Connect with us

Tech

Disable the Windows print spooler to prevent hacks, Microsoft tells customers – Ars Technica

Published

 on


Getty Images

Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.

The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

Bring your own printer driver

On Thursday, Microsoft warned of a new vulnerability in the Windows print spooler. The privilege-escalation flaw, tracked as CVE-2021-34481, allows hackers who already have the ability to run malicious code with limited system rights to elevate those rights. The elevation allows the code to access sensitive parts of Windows so malware can run each time a machine is rebooted.

“An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft wrote in Thursday’s advisory. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft said that the attacker must first have the ability to execute code on a victim’s system. The advisory rates in-the-wild exploits as “more likely.” Microsoft continues to advise that customers install the previously issued security updates. A print spooler is software that manages the sending of jobs to the printer by temporarily storing data in a buffer and processing the jobs sequentially or by job priority.

“The workaround for this vulnerability is stopping and disabling the Print Spooler service,” Thursday’s advisory said. It provides several methods customers can use to do so.

The vulnerability was discovered by Jacob Baines, a vulnerability researcher at security firm Dragos, who is scheduled to deliver a talk titled “Bring Your Own Print Driver Vulnerability” at next month’s Defcon hacker convention The executive summary for the presentation is:

What can you do, as an attacker, when you find yourself as a low privileged Windows user with no path to SYSTEM? Install a vulnerable print driver! In this talk, you’ll learn how to introduce vulnerable print drivers to a fully patched system. Then, using three examples, you’ll learn how to use the vulnerable drivers to escalate to SYSTEM.”

In an email, Baines said he reported the vulnerability to Microsoft in June and didn’t know why Microsoft published the advisory now.

“I was surprised by the advisory because it was very abrupt and not related to the deadline I gave them (August 7), nor was it released with a patch,” he wrote. “One of those two things (researcher public disclosure or availability of a patch) typically prompts a public advisory. I’m not sure what motivated them to release the advisory without a patch. That is typically against the goal of a disclosure program. But for my part, I have not publicly disclosed the vulnerability details and won’t until August 7. Perhaps they have seen the details published elsewhere, but I have not.”

Microsoft said it’s working on a patch but didn’t provide a timeline for its release.

Baines, who said he performed the research outside of his responsibilities at Dragos, described the severity of the vulnerability as “medium.”

“It does have a CVSSv3 score of 7.8 (or High), but at the end of the day, it’s just a local privilege escalation,” he explained. “In my opinion, the vulnerability itself has some interesting properties that make it worthy of a talk, but new local privilege escalation issues are found in Windows all the time.”

Adblock test (Why?)



Source link

Continue Reading

Tech

Ex-Blizzard boss Mike Morhaime on allegations: "I am ashamed" – Eurogamer.net

Published

 on


Ex-Blizzard boss Mike Morhaime has issued a statement on recent allegations about the company, saying: “I am ashamed.”

This week, the State of California sued Activision Blizzard over what it alleges to be a “frat boy” culture that created “a breeding ground for harassment and discrimination against women”.

Ex-Blizzard boss Mike Morhaime.

The lawsuit alleges a culture of “constant sexual harassment”, mainly at Blizzard Entertainment, the maker of World of Warcraft, Diablo and Overwatch.

Activision Blizzard has strongly denied the accusations, calling many of the claims distorted or false.

Morhaime co-founded Blizzard in 1991, when the studio was known as Silicon & Synapse, eventually becoming president in 1998, then president and CEO in 2007.

During Morhaime’s time at the company Blizzard released gargantuan hits such as World of Warcraft, Overwatch and Hearthstone, and contributed billions of dollars to Activision Blizzard’s bottom line. Morhaime left Blizzard in 2018 – a move that was widely seen as a significant blow for the company – and was replaced by current president J. Allen Brack.

Morhaime’s statement is published in full, below:

“I have read the full complaint against Activision Blizzard and many of the other stories. It is all very disturbing and difficult to read. I am ashamed. It feels like everything I thought I stood for has been washed away. What’s worse but even more important, real people have been harmed, and some women had terrible experiences.

“I was at Blizzard for 28 years. During that time, I tried very hard to create an environment that was safe and welcoming for people of all genders and backgrounds. I knew that it was not perfect, but clearly we were far from that goal. The fact that so many women were mistreated and were not supported means we let them down. In addition, we did not succeed in making it feel safe for people to tell their truth. It is no consolation that other companies have faced similar challenges. I wanted us to be different, better.

“Harassment and discrimination exist. They are prevalent in our industry. It is the responsibility of leadership to keep all employees feeling safe, supported, and treated equitably, regardless of gender and background. It is the responsibility of leadership to stamp out toxicity and harassment in any form, across all levels of the company. To the Blizzard women who experienced any of these things, I am extremely sorry that I failed you.

“I realise that these are just words, but I wanted to acknowledge the women who had awful experiences. I hear you, I believe you, and I am so sorry to have let you down. I want to hear your stories, if you are willing to share them. As a leader in our industry, I can and will use my influence to help drive positive change and to combat misogyny, discrimination, and harassment wherever I can. I believe we can do better, and I believe the gaming industry can be a place where women and minorities are welcomed, included, supported, recognised, rewarded, and ultimately unimpeded from the opportunity to make the types of contributions that all of us join this industry to make. I want the mark I leave on this industry to be something that we can all be proud of.”

