Right on the heels of Microsoft releasing a record number of security patches, a researcher has published exploit code that can enable low-privilege Windows accounts to make sensitive changes to administrator accounts.
The exploit, which multiple researchers say works, is sending Microsoft scrambling, yet again, to patch a zero-day released by an anonymous researcher who has complained about the software maker’s handling of their bug reports. To date, the pseudonymous NightmareEclypse has published nine such exploits, including Tuesday’s HiveLegacy. The researcher said the proof-of-concept code included in the report was stripped down to prevent attackers from using it maliciously.
A “pretty powerful primitive”
HiveLegacy is an elevation-of-privilege exploit that targets a vulnerability residing in the Windows User Profile Service. It allows users (and with more work likely processes) with limited system rights to compromise an admin user's account by modifying its classes registry hive, a resource that ensures the correct application opens when certain types of files are clicked on in Windows Explorer.Read full article
Comments
在人工智能技术快速迭代的今天,企业正从单纯的模型部署阶段,迈入一个被称为“智能体时代”(Agentic Era)的新阶段。这一转变的核心,不再仅仅是追求模型参数规模的扩大,而是如何将AI投资转化为实实在在的生产力。近日,行业专家指出,企业若想在这一浪潮中保持竞争力,必须学会用“每美元有用工作量”(Useful Work per Dollar)这一全新指标来评估AI投资回报,并以此为基础优化效率、规模化高价值工作流。