Windows 8.1 Administrator Access
Windows 8.1 Administrator Access

Windows 8.1 bug Allows Administrator Access

Security,
04
Feb 2015

Windows 8.1 Administrator Access

Google publicly disclosed a Windows 8.1 bug that allows administrator access to PCs. The disclosure highlight a vulnerability affecting millions of users.

This has left Microsoft outraged, especially considering that they were about to release a patch for it.

The news originated from Forshaw, one of Google’s researchers who found the bug and published it online. The bug is backed up by the Google’s POC (proof of concept) scheme, which was tested on an updated version of Windows 8.1. It’s not entirely clear whether earlier versions of Windows, such as Windows 7 operating systems, are also affected by the bug.

Microsoft went on to express their displeasure by stating that such bug reports shouldn’t be released until after a fix has been made available.

According to Microsoft, for such a bug to cause problems, the perpetrator trying to access the computer would need to know the password of the local machine. This is still a big enough risk to have over a network, as any hacker will use this simple fact as motivation to steal passwords and ultimately gain elevated user privileges.

An unpopular decision?

Google’s Project Zero carries out research and bug testing on various systems. Once they find a bug, their policy is to give 90 days for the vendor to fix the issue.  The 90 days disclosure time had passed and Google went ahead and published their report a couple of days short of Microsoft releasing an update, on their patch Tuesday.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

It leaves little to guess why Microsoft recently pulled their ANS (Advanced Notification Service) from the general public and made it only available to paid Premier support clients. This means that only paying customers would know of the security issues before their scheduled release on Patch Tuesday.

The vulnerability: Briefly explained

An internal function exists within the Windows 8.1 operating system, known as AhcVerifyAdminContext. Google’s proof of concept tested this using a couple of programs and some commands to bring up the calculator in Windows as an administrator.

Vulnerability Overview:

  • The vulnerability in unpatched versions of Windows 8.1 has a function which consists of a token. The problem is that this token doesn’t correctly verify if the user logged onto the computer is an administrator.
  • It checks the footprints from user’s impersonation token and matches these between the user’s SID and the system’s SID.
  • What it doesn’t do is verify the token’s impersonation level against anything else.
  • This leads to the vulnerability where an identity token can be added from a local process on the system, and as a result, skip the verification stage.
  • This vulnerability only needs to be exploited by someone who knows that it’s available on an un-patched version of Windows 8.1.
  • The hack could be something like an executable that creates a cache, and uses a registry entry on the computer to reload itself.
  • All that would be required is to use an existing application on the computer to run and elevate these privileges.

The proof of concept Google used includes two program files and a set of instructions for executing it. This resulted in the Windows calculator running as an administrator. Forshaw states that the bug is not in UAC (user access control) itself, but that UAC is used as part of it to demo the bug.

Protecting Yourself and Your Business

We suggest keeping your anti-virus updated, along with Windows Security Updates to patch up known vulnerabilities on the computer. Depending on your office set-up, it is also a good idea to enable firewall on PCs too if not at least your network.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More
What is Google Fiber
What is Google Fiber

What is Google Fiber?

Office Network, ,
02
Feb 2015

What is Google Fiber

Google Fiber is a new Gigabit Internet provider that could be coming to your area. What is Google Fiber and what should you know to be ready?

Will Google have to step on anyone’s toes to roll out such service and what impact can Google Fiber have on businesses and private users? Before we delve into all of this, let’s first understand what Google Fiber is.

What is Google Fiber?

Google is expanding their service portfolio to provide fast Internet to the market and become an established Internet Service Provider (ISP), in hopes of joining the ranks of their competitors AT&T, Comcast and others.
Google is also pushing out the boat by claiming to provide 100 times faster internet speed than other ISPs, with Gigabit (1000 Mbps) download speed. Google Fiber also offers 1TB Cloud storage and TV packages, in addition to their Internet service, to make the plan more appealing and practical to their potential customers.

