[WARNING] Microsoft stumbles? Allows compromised drivers?

Metanis · Oct 16, 2022

This one may be worth a Sunday read. Yet another attack surface? When Microsoft closes this loophole expect some work on machines that quit booting.

How a Microsoft blunder opened millions of PCs to potent malware attacks

Microsoft said Windows automatically blocked dangerous drivers. It didn’t.

arstechnica.com

xxenon · Oct 16, 2022

Yes, I just ran the Dormann script on my own machines, and it didn't execute properly on any of them.
Turn out you have to use Ctrl+v to paste. Rt-clk and paste won't work.
The question is, should I now contact all my customers and run this on their machines?

Sky-Knight · Oct 16, 2022

makes it easy for an attacker with administrative control to bypass Windows kernel protections.

That's the entire article. Attackers have to own the box before they can own the box. I don't much care that the kernel is being "bypassed" by admin processes, that's NORMAL USE of any operating system. Which reduces this entire article to click bait.

If "attacks are surging" it's not because of this, it's because people are using admin accounts in inappropriate places.

Metanis · Oct 16, 2022

xxenon said:
Yes, I just ran the Dormann script on my own machines, and it didn't execute properly on any of them.
Turn out you have to use Ctrl+v to paste. Rt-clk and paste won't work.
The question is, should I now contact all my customers and run this on their machines?

I followed the Microsoft guidance. It was simpler than messing around with a 3rd party PowerShell script.

I also wouldn't get proactive doing this to customer machines unless the customer is known to create problems for themselves by installing every little tweak program that comes along.

Blues · Oct 17, 2022

Sky-Knight said:
That's the entire article. Attackers have to own the box before they can own the box. I don't much care that the kernel is being "bypassed" by admin processes, that's NORMAL USE of any operating system. Which reduces this entire article to click bait.

If "attacks are surging" it's not because of this, it's because people are using admin accounts in inappropriate places.

I am always happy when someone else says these things as I hate to see these stories that unnecessarily create panic and fear.

britechguy · Oct 17, 2022

Blues said:
I am always happy when someone else says these things as I hate to see these stories that unnecessarily create panic and fear.

As am I. I've labeled this sort of thing, "Clickbait meant to induce Pearl-Clutching." And it's irresponsible journalism.

Blues · Oct 17, 2022

Id sadly say much of the so called journalism we get today is in the same class as this where it is just about reader engagement to drive up clicks and such to push add revenue. I feel real journalism is scarce and hard to find more so when you don't want to wade through all the click bait BS there is. Sorry just had to get that rant out.

britechguy · Oct 17, 2022

Blues said:
I feel real journalism is scarce and hard to find more so when you don't want to wade through all the click bait BS there is.

Hence the reason I look only at sources carefully curated by myself that have a history of excellence in journalism (be it general or tech).

There are a number of very popular tech writers where I'd gnaw off my own hand before clicking through to an article they've written. And Forbes (regardless of who's writing) when it comes to tech specifically is just a `treasure trove` of incorrect information.

[WARNING] Microsoft stumbles? Allows compromised drivers?

Metanis

Well-Known Member

How a Microsoft blunder opened millions of PCs to potent malware attacks

xxenon

Member

Sky-Knight

Well-Known Member

Metanis

Well-Known Member

Blues

Well-Known Member

britechguy

Well-Known Member

Blues

Well-Known Member

britechguy

Well-Known Member

Similar threads