Is Windows 11 released?
Windows 11 is due out later in 2021 and will be delivered over several months. The rollout of the upgrade to Windows 10 devices already in use today will begin in 2022 through the first half of that year. That being said, new devices running Windows 11 are still expected to release this year. Moneycontrol.comWindows 11 RTM release date: Intel's support document may have leaked it
22 July, 2021 - 12:01am
Sign up or login to join the discussions!
The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.
As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read. A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years.
The Windows vulnerability came to light by accident on Monday when a researcher observed what he believed was a coding regression in a beta version of the upcoming Windows 11. The researcher found that the contents of the security account manager—the database that stores user accounts and security descriptors for users on the local computer—could be read by users with limited system privileges.
That made it possible to extract cryptographically protected password data, discover the password used to install Windows, obtain the computer keys for the Windows data protection API—which can be used to decrypt private encryption keys—and create an account on the vulnerable machine. The result is that the local user can elevate privileges all the way to System, the highest level in Windows.
“I don’t know the full extent of the issue yet, but it’s too many to not be a problem I think,” researcher Jonas Lykkegaard noted. “Just so nobody is in doubt what this means, it’s EOP to SYSTEM for even sandboxed apps.”
People responding to Lykkegaard pointed out that the behavior wasn’t a regression introduced in Windows 11. Instead, the same vulnerability was present in the latest version of Windows 10. The US Computer Emergency Readiness Team said that the vulnerability is present when the Volume Shadow Copy Service—the Windows feature that allows the OS or applications to take "point-in-time snapshots" of an entire disk without locking the filesystem—is turned on.
If a VSS shadow copy of the system drive is available, a non-privileged user may leverage access to these files to achieve a number of impacts, including but not limited to:
Researcher Benjamin Delpy showed how the vulnerability can be exploited to obtain password hashes or other sensitive data:
Currently, there is no patch available. A Microsoft representative said company officials are investigating the vulnerability and will take appropriate action as needed. The vulnerability is being tracked as CVE-2021-36934. Microsoft said here that exploits in the wild are "more likely."
“We successfully exploited this uncontrolled out-of-bounds write and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation,” researchers from Qualys, the security firm that discovered the vulnerability and created proof-of-concept code that exploits it, wrote. “Other Linux distributions are certainly vulnerable, and probably exploitable.”
The exploit Qualys described comes with significant overhead, specifically roughly 1 million nested directories. The attack also requires about 5GB of memory and 1 million inodes. Despite the hurdles, a Qualys representative described the PoC as “extremely reliable” and said it takes about three minutes to complete.
Here’s an overview of the exploit:
1/ We mkdir() a deep directory structure (roughly 1M nested directories) whose total path length exceeds 1GB, we bind-mount it in an unprivileged user namespace, and rmdir() it.
2/ We create a thread that vmalloc()ates a small eBPF program (via BPF_PROG_LOAD), and we block this thread (via userfaultfd or FUSE) after our eBPF program has been validated by the kernel eBPF verifier but before it is JIT-compiled by the kernel.
3/ We open() /proc/self/mountinfo in our unprivileged user namespace and start read()ing the long path of our bind-mounted directory, thereby writing the string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated buffer.
4/ We arrange for this "//deleted" string to overwrite an instruction of our validated eBPF program (and therefore nullify the security checks of the kernel eBPF verifier) and transform this uncontrolled out-of-bounds write into an information disclosure and into a limited but controlled out-of-bounds write.
5/ We transform this limited out-of-bounds write into an arbitrary read and write of kernel memory by reusing Manfred Paul's beautiful btf and map_push_elem techniques from:
Qualys has a separate writeup here.
People running Linux should check with the distributor to determine if patches are available to fix the vulnerability. Windows users should await advice from Microsoft and outside security experts.
You must login or create an account to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
22 July, 2021 - 12:01am
The new DirectStorage API debuted with Microsoft's next-gen Xbox Series X/S consoles, with the company promising it would debut in developer preview form on the PC in the summer. At the time, it was thought DirectStorage would be a Windows 11 exclusive, but nope.
Program Manager Hassan Uraizee explains: "Microsoft is committed to ensuring that when game developers adopt a new API, they can reach as many gamers as possible. As such, games built against the DirectStorage SDK will be compatible with Windows 10, version 1909 and up; the same as the DirectX 12 Agility SDK".
As for what to expect out of DirectStorage, here's the features you will enjoy:
Anthony joined the TweakTown team in 2010 and has since reviewed 100s of graphics cards. Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering.
22 July, 2021 - 12:01am
Your right-click menu is about to get a lot better
If the name doesn't ring a bell, it's because most of us just call it the "right-click menu." The Windows context menu was designed to give Windows users quick access to common commands like cut, copy, paste, and rename, and sometimes it still does — but these days it just as often gives us headaches as we try to sift through an ever-growing list of commands added by various apps.
This is a known issue, and this week a new Windows blog post lays out what Microsoft is doing to eliminate it in Windows 11. It's a brief, bullet-point list from Microsoft's Xander Fiss outlining what the Windows context menu is meant to do (make your life easier), what it's become (a messy, unorganized list full of cruft), and how it's being streamlined in Windows 11.
"The menu is exceptionally long," writes Fiss. "It has grown in an unregulated environment for 20 years, since Windows XP, when IContextMenu was introduced" and become an unorganized list of commands and actions that can't easily be tamed. Currently, the most common solutions to a messy Windows context menu require editing the registry yourself (often a dicey proposition best left to seasoned users) or downloading third-party utilities to do it for you.
App extensions to the menu (sections of the menu that get added by programs you install) will now be grouped together below the basic Windows shell verbs like open, compress, and properties, which means the Windows 11 right-click menu should look a lot less messy and easier to navigate over time. If you install an app with multiple verbs — that is, it offers multiple options when you right-click something — those verbs will now be grouped together in a pop-out menu, which should also help keep the menu clean and easy to parse.
If you don't like the way it looks, don't worry. Microsoft also lets you access the current Windows 10 context menu by hitting Shift+F10 or clicking "Show more options" at the bottom of the Windows 11 context menu.
There are also some notable improvements to the Share dialog: when you right-click something in Windows 11 and hit the Share button (which lives up top alongside common commands like copy and paste) you'll get a revamped Share menu which lets you control which nearby devices you want to share to, and affords you freedom to share to any apps, not just Windows Store apps.
All of these small improvements add up to one big upgrade that should make the experience of using Windows for day-to-day work smoother and eliminate the scourge of messy, unhelpful context menus.
Thank you for signing up to Tom's Guide. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.
© Future US, Inc. 11 West 42nd Street, 15th Floor, New York, NY 10036.
21 July, 2021 - 02:39pm