Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser.
To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024.
“This will support developers in conducting
Related Posts
Windows’s File History Service Flaw Let Attackers Escalate Privileges
Windows’s File History Service Flaw Let Attackers Escalate Privileges
A Privilege Escalation was recently discovered, which affects Windows’s File History service and can be used by threat actors to gain escalated privileges on a Windows System.
This issue was reported to Microsoft, and necessary patches have been published to fix this vulnerability.
File History for Windows is a backup and restore feature that automatically backs up the data stored in Libraries, Desktops, Favourites folder, etc. It can also backup the data to an external source like USB, Flash drive, or HDD.
CVE-2023-35359 – Windows Privilege Escalation
This vulnerability exists since the File History runs with system privileges that can be exploited to elevate the privileges from a normal user to a system user in order to perform malicious activities as a system user.
When the File History service is started, it loads the core file fhsvc.dll and the CManagerThread::QueueBackupForLoggedOnUser function, which is found to be vulnerable. This function simulates the logged-in user and loads the fhcfg.dll file, which is the root cause of this vulnerability.
File History can be manually started by a normal user, and additionally, the DosDevices can also be modified. Moreover, when fhcfg.dll is loaded, it also contains the resource for a manifest, and the csrss.exe (Client/Server Runtime Subsystem) also impersonates the identity of the normal user.
A normal user can modify the DosDevices to point to a fake directory like C:UsersPublictest, followed by the csrss.exe. The fake directory must contain a link to another DLL, which will be used for escalating privileges.
SSD Disclosure has published a complete report, which provides detailed information about the proof-of-concept, exploitation method, and the core cause of this vulnerability.
Affected Products
ProductPlatformsAffected VersionsWindows Server 2019×64-based Systemsaffected from 10.0.0 before 10.0.17763.4737Windows 10 Version 180932-bit Systems, x64-based Systems, ARM64-based Systemsaffected from 10.0.0 before 10.0.17763.4737Windows Server 2019 (Server Core installation)x64-based Systemsaffected from 10.0.0 before 10.0.17763.4737Windows Server 2022×64-based Systemsaffected from 10.0.0 before 10.0.20348.1906affected from 10.0.0 before 10.0.20348.1903Windows 11 version 21H2x64-based Systems, ARM64-based Systemsaffected from 10.0.0 before 10.0.22000.2295Windows 10 Version 21H232-bit Systems, ARM64-based Systemsaffected from 10.0.0 before 10.0.19044.3324Windows 11 version 22H2ARM64-based Systems, x64-based Systemsaffected from 10.0.0 before 10.0.22621.2134Windows 10 Version 22H2x64-based Systems, ARM64-based Systems, 32-bit Systemsaffected from 10.0.0 before 10.0.19045.3324Windows 10 Version 150732-bit Systems, x64-based Systemsaffected from 10.0.0 before 10.0.10240.20107Windows 10 Version 160732-bit Systems, x64-based Systemsaffected from 10.0.0 before 10.0.14393.6167Windows Server 2016×64-based Systemsaffected from 10.0.0 before 10.0.14393.6167Windows Server 2016 (Server Core installation)x64-based Systemsaffected from 10.0.0 before 10.0.14393.6167Windows Server 2008 Service Pack 232-bit Systemsaffected from 6.0.0 before 6.0.6003.22216Windows Server 2008 Service Pack 2 (Server Core installation)32-bit Systems, x64-based Systemsaffected from 6.0.0 before 6.0.6003.22216Windows Server 2008 Service Pack 2×64-based Systemsaffected from 6.0.0 before 6.0.6003.22216Windows Server 2008 R2 Service Pack 1×64-based Systemsaffected from 6.1.0 before 6.1.7601.26664Windows Server 2008 R2 Service Pack 1 (Server Core installation)x64-based Systemsaffected from 6.0.0 before 6.1.7601.26664Windows Server 2012×64-based Systemsaffected from 6.2.0 before 6.2.9200.24414Windows Server 2012 (Server Core installation)x64-based Systemsaffected from 6.2.0 before 6.2.9200.24414Windows Server 2012 R2x64-based Systemsaffected from 6.3.0 before 6.3.9600.21503Windows Server 2012 R2 (Server Core installation)x64-based Systemsaffected from 6.3.0 before 6.3.9600.21503Source: cve.org
Users of these products are recommended to upgrade to the latest version, as mentioned by Microsoft.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Windows’s File History Service Flaw Let Attackers Escalate Privileges appeared first on Cyber Security News.
Cyber Security News
A week in security (April 22 – April 28)
A week in security (April 22 – April 28)
[[{“value”:”
Last week on Malwarebytes Labs:
Ring agrees to pay $5.6 million after cameras were used to spy on customers
TikTok comes one step closer to a US ban
Google ad for Facebook redirects to scam
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
Billions of scraped Discord messages up for sale
Last week on ThreatDown:
MITRE breached through Ivanti Connect Secure vulnerabilities
Microsoft warns about actively abused vulnerability in Windows Print Spooler service
5 key benefits of the ConnectWise Asio and ThreatDown Integration for MSPs
Update now! CrushFTP vulnerability allows data theft and possibly server compromise
Patch now! Cactus exploits Qlik Sense to deliver ransomware
Stay safe!
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
“}]] Read More
Malwarebytes
N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
The North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz.
Jamf Threat Labs, which disclosed details of the malware, said it’s used as part of the RustBucket malware campaign, which came to light earlier this year.
"Based on previous attacks performed by BlueNoroff, we suspect that this malware was a late Read More
The Hacker News | #1 Trusted Cybersecurity News Site