News for Admins

Tech News

Article from ADMIN 36/2016
By
News for system administrators around the world.

Windows Vulnerability Lets Arbitrary Code Run in Kernel Mode

Microsoft has patched a critical system vulnerability in Windows that allowed an attacker to "run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Adobe Flash was also affected by the vulnerability. The vulnerability was discovered by Google researchers, and they informed Microsoft and Adobe on October 21. Adobe fixed the security hold on October 26, whereas Microsoft supposedly kept it for their monthly patches.

Google offers a grace period of seven days to vendors before disclosing vulnerabilities publicly. When Microsoft failed to release the patch after that grace period, Google went public on October 31.

Microsoft was obviously not happy with Google's disclosure. But it's debatable whether such exploits should be patched immediately or companies should wait for their regular update cycle.

To Google's defense, the company provided only basic info about the bug to warn the public without disclosing any critical information that could help cybercriminals in exploiting it. Microsoft admitted that Strontium, a group of hackers with Russian ties, was using the vulnerability to carry out low-volume spear-phishing attacks.

If you are a Windows user, please update your system immediately.

Google Patches and Doesn't Patch Dirty COW Bug

Although Google is quite active at disclosing vulnerabilities in Microsoft's products, the search engine giant isn't that proactive in patching critical bugs in its own products. Google released the November updates for Android, which missed patches for the critical Dirty COW bug that was disclosed recently. Every single Android device is therefore vulnerable.

There is good news for Nexus and Pixel

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus

SysAdmin Day 2017!

  • Happy SysAdmin Day 2017!

    Download a free gift to celebrate SysAdmin Day, a special day dedicated to system administrators around the world. The Linux Professional Institute (LPI) and Linux New Media are partnering to provide a free digital special edition for the tireless and dedicated professionals who keep the networks running: “10 Terrific Tools."

Special Edition

Newsletter

Subscribe to ADMIN Update for IT news and technical tips.

ADMIN Magazine on Twitter

Follow us on twitter