Wiki afficionado. "A good eater" according to my grandma. English/Canadian/he/him. VRM @ Rapid7/views my own. Kindness rules.
I write Patch Tuesday analysis every month at the day job: https://www.rapid7.com/blog/tag/patch-tuesday/
| Website | https://dreadpiraterobots.ca |
| GitHub (work) | https://github.com/abarnett-r7 |
| Janitor | https://wiki.infosec.exchange |
I always say “please” and “thank you” to every corporate AI system I interact with.
Not because I hope our robot overlords will spare me.
A little bit because I find it less stressful than being abrupt to the point of rudeness, even to a computer with no feelings or awareness.
Mostly because Sam Altman is an insufferable dweeb though.
RE: https://infosec.exchange/@dreadpir8robots/115979903975220156
"If anyone ever corners you at a party and talks at length about the Ancillary Function Driver as a bounteous source of elevation of privilege vulnerabilities, you will probably have to concede that they are technically correct. While your options include “doing a lap” and then climbing out of the bathroom window, the power move here is to hold your ground, and point to the Common Log File System driver as a far richer vein of exploitable goodness." 🤣
At the day job, I wrote about the past year of exploited-in-the-wild Microsoft vulns. First time I’ve had the opportunity to write about this stuff over several days, instead of frantically scribbling analysis in an hour or two on Patch Tuesday itself.
I’m happy with how it turned out. There’s infographics, and the prose risks the odd detour into light entertainment. Please consider giving it a read. Feedback welcome.
https://www.rapid7.com/blog/post/ve-patch-tuesday-windows-backwards-compatibility-challenge/
Microsoft produces a lot of high quality security advisory material, no doubt. I quite enjoy MSRC blogs, and the Exchange team puts out some great bits, to name just two.
However, any Microsoft security advisory which discusses mitigation controlled by binary switches is a special case.
These are presumably written by someone who was told they could never see their family again, unless they typed out a whole novelette about editing the registry as fast as possible...
...while high on acid and strapped into a gyroscope in a room where two rival chimpanzee factions were having a scream-off.
I've said it before, and I'll say it again: if Microsoft could please stop controlling vulnerability mitigation features using longer and longer binary flags, I would be so happy.
The historic and continuing method employed by Microsoft is shoehorning as many feature flags into a single registry value as possible. Any human wishing to understand this has to do hex/dec to binary conversions on the fly to even have a chance of reading it, and maybe then looking up what is enabled or disabled.
Registry values, last time I checked, were free. Instead of cramming it all into a single decimal registry value 2347624 (or whatever) representing a row of switches like 1000111101001001101000, Microsoft could simply have 23 sensibly-named registry values in the same place, each with a human-readable name, and a sensible human-readable value.
Worse: if you want to programmatically assess mitigation status, you not only have to account for the current state of things, but for the potential for new stuff be to added to the existing registry value.
Whoever at Microsoft keeps inflicting the hard way on the rest of us, please make yourself known. I just want to talk!
RE: https://live.acarsdrama.com/@acarsdrama/115691358913168885
This is a whole mood.
I wonder how @bagder feels about Microsoft mentioning curl at https://support.microsoft.com/en-us/topic/powershell-5-1-preventing-script-execution-from-web-content-7cb95559-655e-43fd-a8bd-ceef2406b705
This isn't really very spicy, and I'm not suggesting that Microsoft are trying to blame curl for Microsoft's previously-insufficient security controls. I knew curl shipped with Windows for quite a few years now, but I guess I hadn't realized (or had never considered) that Invoke-WebRequest is more or less a curl wrapper.
💡 Updated guide to quickly ignore AI Slop:
🧠 github lists, e.g., Claude as a collaborator
✅ README or write-up contains stupid emoji everywhere
🚀 God this is so stupid
*headdesk*
avallach
LangerJan
Jan Schaumann