Get Your Copy.
The Countermeasure is delivered to your inbox each Saturday, giving you insights on enterprise security developments you may have missed.
Gimme back my RID
‘RID hijacking’ Can Create Permanent Backdoor Into Windows PCs
Security researcher Sebastián Castro has discovered a way to target a Relative Identifier (RID) – a code that describes a Windows user’s permissions group – and assign that RID to a different user. This could, in theory, give admin permissions to a hacker who has any foothold in a Windows system and gain a permanent backdoor with full SYSTEM access.
The attack works on Windows versions from XP to Windows 10 and from Server 2003 to Server 2016. Interestingly, although Castro first announced his discovery 10 months ago, no malware attacks using the exploit have been discovered yet. Nor has Microsoft issued a comment, or a fix.
Countermeasure: Make it harder for an attacker to gain an initial foothold; do not expose the PC on the Internet without password protection. Also, in the ZDNet article, Castro details how to find out if an RID has been tampered with.
“Album by Google Photos” App in Microsoft Store is Actually Ad-clicker Malware
The free app pretends to be from Google, but actually opens hidden advertisements in Windows 10. The app connects users to Google Photos, but it also repeatedly connects to remote hosts and display advertisements in the background in order to generate revenue for the developers.
The ads will not be visible to users, but if any ad has an audio component, that will be audible. So if your computer starts talking to you, you may wish to look at what apps are installed.
Countermeasure: Read app reviews. In this case Microsoft Store users identified the app as a fake and said so in several reviews.
Microsoft's Fix for the Zero-Day JET Flaw Limits the Vulnerability but Doesn’t Eliminate it
In October’s Patch Tuesday, Microsoft released a fix for a vulnerability in its JET Database Engine. However, Mitja Kolsek at 0patch said, “we found the official fix… only limited the vulnerability instead of eliminating it.” Krebs on Security has a list of other vulnerabilities mended this Patch Tuesday.
Countermeasure: 0patch offers a micropatch that claims to fix the JET problem until Microsoft issues a more comprehensive patch.
GitHub Security Alerts Now Support .NET, Java
This week’s GitHub update included the expansion of the Security Alerts feature to support .NET and Java. Security Alerts scans a project's dependencies for outdated libraries and modules for which known vulnerabilities exist. If any are found, it will show or send an alert to the developer.
Security Alerts already supported Ruby and Python projects, and .NET support was rumored to be on the way once Microsoft bought GitHub in June. The GitHub update also included the Security Advisory API, designed to help developers or companies managing large numbers of projects consolidate important security information in one place.
Countermeasure: Developers interested in using Security Alerts can get more detailed information here.
Video of the Week
"Privacy for Tigers"
Ross Anderson of Cambridge University gives a presentation on how data mining can affect endangered wildlife.
Tools Worth Checking Out
12 Free Ready-to-Use Security Tools
- Steve Zurier, Dark Reading
Online Privacy Tool Recommendations
- John E Dunn & Christina Mercer & Thomas Macaulay, TechWorld
Books of Note: "Click Here to Kill Everybody"
Security expert Bruce Schneier wrote a book called Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. A review in the Financial Times said it “should be required reading for politicians worldwide”.