![]() ![]() The original patch, however, protected against both aspects of the bug. The bug was more serious than first thought and got upgraded to RCE-and-EoP status later in the month.The bug it fixed was dubbed CVE-2021-1675. This patch was part of the June 2021 security update. Microsoft patched an EoP bug in Print Spooler.To recap rapidly on the PrintNightmare story so far : ![]() You can also listen directly on Soundcloud. Recorded in 2013, this podcast is still an excellent and jargon-free explainer of this vital topic.Ĭlick-and-drag above to skip to any point in the podcast. Learn more about vulnerabilities, how they work, and how to defend against them. VULNERABILITY JARGON EXPLAINED – DEMYSTIFYING ‘EOP’, ‘RCE’ AND FRIENDS That’s not quite as bad as an RCE, which means that someone who isn’t logged onto your computer at all can get unauthorised access in the first place, giving them a beachhead for further cybercrime.īut an EoP on its own is bad enough, not least because an RCE exploit that only just gets a cybercriminal in, perhaps with no more powers than a guest user, can often be combined with an EoP to achieve what a crook would consider “complete compromise”. You can stop, start and even install new system services, mess with firewall settings, alter files in the Windows folder, change boot-time security settings, and generally do all the things that IT has spent ages trying to make sure that you can’t, whether deliberately or by mistake. If you’re logged in, say, as RegularUser, you can do yourself plenty of harm by deleting your own files, messing with your own applications, downloading inappropriate files, and so on.īut if you can wrangle access to the SYSTEM account, you will find yourself on a similar footing to Windows itself, and you can wreak much more havoc. As you will remember from last time, an EoP means that someone who is already logged onto your computer as a regular, unprivileged user can silently and unlawfully boost themselves to Admin or SYSTEM level. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |