Nowfixed sudo linuxgatlanbleepingcomputer: If you’re one of the many Linux enthusiasts out there who’s been waiting to use your new computer because you didn’t nowfixed sudo linuxgatlanbleepingcomputer , you’re in luck. As of May 15, Microsoft has released a free micropatch that fixes a local privilege escalation (LPE) vulnerability in their Windows PsExec management tool. This issue has affected many Linux based systems, and many users have been unable to access their computers or install packages due to this issue.
Remote code execution bug in Microsoft’s Windows PsExec management tool
PsExec is a Microsoft Windows management tool that allows system administrators to execute remote programs. However, there is a known remote code execution vulnerability that can allow an attacker to gain privileges on a Windows system. A bug in the Common Log File System (CLFS) is the cause of this issue. While Microsoft has patched the vulnerability, it is possible that the tool can still be exploited.
The vulnerability, which is described as a named pipe hijacking, allows an attacker to run arbitrary processes on a Windows system. These applications can be malicious or legitimate. They can also be used to take over the target system. To exploit this flaw, an attacker must already have access to the system.
In addition to allowing an attacker to run arbitrary processes, this vulnerability also allows for a local privilege escalation. This means that an attacker who is able to successfully run code on a system can elevate their privileges to the Local System account. During this elevation of privilege, an attacker can then take control of vulnerable unprivileged services. An attacker who is able to elevate their privileges can then establish an RDP session as a domain user.
Depending on how much feedback the community provides to Microsoft, the company may release an update to fix this problem. Until then, there are tools that can be used to protect against this type of attack. One of the best options is to use an open source program, PAExec. Another alternative is to avoid using PsExec altogether. For more information on how to do that, check out the July 2004 edition of Windows IT Pro Magazine.
Free micropatch fixing local privilege escalation (LPE) vulnerability in Microsoft’s Windows PsExec management tool
The Microsoft Windows PsExec management tool is affected by a local privilege escalation vulnerability. This can allow an attacker to run malicious code on a remote computer. If you use PsExec, you should consider a micropatch to fix this issue.
PsExec is a free tool that allows users to launch programs on other computers. It was originally developed by SysInternals, and it was acquired by Microsoft. Today, most Windows admins use it to manage and run programs on their machines.
While PsExec has been vulnerable to local privilege escalation since its first release in 2006, Microsoft has not released a patch for this vulnerability. However, third-party patch providers have created free micropatches to fix this issue. For now, the best solution is to wait for the latest Microsoft security patch.
CVE-2021-24084 is a local privilege escalation vulnerability in the Microsoft PsExec management tool. Although there is no official vendor fix for this issue, a third-party patch provider called 0patch has developed a free micropatch to address the issue.
An anonymous attacker can exploit the issue by impersonating a token at the identification level. He can elevate his privileges by enumerating the ticket cache of the Local System account. Alternatively, he can launch his own executable by exploiting a system process.
Another method of exploiting the issue is by creating a symbolic link to the printer spooler folder on the system, and then creating a SYSTEM folder with the symbolic link. With this method, the attacker can create arbitrary files, and redirect the printers with misconfigured spooler folders to a default spooler folder.
There are several proof-of-concept scripts and exploits available. They can be used to bypass group policy and gain full administrative privileges on a Windows system.
Microsoft’s Chromium-based Edge is now available on Android and Chromium-based operating systems
With the release of its Chromium-based Edge browser in January 2020, Microsoft has begun to take steps to expand its reach to a wider audience. As of today, the browser can be downloaded for Windows, macOS, iOS, and Android. The new version will come to Linux soon.
Besides the improvements to its interface and features, Edge will allow users to customize it with child-friendly themes. The browser also comes with built-in tracking prevention features and a PUP blocker. It also has its own suite of services that are not included in Chrome.
The new browser is available in over 90 languages. It has a minimalist user interface, making it easier for first-time users to learn.
A three-dot menu in the upper right corner provides controls over Edge configuration. One of the most feature-rich context menus on the Internet, it includes the ability to manage favorites and bookmarks, and synchronize settings with other devices.
Users can add the URL of a search engine of choice. They can also annotate content by entering short text entries. In addition, they can create collections to save snippets of web pages.
Unlike Google’s Chrome, Microsoft’s Edge has more robust privacy options. This includes the ability to turn off personalized information sharing. There is also a button to disable syncing, preventing sharing of passwords and other information.
Like the rest of the Chromium-based browsers, it supports a large library of extensions. These can be accessed through the Chrome Web Store.
Users can import data from the old Edge. To do this, they need to sign into a Microsoft account. Once they have signed in, they can choose to import the information from the old browser or from the current version.
source:https://newshunt360.com/nowfixed-sudo-linuxgatlanbleepingcomputer/