Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Windows

Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions 127

An anonymous reader writes: By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows. The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000. Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges. All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.
This discussion has been archived. No new comments can be posted.

Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions

Comments Filter:
  • by __aaclcg7560 ( 824291 ) on Saturday January 23, 2016 @12:28PM (#51357299)
    Mr. Potato Head has gone to dark side, becoming Hot Potato and joining forces with Evil Bernie and Evil Ernie to rule the world. One Windows machine at a time.
  • by Anonymous Coward

    Thousands of slashdotters have a simultaneous joygasm.

  • I really feel sorry for those locked in to that OS, every day it seems there is a new problem with their security, and maybe MS should break backwards compatibility and fix that shit. While they are at it they can scrap the other crap added too, no one in their right mind will willingly use an OS that spies on them regardless if it helps MS see why things break. Anyway, it's not my problem I've been MS free for years
    • "I really feel sorry for those locked in to that OS, every day it seems there is a new problem with their security, and maybe MS should break backwards compatibility and fix that shit."

      If Microsoft did that, they would loose the lock on those people, so that won't happen.

      "Anyway, it's not my problem I've been MS free for years"

      Me too. I should add, anyway, that you can't get completely free from Microsoft as long as you interact with other people, be it "you really need to have a look at this business powe

    • by Bert64 ( 520050 )

      Backwards compatibility is what's keeping them in business, if you're going to break backwards compatibility you are better off just going straight to linux.

    • by mikael ( 484 )

      It happened to all versions of MSDOS as well (Windows 3.1 days). Hardware like dot-matrix printers, VGA, SVGA graphics boards would all depend on their own 16-bit DOS drivers. Those became useless once everything moved to 32-bit Windows 95. And again when everything moved to 64-bit Windows. Even moves from Windows XP to Windows 7/8/10 usually involved new drivers. Then there's being able to boot a PC from USB. Old PC's can't do that. Modern PC's can. Even UEFI has problems booting from CD/DVD unless the ma

      • by Scoth ( 879800 )

        Windows 95 made a point of supporting virtually all existing 16-bit Windows 3.1 drivers. This would occasionally cripple the 32-bit enhancements to things like file access and hard drives, but they'd work. In fact, this was the biggest reason Microsoft stuck with the "significantly enhanced Windows 3.x" kernel instead of just going to Windows NT-based at the time. Silliest thing I did was manually install the EGA driver from Win3.1 on Windows 95 (or 98? Can't remember) and run it with an EGA card. I also ha

  • The last millennium ended Dec 31, 2000 - in my time zone.

    • by MrL0G1C ( 867445 )

      That method of labeling millennium is quite frankly bizarre, When someone says last millennium I and many people will think up to 1999 Dec 31 at 23:59:59, which was pretty much the time when the big celebrations were.

  • ...that Windows needs to be compatible with software that relies on security holes.

    At least that's what I take from this statement.

    • What it means is that this chain of exploits is about to become exceptionally popular as Microsoft can't fix them, thereby ensuring that soon even the least knowledgeable of script kiddies will be able to gain access to systems on which they're not welcome.

  • Nice (Score:3, Insightful)

    by Anonymous Coward on Saturday January 23, 2016 @12:57PM (#51357367)

    Whatever you do, for the love of god, don't give us a broad outline of attack vectors, who might be vulnerable, or attack mitigation practices.

  • by wonkey_monkey ( 2592601 ) on Saturday January 23, 2016 @01:53PM (#51357579) Homepage

    Hot Potato Exploit

    Name me one potato exploit that isn't hot.

  • "All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system".

    Because that is far more important than security.

    "Windows, The Compatible Family: All Members Are Equally Vulnerable - And In The Same Way!!!"

    • by Anonymous Coward

      It is. Nobody uses Windows because of security.

  • ...still runs on Win10 (32bits), I tested an application from 1993, it works fine, I must say this is impressive ;)

You know you've landed gear-up when it takes full power to taxi.

Working...