack the game, it also talked about creating some new technologies that would help bypass the protection of Hogwarts Legacy, and promised to “destroy” Denuvo. There are already over 80 comments on the torrent tracker, most thanks to Empress for the hack.
Now for game designers: ChatGPT in the Unity editor will help create games
A user named keijiro introduced a very interesting concept – the ChatGPT deep learning model in the Unity editor for...
Five Planets Alignment 2023: Jupiter, Mercury, Uranus, Mars and Venus line up on March 28
At the end of this month, the five planets of the solar system, Jupiter, Mercury, Uranus, Mars and Venus, will...
Midjourney smells of racism: the neural network created a provocative image
We have repeatedly written about how the Midjourney neural network has progressed over the past year. The quality of the...
Bangs and an iPhone-style camera plus a second screen for $200. Gionee F3 Pro unveiled
Gionee Mobile introduced the Gionee F3 Pro smartphone, which is offered in a version with 8 GB of RAM and...
Phones6 days ago
Drone and smartphone help rescuers find travelers
Phones6 days ago
Apple will no longer be able to make money on cables and chargers for the iPhone, as before? EU law will not allow the company to introduce restrictions under the Made for iPhone program
News6 days ago
This is the successor to Renault Sandero and Stepway. The first images of new items have appeared
Electric Cars6 days ago
New 2024 Hyundai Elantra/Avante Sedan Revealed. Pricing Already Announced