user permissions Archives

Winsage

May 21, 2025

New Windows Server 2025 Attack Compromises Any Active Directory User

A significant security flaw, named BadSuccessor, has been discovered in Windows Server 2025, posing a serious risk to Active Directory users. This privilege escalation vulnerability allows attackers to compromise any user in Active Directory and is alarmingly easy to exploit, requiring only basic permissions on any organizational unit. Currently, no patch is available for this vulnerability. In 91% of environments examined, users outside the domain admins group had the necessary permissions to execute the attack. The exploit leverages the delegated Managed Service Account (dMSA) feature, enabling attackers to take control of any principal within the domain. Microsoft has rated the vulnerability as moderate severity and plans to address it in a future update, noting that elevated user permissions are required for successful exploitation. Organizations are advised to identify and eliminate unnecessary permissions to mitigate potential threats.

Winsage

April 25, 2025

Microsoft’s Patch for Symlink Vulnerability Introduces New Windows Denial-of-Service Flaw

In early April 2025, Microsoft addressed a security vulnerability (CVE-2025-21204) related to symbolic links in the Windows servicing stack, specifically affecting the c:inetpub directory used by Internet Information Services (IIS). The updates created the c:inetpub folder with appropriate permissions to mitigate risks. However, this fix introduced a new denial-of-service (DoS) vulnerability, allowing non-administrative users to create junction points on the c: drive, disrupting the Windows Update mechanism. A command such as "mklink /j c:inetpub c:windowssystem32notepad.exe" could be used to exploit this flaw, preventing systems from receiving future security patches. As of April 25, Microsoft had not released a patch or acknowledged the issue, leaving systems vulnerable and emphasizing the need for monitoring user permissions and manually removing suspicious symlinks.

Winsage

December 17, 2024

Leaving Windows 10 for Linux? 5 security differences to consider first

Linux is generally considered to offer superior security compared to Windows, with the author having experienced only one significant security incident in nearly three decades of use. 1. Windows 10 includes Windows Defender as a default firewall, while many Linux distributions, such as Ubuntu and Fedora, do not have their firewalls enabled by default. Linux firewalls allow for detailed configurations, although default settings are often sufficient for most users. 2. In Windows, administrative tasks can often be performed with a simple confirmation, whereas Linux requires users to enter their password for administrative actions using the sudo command, enhancing security. 3. Windows 10 has limited user-configurable permissions, while Linux provides comprehensive control over file and folder permissions through both command line and GUI options, contributing to its enhanced security reputation. 4. Antivirus and antimalware solutions are essential for Windows users to protect against threats, while Linux does not require such software due to its design prioritizing user permissions and advanced security measures. 5. Linux responds rapidly to vulnerabilities, often releasing patches within hours, unlike Windows, which may take weeks to address vulnerabilities and follows a Patch Tuesday schedule for updates.

Winsage

December 2, 2024

Tech Times Weekly Wrap: Microsoft AI Recall Testing, DOJ vs. Google, Evolv FTC Settlement

Microsoft has reintroduced its AI Recall technology for Copilot Plus-powered computers, currently in testing and available to select users via the Windows 11 Insider Preview Build 26120.2415 (KB5046723) in the Dev Channel. The technology is limited to devices with Qualcomm Snapdragon chipsets, with plans for broader compatibility with AMD and Intel systems. Microsoft has implemented a stricter privacy framework requiring user permissions for data access and ensuring that snapshots are stored locally. The US Department of Justice (DOJ) and Google presented closing arguments in an antitrust case concerning the advertising market in a Virginia court. DOJ attorney Aaron Teitelbaum accused Google of manipulating ad auctions and monopolistic control, while Google's attorney Karen Dunn argued the DOJ had not proven its claims. The case could lead to significant changes in Google's business structure. Evolv Technology reached a settlement with the Federal Trade Commission (FTC) over misleading claims about its AI scanners' effectiveness in detecting weapons. Evolv is now prohibited from making unsupported claims about its products following investigations that questioned the technology's real-world performance.

Tech Optimizer

November 29, 2024

8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk

Cybersecurity researchers Tal Peleg and Coby Abrams from Varonis have identified a significant security vulnerability in PostgreSQL, designated as CVE-2024-10979, which has a CVSS severity score of 8.8. This vulnerability affects all PostgreSQL versions prior to 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21. It allows unprivileged users to manipulate environment variables within the PostgreSQL PL/Perl extension, potentially enabling arbitrary code execution. PostgreSQL's advisory states that this flaw can lead to data theft or system takeover by altering sensitive process environment variables. Users are advised to update to the fixed versions and implement restrictions on allowed extensions and user permissions to mitigate the risk.

