Google, Microsoft work together for a year to figure out new type of Windows flaw

Researcher finds building blocks for privilege escalation: Can they be assembled to create a flaw?

Google, Microsoft work together for a year to figure out new type of Windows flaw

Enlarge (credit: Marco Verch / Flickr)

One of the more notable features of Google Project Zero's (GPZ) security research has been its 90-day disclosure policy. In general, vendors are given 90 days to address issues found by GPZ, after which the flaws will be publicly disclosed. But sometimes understanding a flaw and developing fixes for it takes longer than 90 days—sometimes, much longer, such as when a new class of vulnerability is found. That's what happened last year with the Spectre and Meltdown processor issues, and it has happened again with a new Windows issue.

Google researcher James Forshaw first grasped that there might be a problem a couple of years ago when he was investigating the exploitability of another Windows issue published three years ago. In so doing, he discovered the complicated way in which Windows performs permissions checks when opening files or other secured objects. A closer look at the involved parts showed that there were all the basic elements to create a significant elevation of privilege attack, enabling any user program to open any file on the system, regardless of whether the user should have permission to do so. The big question was, could these elements be assembled in just the right way to cause a problem, or would good fortune render the issue merely theoretical?

The basic rule is simple enough: when a request to open a file is being made from user mode, the system should check that the user running the application that's trying to open the file has permission to access the file. The system does this by examining the file's access control list (ACL) and comparing it to the user's user ID and group memberships. However, if the request is being made from kernel mode, the permissions checks should be skipped. That's because the kernel in general needs free and unfettered access to every file.

Read 15 remaining paragraphs | Comments

New Zealand Tragedy-Related Scams and Malware Campaigns

Original release date: March 15, 2019

In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on th…

Original release date: March 15, 2019

In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:


This product is provided subject to this Notification and this Privacy & Use policy.


Epic says its Game Store is not spying on you

But Sweeney says it will stop accessing Steam friends lists without permission.

Despite what you may have read, Epic says this is not spyware.

Enlarge / Despite what you may have read, Epic says this is not spyware.

This week, certain corners of the gaming Internet have been abuzz with a bit of self-described "amateur analysis" suggesting some "pretty sketchy," spyware-like activity on the part of the Epic Game Store and its launcher software. Epic has now stepped in to defend itself from those accusations, while also admitting to an "outdated implementation" that can make unauthorized access to local Steam information.

The Reddit post "Epic Game Store, Spyware, Tracking, and You!" points to a wide-ranging set of implications based on some broad file and network access traffic observations when the Epic Game Store is running. But much of the post is focused on Epic's association with Chinese gaming giant Tencent, which owns a share of the company.

"Tencent is a significant, but minority shareholder in Epic," co-founder and CEO Tim Sweeney wrote in response to the conspiracy theory in one Reddit thread. "I'm the controlling shareholder of Epic... The decisions Epic makes are ultimately my decisions, made here in North Carolina based on my beliefs as a game developer about what the game industry needs!"

Read 6 remaining paragraphs | Comments

Intel Releases Security Advisories on Multiple Products

Original release date: March 15, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybe…

Original release date: March 15, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.


This product is provided subject to this Notification and this Privacy & Use policy.