Morhaime left Blizzard to form a new game company called Dreamhaven. Dreamhaven is made up of two separate studio teams – Moonshot and Secret Door – each led by former Blizzard talent.

On its website, Dreamhaven says it wants to “provide a safe place where developers, creators, and players can connect in meaningful ways”.

Adblock test (Why?)



Source link

Continue Reading

Tech

iOS and iPad users can now access Facebook's cloud gaming services indirectly – MobileSyrup

Published

 on


After continuous back and forth between Facebook and Apple regarding an iOS app for Facebook’s gaming service, the social networking platform has followed Microsoft and Amazon’s route and has published a web app for iPhone and iPad users which will be found on Facebook Gaming’s website, instead of the App Store.

Facebook has released a PWA (Progressive Web App) that will act as a shortcut to its gaming service. To access the app, simply visit www.facebook.com/gaming/play from your iPhone and iPad, and you’ll get a prompt to add a shortcut to the web app to your homepage (see the first screenshot below for reference).

“We’ve come to the same conclusion as others: web apps are the only option for streaming cloud games on iOS at the moment,” Facebook’s vice president of gaming, Vivek Sharma, told The Verge in a statement.

“As many have pointed out, Apple’s policy to ‘allow’ cloud games on the App Store doesn’t allow for much at all. Apple’s requirement for each cloud game to have its own page, go through review, and appear in search listings defeats the purpose of cloud gaming. These roadblocks mean players are prevented from discovering new games, playing cross-device, and accessing high-quality games instantly in native iOS apps — even for those who aren’t using the latest and most expensive devices.”

Via: The Verge

Adblock test (Why?)



Source link

Continue Reading

Tech

In the Garden: From farm implements to rock bands – TheRecord.com

Published

 on


I think I may have bought the plant because of the name, Jethro Tull, a name that’s been stuck in the trivia section of my head forever. It’s likely I learned of the real Jethro Tull in a history class when I was in school — long enough ago to call that period of my life historical. He was the 17th-century agriculturalist who perfected a horse-drawn seed drill in 1700 that modernized farming of the day. Or maybe it was the 60s rock band by that name which I probably listened to and added to the trivia pile. They’re still around, and ironically, they have a song called “Living in the Past.” For whatever reason it’s so named, the more current Jethro Tull is a cultivated variety of coreopsis that is now growing nicely in my garden.

Coreopsis, common name tickseed, is a native North American plant. There are more than 70 species and one thing they all have in common is their daisylike flowers that are a source of nectar and pollen for all manner of insects. I don’t exactly have great swaths of this plant that would form an ecological niche for specific insects, but the few varieties I do have dotted around help keep the garden buzzing.

Most coreopsis are shades of yellow, but cultivars can have reddish-purple tones, even pink. I’ve had Coreopsis verticillata ‘Route 66’ for ages. It’s a bushy plant full of flowers that have a burgundy centre spilling out onto yellow petals. This one is vigorous and hardy, not surprising as it’s said to have been discovered growing (or hitching a ride) near Route 66 in Lucinda, Pa. I also have ‘Zagreb’, just as impressive, but with daisylike yellow flowers in a shorter, mounding form, and another called ‘Mercury Rising.’ It’s also lush and bushy with flowers the colour of a nice Merlot with an orange button in the centre.

Somewhere in the garden, there might be a Coreopsis rosea ‘American Dream’. It’s a pink variety and unlike other species of Coreopsis, it isn’t as tolerant of drought as it needs damp soil to thrive. I’m afraid I might not have given that one what it needed; however, the others are doing just fine.

Coreopsis verticillata are also known as thread-leaved coreopsis because of the delicate, finely textured foliage, attractive enough in its own right. They’re one of the longest flowering perennials, easy to grow and a good choice for the beginner. Plant them in a sunny spot, give them a light trim in midsummer and they’ll produce even more flowers.

Because they’re loved by bees and butterflies alike, and so easy, every garden should have coreopsis. Don’t be concerned about the common name tickseed. The plant does not attract ticks, nor does it repel them. It relates to the botanical name, Coreopsis, which comes from the Greek words koris meaning bug and opsis, referring to the shape of the seed which resembles a bug or tick.

As for ‘Jethro Tull,’ it was a natural cross between varieties from two other species, C. grandiflora, or large-flowered tickseed found in Eastern Canada, and C. auriculata, or mouse-ear coreopsis. Auriculatus refers to earlike lobes at the base of each leaf — I must check Jethro’s leaves for any signs of Mickey. Unlike the threadleaf varieties, the leaves are noticeably broader. It’s the flowers that are especially appealing. About the size of a toonie, they’re brilliant golden yellow with fluted petals that look like tiny ice-cream cones.

I must go sit in the garden with one while I catch up with an old rock band.

Adblock test (Why?)



Source link

Continue Reading

Trending