With Google Fiber, businesses and private users would benefit by having:

The Roadblocks for Google Fiber

Running_utility_lines_fiber

Google is looking to roll out their Google Fiber services across the United States, and have already planned to include metropolitan areas such as San Antonio, Phoenix, Salt Lake City, San Jose, Portland, Nashville, Atlanta, Charlotte and Raleigh-Durham.

Since this covers a wide geographic area with different topology to contend with, Google needs to be able to access the utilities infrastructure in order to install the service, which has become their main obstacle. Therefore in efforts to overcome this obstacle, Google has filed a request to reclassify ISPs under Title II of the Telecommunications Act to the Federal Communications Commission (FCC). If reclassification is granted by FCC, then Google will be able to run their Fiber installation on the same poles their competitors currently use to provide broadband.

This would be a huge victory for Google, but a nightmare for Comcast, AT&T and other broadband providers as they’ll need to adapt to newer regulations and give up a share of the market.

If Google has Title II rejected by the FCC to use the already established infrastructure, this would hinder Google Fiber’s roll out across the country as they’d need to literally build around it, making it even more costly business venture for them.

Where is Google Fiber Active?

At present, you’ll find Google Fiber rolled out and live in the area of :

  • Austin,
  • Kansas City
  • Provo

Google provides a website to check if your address is serviceable by Google Fiber.

If Google is granted Title II by the FCC, that’d make the infrastructure available to move the service quickly across to other cities and areas.

For more ways to speed up your office network to ensure business continuity, contact your local IT professionals.

Read More
Virus Spreading over USB Thumb Drives
Virus Spreading over USB Thumb Drives

Spreading Viruses on USB Thumb Drives

Security, , ,
30
Jan 2015

Virus Spreading over USB Thumb Drives

To stay safe from infections, we’re going to look at how viruses spread over USB thumb drives and how you can protect yourself and your business.

Why would anyone deny the comfort level enjoyed with using USB thumb drives to conveniently transfer data? Beneath it all, there’s more to that data transference than meets the eye.

How Viruses Spread over USB Thumb Drives

It starts with attaching a USB Thumb Drive to a device for it to infect the computer. The machine is then infected using the Windows AutoRun feature which is trigger when a storage device is plugged in. Not only is the data transferred, but the device in which the data goes in becomes infected with malware (virus) and malicious software, causing damage or data loss.

autoruninf_thumb

The virus likely originates from the infected device the USB was connected to before. The process of transferring viruses can stem back through a chain of infected hosts, bringing with it a trail of disruption.

At present, it’s highly likely that most USB Thumb Drives connected to an infected device or PC hoards a virus in it. For instance, a new virus threat known as “BadUSB” works off USB thumb drives and is claimed to be unstoppable, according to security researcher Karsten Nohl.

Types of Viruses

The following types of viruses can infect a computer when the user runs or installs the infected program. Infection can occur through something downloaded from the Internet, or in most cases, loaded onto the computer from USB thumb drives.

  • Worm –a program that replicates itself by exploiting vulnerability on a network.
  • Trojan horse -appears to serve a useful purpose, but actually hides a virus, thus infecting the computer by tricking the victim into installing it willingly.
  • Rootkit – makes itself difficult to detect by hiding itself within the system files of the infected operating system.
  • Spyware -designed to covertly spy on a user and report information back to the originator.
  • Spam – common method of transmitting malware onto a user’s computer, usually via unsolicited email messages containing infected attachments or links to exploited websites.

How to Protect Yourself and Your Business

The most effective means of transferring virus for the hackers are through public data bases. Firstly, it is extremely important for anyone to restrict the use of USB thumb drives on computers based at net cafés, coffee shops, copy shops and even at an airport or a hotel, as they are for public use.

You never know which computer might be infected so plan to use business or personal systems over public computers as they are more vulerable to infected USB Thumb Drive viruses. Secondly, it’s best to run a firewall and update to the latest virus definition on any personal or business computers.

Turnoffautoplay_thumb

We suggest disabling the Auto Run functionality of the drive and avoid downloading “free online software” to better protect any USB thumb drive from adopting those menacing viruses.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More

Know Everything About Your System with Speccy

Office IT, ,
26
Jan 2015

Speccy

Speccy is free software that provides a very detailed view of your computers hardware and software in a easy to understand, user friendly environment.

