قالب وردپرس درنا توس
Home / Tips and Tricks / Windows exploits are three

Windows exploits are three

  How-to-geek summary of daily news on a tablet.

Over the past two days, a security researcher working on SandBoxEscaper has released demo code for three different Windows 10 vulnerabilities. Microsoft has already patched at least one exploit, but has not yet commented on others.

Last year, SandBoxEscaper released seven different exploits that differ in importance and usability. Several companies, such as Ars Technica and ZDNet, identify these latest vulnerabilities as "zero-day exploits," which may not be entirely accurate.

The term "zero-day" refers to exploits that are discovered by external parties and then either used or used, without notifying the company in question. Early reports indicated that SandBoxEscaper was releasing all these exploits to Microsoft without proper notification, but this does not seem to be the case.

RELATED: What is a zero-day exploit and how can you? Do you protect yourself?

In an updated version of their article, ZDNet mentions that Microsoft has made it clear that at least one of these exploits has already been corrected and linked to CVE-201

9-0863, an exploit called "Polar Bear." another name that SandBoxEscaper uses). Microsoft has not commented on the other two vulnerabilities.

If you're wondering how dangerous these exploits are, the answer is a bit mixed. According to SandBoxEscaper, the vulnerabilities are difficult to exploit and require local access to the target computer. So that limits the benefit of the exploits.

On the other hand, if a bad actor gets access to machines for targets, they can do quite a bit of damage with each of these exploits, as they allow different ways to elevate permissions, SYSTEM access, and run JavaScript at a level through the sandbox should be prevented by IE11.

If Microsoft has not already addressed all three vulnerabilities, the company needs to focus on them. [ZDNet]

In other news

  • League of Legends could come on mobile devices: According to "sources," Tencent and Riot Games may be working on a mobile version of League of Legends. Given the success of Fortnite on every platform, this is a reasonable step. But until we have more than unnamed sources, it's at best a hope and a rumor. I call Jarvan IV! [Reuters]
  • Razer Forge TV and Ouya Say Goodbye: You may be thinking, "What is Razer Forge TV and OUYA?" And that would be the problem. Razer Forge TV was one of the first attempts of Android on the TV, and the company pulled it out within months. And OUYA promised to change the game with its crowdfunding-funded Android TV console before Razer bought the company. Neither has left, and now Razer has announced that it will close its online stores after June 25, 2019. [9to5Google]
  • Panic's upcoming PlayDate handheld is super sweet: It's from developers of great Mac software like Coda and Prompt and indie game developers behind Katamari is a delightful little handheld with a crank. Look at the horse, it's kind of like childlike innocence. The PlayDate is expected to be released in early 2020 and is expected to cost around $ 150 due to a high-end screen and other hardware. [The Verge]
  • Tesla's new lane change technology may not be safe: Recently, Tesla has updated its "autopilot software" with the ability to automatically change lanes. The company claims that the car alone can make this safer than a human, but Consumer Reports says otherwise. In tests, they found that the vehicles were trying to change the lane in uncertain ways, to brake at unexpected points and to cut off cars with little available space. Self-driving cars have a long, long way to go. [Consumer Reports]
  • Las Vegas Awards US $ 49 Million to Boring Company: Elon Musk's other company, the Boring Company, has good news. Las Vegas approved an order to build an underground people-mover tunnel with autonomous electric vehicles. If the promise to shorten a 15-minute walk to 1 minute applies, the CES participants are grateful. No word on whether the tunnel is equipped with additional flame guns. [The Verge]
  • Google's duplex works really well if it's not really human: The New York Times has run a trial run of Duplex, Google's A.I. (Artificial Intelligence) Booking services that schedule reservations for places like restaurants. When the A.I. the call was actually made, the whole process was impressive and the person on the line could not say it. But sometimes it was not an A.I. at all. According to Google, about 25% of the duplex calls are made by a human, not by the duplex A.I., and even if the A.I. If the call starts, a person intervenes in 15% of these cases. [The New York Times]
  • Spotify has reset some users' passwords due to suspicious activity: Some Spotify users have been notified that the company has reset their passwords. In a somewhat vague explanation for Techcrunch, the company says they've sent the message to some users as a precautionary measure, reminding users not to reuse passwords across websites. Without further information, we can only guess what's going on. [TechCrunch]
  • Apple sent out media invitations for the WWDC Keynote: WWDC is getting closer and we'll probably hear about the latest and greatest software updates for iOS, macOS, and more. Apple has sent media invitations for the keynote, which took place on June 3. If you have not received a ticket, it is too late. You just have to watch from home like the rest of us. [MacRumors]
  • GitHub Sponsors is like Patreon for Open Source Code: Github has just announced a new "sponsorship" program reminiscent of Patreon or Twitch sponsorship. You can choose an open source developer to send monthly recurring gifts, and developers can add reward levels. Microsoft announces that it will raise $ 5,000 in donations in the first year of a developer's participation and waive all fees in the next 12 months. However, it is not yet clear how the individual aspects will work. Keep an eye on more details. [GeekWire]

Finally, NASA wants to send your name to Mars. With a short submission form, you can write your name along with all the participants on a microchip, which will then be attached to the Mars 2020 Rover. By giving your email address to NASA, you will receive alerts about future opportunities such as these. And as a small bonus, NASA gives you a funny boarding pass for submitting your name and oh, who do we kidding, you do not read that, right? They are already registering and we will do that now. [NASA]

Source link