Category: Microsoft|Jan 15, 2022 | Author: Admin

Microsoft refuses to correct the error - took matters into its own hands

Share on

Neowin reports that the 0-Day error dubbed "RemotePotato0" has now been fixed, but that Microsoft is not behind it. They refuse to close the security hole, which has resulted in someone releasing an unofficial fix.

Was warned in April


The hole is a so-called "0-Day" error that the company has acknowledged but has not received any attention from them beyond this, so it has not received as much as a CVE ID that is normal for such errors. It was only SentinelOne researchers who discovered the error, which they quickly reported to Microsoft in April 2021.

 

The founder of 0patch, Mitja Kolsek, has on her blog described the problem in addition to sharing an unofficial fix that closes the hole. The entire post can be read here.

 

 

Provides administrator privileges


The way "RemotePotato0" works is that it allows unauthorized people to send out authenticated RPC / DCOM commands.

 

When these are fulfilled, they get more privileges on the domain that is the target of the attack, so they get administrator rights. The hole is described as particularly dangerous as it does not require interaction from the target.

 

Outdated authentication protocols in Windows NT LAN Manager (NTLM) are exploited and make this a vulnerability. Being outdated is probably also why Microsoft does not pay attention to it - they only recommend disabling NTLM or configuring Windows servers to block NTLM-related attacks.

Sources: Neowin

Sponsored Ads:

Comments:


UPDATED: Now everyone can get the battery percentage back

Category: Apple|Aug 12, 2022 | Author: Admin

Less than 1 percent do this on Netflix

Category: General|Aug 11, 2022 | Author: Admin

Google is suing Sonos

Category: Google|Aug 10, 2022 | Author: Admin

Explosion in attack

Category: General|Aug 9, 2022 | Author: Admin

Musk accuses Twitter of fraud

Category: General|Aug 8, 2022 | Author: Admin

Is Intel's big graphics card venture already dead?

Category: General|Aug 7, 2022 | Author: Admin

This is how the new iPad will be

Category: General|Aug 6, 2022 | Author: Admin

iPadOS 16 is postponed

Category: Apple|Aug 5, 2022 | Author: Admin

This mobile phone saved Apple

Category: Apple|Aug 4, 2022 | Author: Admin

Are you ready for 13GB/s SSDs?

Category: General|Aug 3, 2022 | Author: Admin

Mac sales down a whopping 10 percent

Category: Apple|Aug 2, 2022 | Author: Admin

Hackers detach Blizzard games from Battle.net

Category: General|Aug 1, 2022 | Author: Admin

Now comes Apple's rawest CPU: "M2 Extreme"

Category: Apple|Jul 31, 2022 | Author: Admin

Xbox and Windows fall - that's the situation of Microsoft

Category: Microsoft|Jul 30, 2022 | Author: Admin

Teaming up to catch up with Starlink

Category: General|Jul 29, 2022 | Author: Admin
more