1. 23
  1.  

  2. 6

    So… this is privilege escalation on all Windows versions since XP and it is currently unpatched?

    I don’t know about you, but I run binaries from the internet every workday. I’m not talking about FOSS, either. “Web-based” screen-sharing/conferencing applications that require downloading and executing an .exe come to mind.

    Update: To be clear, some conferencing solutions require each user to download a unique .exe each time you join a conference, not just once to install something..

    1. 2

      Seems there is a patch already, see https://twitter.com/taviso/status/1161297483139407873

      1. 2

        I don’t know about you, but I run binaries from the internet every workday. I’m not talking about FOSS, either. “Web-based” screen-sharing/conferencing applications that require downloading and executing an .exe come to mind. Update: To be clear, some conferencing solutions require each user to download a unique .exe each time you join a conference, not just once to install something..

        That sounds like it can’t possibly be secure unless you either trust the people creating this software or you run them in throwaway-VMs. And I wouldn’t trust people creating software that asks you to run random EXEs all the time…

        1. 1

          It’s Cisco.

      2. 5

        Wow, just wow. Does anyone else perk up like a kid with a Christmas stocking whenever they see a Taviso post?