Winsage

November 22, 2024

Windows 11 24H2 hit by a brand new bug, but there’s a workaround

Users without administrative privileges in Windows 11 24H2 are unable to change the time zone settings in the Date & Time screen of Windows Settings, as the option does not appear for them. This issue can disrupt schedules for users who travel or work across different time zones. Microsoft has confirmed that the glitch is limited to the Date & Time screen and is not due to user permissions. Workarounds include accessing the time zone settings through the Control Panel or the Run dialog box. Microsoft is investigating the issue and plans to provide a resolution in a future update.

Winsage

November 20, 2024

Windows security and resiliency: Protecting your business

Microsoft prioritizes security and is set to unveil new security advancements during Ignite 2024, including insights from a July incident and investments to enhance security measures. The Secure Future Initiative (SFI) has dedicated the equivalent of 34,000 full-time engineers to address security challenges. The upcoming November update will provide insights and actionable learnings for customers. The Windows Resiliency Initiative focuses on improving reliability, enabling more applications to run without admin privileges, implementing stronger controls over applications and drivers, and enhancing identity protection against phishing attacks. Quick Machine Recovery will allow IT administrators to execute fixes remotely, available to the Windows Insider Program in early 2025. Microsoft is evolving partnerships with endpoint security providers through the Microsoft Virus Initiative (MVI) and is developing new capabilities for security product developers. A private preview for these capabilities will be available in July 2025, and Microsoft is transitioning to safer programming languages. Windows 11 is designed to be more secure than Windows 10, requiring a hardware-backed security baseline for new PCs. Features like Windows Hello Enhanced Sign-in Security and the Microsoft Pluton security processor enhance security. Windows 11 has led to a reported 62% reduction in security incidents and a threefold decrease in firmware attacks. New features in Windows 11 address challenges such as overprivileged users, unverified apps, and insecure credentials. Administrator protection allows users to make system changes securely without persistent admin privileges. Multifactor Authentication (MFA) is emphasized, with Windows Hello serving as the built-in MFA solution. Smart App Control and App Control for Business policies ensure that only verified applications can run, while Windows Protected Print integrates with Mopria-certified devices to enhance security. Personal Data Encryption safeguards files in known folders, and Hotpatch allows critical security updates without system restarts. Zero Trust DNS restricts devices to approved domains, and Config Refresh helps maintain preferred configurations. Microsoft emphasizes collaboration with OEMs and app developers to ensure Windows is secure by design and default.

Winsage

November 20, 2024

Latest Windows 11 24H2 bug suggests saying goodbye to the Control Panel could backfire

In Windows 11 version 24H2, users without administrative privileges are unable to change time zone settings through the Date & Time view in the Settings app due to a bug. Microsoft is addressing this issue, which is not related to user permissions. A workaround is available via the Control Panel or by using the Run dialog with "timedate.cpl" to change time zone settings. This situation highlights the ongoing relevance of the Control Panel amid discussions about the separation of settings between it and the Settings app.

Winsage

November 12, 2024

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Microsoft's November 2024 Patch Tuesday update addressed 89 new security vulnerabilities. Two vulnerabilities, CVE-2024-43451 and CVE-2024-49039, are actively exploited. CVE-2024-43451 allows attackers to elevate privileges by exposing the user's NTLMv2 hash, while CVE-2024-49039 enables privilege escalation through an AppContainer escape in the Windows Task Scheduler. Other notable vulnerabilities include CVE-2024-43639, which allows unauthenticated remote code execution via a Kerberos weakness; CVE-2024-5535, a flaw in OpenSSL affecting Microsoft Defender for Endpoint; CVE-2024-49019, an elevation of privilege vulnerability in Active Directory Certificate Services; CVE-2024-49040, a spoofing vulnerability in Microsoft Exchange Server; CVE-2024-43498, a remote code execution flaw in .NET and Visual Studio; and CVE-2024-43602, a remote code execution vulnerability in Azure CycleCloud.

AppWizard

September 18, 2024

Popular Android apps ask for too many dangerous permissions

A recent investigation by Cybernews analyzed 50 widely-used Android applications, revealing that the MyJio app requests the most permissions at 29, followed by WhatsApp with 26, Google Messages and WhatsApp Business with 23 each, and Facebook and Instagram with 22 and 19 permissions, respectively. In contrast, gaming apps like Among Us require no permissions, while Candy Crush Saga and 8 Ball Pool ask for only 1 or 2. Communication apps average nearly 19 permissions, social apps 17.2, and shopping apps like AliExpress average 13.4. A total of 40 apps request permission to write files, and 34 seek to read from external storage. Camera and audio recording permissions are requested by 33 apps, while 27 apps seek the "Get accounts" permission. Additionally, 26 apps track users' precise locations, and the same number request access to read contacts. Lastly, 22 apps request permission to read the phone state.