Frustrated Security Researcher Discloses Windows Zero-Day

There’s a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn’t alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Microsoft apparently fixed a zero-day issue with the latest round of “Patch Tuesday” updates, but left another unpatched and incorrectly fixed. Naceri bypassed the patch and found a more powerful variant. The zero-day vulnerability impacts all supported versions of Windows, including Windows 8.1, Windows 10, and Windows 11.

“This variant was discovered during the analysis of CVE-2021-41379 patch. The bug was not fixed correctly, however, instead of dropping the bypass. I have chosen to actually drop this variant as it is more powerful than the original one,” explained Naceri in a GitHub post.

His proof of concept is on GitHub, and Bleeping Computer tested the exploit and ran it. It is also being exploited in the wild with malware, according to the publication.

In a statement, a Microsoft spokesperson said that it will do what is necessary to keep its customers safe and protected. The company also mentioned it is aware of the disclosure opf the latest zero-day vulnerability. It mentioned that attackers must already have access and the ability to run code on a target victim’s machine for it to work.

With the Thanksgiving holiday in the U.S., and the fact that a hacker would need physical access to a PC, it could be a while until a patch is released. Microsoft usually issues fixes on the second Tuesday of each month, known as “Patch Tuesday.” It also tests bug fixes with Windows Insiders first. A fix could come as soon as December 14.

Editors’ Choice

Repost: Original Source and Author Link


PlayStation owners grow frustrated as PSN outage spans weekend

A number of PlayStation owners reported issues playing certain games starting on Friday. Soon after the reports started rolling in, Sony updated its PlayStation Network status to indicate that it is experiencing issues in its ‘games and social’ category — an issue that has persisted through Saturday and into Sunday with no clear relief in sight.

Sony acknowledged that its PSN is having problems, but it has since remained quiet about the issue. It’s unclear when the issue is expected to be fixed and what is behind the troubles. The problem revolves around network gameplay, making it difficult to get into online matches in some games like Fortnite.

Down Detector continues to show issues with the PSN, with reports remaining steady through around midnight Eastern Time into Sunday. The majority of reports from users cite issues with playing games, though a significant portion also states they’re having problems signing into their PlayStation accounts.

Likewise, some PlayStation owners are also reporting issues with the platform’s social features, which include things like messaging and parties. Sony notes on its PSN status website that this issue is impacting the PlayStation 4 and PlayStation 5, as well as the older PS Vita handheld console and the PS3.

Sadly, this isn’t the first PlayStation Network outage that has persisted over multiple days; it’s hard to guess when the solution will finally arrive. The outage hit only a day after Microsoft experienced similar issues with its Xbox services, but that problem was quickly resolved.

You can monitor the outage on Sony’s PlayStation Network status website.

Repost: Original Source and Author Link