Speccy lists and provides very crucial and accurate specifications of your computer hardware and software. If you have ever been baffled by trying to find out how much RAM you have installed, what your Windows serial number is and a number of other things that you often have to communicate to your IT professional, then Speccy is worth considering. Here are 3 ways you can use Speccy:

Windows Serial Number

Windows

Sometimes in an emergency the only way to fix your computer is to re-install your OS. In order to re-install a legitimate copy of Windows, you must have your serial number handy. You cannot install install a legitimate copy of Windows without a valid serial number. It is always a good habit to copy and store your serial number somewhere safe in case of a computer emergency. Speccy conveniently lists your serial number and a number of other details for your OS.

RAM or System Memory

RAM

Sometime the best solution to speeding up an old slow computer is to just add more RAM to it. But how do you know if you have any room to add more of it? Or the type? Or the frequency? It is important to know these details when upgrading as different types of RAM are not compatible with each other. Speccy lists all these details in the RAM tab to the left. With this you will know exactly how much and what kind of RAM you are using and what kind of RAM you need to upgrade.

CPU or Processor Information

CPU

The number of cores and clock-speed of your CPU directly equates to the raw power of your CPU.  With CPU’s ranging from a single core all the way up to a whopping 12 cores, knowing how many cores you have will give you an expectation of performance. Other important information is how many gigahertz your CPU runs at and whether your CPU is a 32 bit or 64 bit processor.

Speccy offers vital information that is summarized and easy to understand. If you want to download Speccy head over to their website and give it a shot.

For more ways to improve your office technology’s effectiveness, contact your local IT professionals.

Read More

What is Remote Code Execution?

Network, Security, Uncategorized, ,
22
Jan 2015

binary stream

Why do hackers use remote code execution as a malicious attack on businesses? Here we’ll explain what remote code execution is and why most malware uses it.

Remote execution attacks are very real and should not be taken lightly. This is mainly due to the damage which can result in malware disabling parts of a system and disrupting business operations.

What is remote code execution?

Remote code execution can be best described as an action which involves an attacker executing code remotely using system vulnerabilities.

Such code can run from a remote server, which means that the attack can originate from anywhere around the world giving the attacker access to the PC. Once a hacker gains access to a system, they’ll be able to make changes within the target computer.

The attacker leverages the user’s admin privileges to allow them to execute code and make further changes to the computer. It’s often the case that such user privileges become elevated. Attackers usually look to gain further control on the system they already have a grip on and look to exert control onto other computers on the same network.

Examples of remote execution attack

Whether a business realizes it or not, malware threats are consistently looking for vulnerabilities and a chance to infiltrate past security. In essence, every attacker is an opportunist and they’re unlikely to hold back once they’ve spotted a loophole within a system.

Scenario 1:

Zero-day Internet Explorer Exploit CVE-2014-8967

An employee browses the Internet with the Internet Explorer browser and visits a website, which they were prompted to visit via an unsuspecting email message. Little do they know that the website exploits a bug on their browser, allowing for remote execution of code to occur. The code is set up by a criminal who has programmed it to run on the employee’s computer, and in turn, installs a Trojan virus. A Trojan allows a back door into the computer, which can be accessed at any time by the attacker. At this point, the criminal has complete access to the employee’s data files and will do as they please with it.

Scenario 2:

Windows_XP_End_of_Support

A business runs an unsupported version of Windows on a computer, which happens to be Windows XP.  An employee visits a website, however this website has been compromised, and a bug detects the user working on a computer that has Windows XP. Since this particular operating system is no longer patched by Microsoft, vulnerabilities are eminent. The bug picks up on this and begins remote code execution, set up by a criminal, to run ransom-ware on your computer. The ransom involves the criminal holding the company’s files hostage until payment is made.

How can you protect against remote code execution attacks?

For more ways to secure your systems, contact your local IT professionals.

Read More
1 11 12 13 14