U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google hacker Forshaw’ verdict about Windows 10

The Google Project Zero hacker  James Forshaw assessed Windows 10 analyzing the big risks related with the new OS from Microsoft. James Forshaw, a member of the Google Project Zero hacking crew, was given the task to asses Windows 10, and see if there were big risks related with the new OS from Microsoft. Forshaw talked […]

Google hacker Forshaw’ verdict about Windows 10

The Google Project Zero hacker  James Forshaw assessed Windows 10 analyzing the big risks related with the new OS from Microsoft.

James Forshaw, a member of the Google Project Zero hacking crew, was given the task to asses Windows 10, and see if there were big risks related with the new OS from Microsoft.

Forshaw talked about his findings and opinions in a presentation called, Windows 10: Two steps forward, one step back at Ruxcon security conference in Melbourne, Australia, on last Saturday.

James Forshaw pointed out the following:

  • Windows 10 has 196 system services and 291 drivers enabled by default
  • Windows 8.1 had 169 system services and 253 drivers enabled by default
  • Windows 7 SP1 had 150 system services and 238 drivers enabled by default

windows 10 slide

So what does that means for us, end users?

“There are more system services and drivers which means more attack surface,” Forshaw explains. “Local system is the god account on Windows and as we go towards (Windows) 10 more services as a percentage of the total are running as the absolute highest account.” “That’s not great.”

The thing is, Microsoft made an effort to build a more secure environment, especially to try to reduce the attack surface of by-default attack using privilege escalation, but the main vector for this to happen is still there.

It’s true that the number of services being initiated at booting reduce from 30.7% in Windows 7  to 24.1% in Windows 10, but now we found more services in windows 10 being triggered, from 11.11% in Windows 7 to 31.28% in Windows 10. Having more of these services means there is more surface for malware to use and exploit.

Forshaw also stated that user account control was downgraded from security technology to “‘something you just put there to annoy the user'”, and it is a “pain-in-the-ass” but it looks like Microsoft will fix some of the issues with the user account control.

In the presentation, Forshaw used a token-capturing tool he has built that can bypass Windows 10 Security mechanisms, and this can be accomplished by exploiting a bug in Win32K and elevate local privileges.

The tool will be released to the public only when Microsoft releases a patch to fix the problem.

Still talking about vectors of attack, we all know that Adobe flash is an open window for many malware to explore, about this, Forshaw said, that it’s a bit sad that Microsoft included Flash based on Active-X:

“Microsoft could have lead the way and said ‘I refuse to run (Adobe) Flash ever again in my web browser’ but unfortunately they did not take that inspired option”.

Resuming the findings of James Forshaw’ analysis, for sure many things are going better, but the company can still improve the security of its newborn Windows 10.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – Windows 10, hacking)