Pulse of Truth

1298 readers

17 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass (cybersecuritynews.com)

submitted 2 days ago by lemmydev2 to c/pulse_of_truth

1 comments fedilink hide all child comments

A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework. The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. The vulnerability centers around the MFGSTAT.zip […] The post Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass appeared first on Cyber Security News.

top 1 comments

sorted by: hot top controversial new old

[–] mriswith@lemmy.world 2 points 1 day ago* (last edited 1 day ago)

So not only does Lenovo hide executables in alternate data streams, that can be launched as if ran from within the Windows folder. It's writable by logged in users. And it was first discovered six years ago, and is still there.

On top of that, Lenovo is apparently not going to release any patches, they're just going to give out some "remediation guidance".

I live on the other side of the world from their HQ, and I can hear the lawyers screaming and paralegals furiously typing.