1(630)802-8605 Ravi.das@bn-inc.net

Yes, we all use Windows to some degree or another.  Some of us are highly  dependent upon it like me for doing my writing, while others may use it less frequently.  In fact, it is the de facto standard that is used on just about every business or corporation out there.  While Windows is a rather powerful OS and Microsoft Office is a rather potent one to use for creating all sorts of things, it does have its limitations.

Let’s take the example of “Word”.  For me, it is great to use for writing my books, and doing long form articles, but if you  ever wanted to create something ultra super sophisticated like online FAQ or a procedures manual in HTML, it will simply not suffice.

In  these instances, a tech writer is better off using a tool like Mad Cap Flare or even the Adobe Technical Communications Suite.

For my needs, Word is probably enough. I really like  the way how easy it is to create and drop in tables, do basic art work (obviously not as sophisticated as Visio), and even the hundreds of kinds of writing styles that one can choose from.  But, there are the times that I do hate it as well.

First, is when I am in the middle of writing and pause for just a few seconds, the cursor will just bounce around from the middle of no where and go somewhere else.  So when I start typing again, the new words get jumbled with the existing sentences.  Thank Heavens for the Undo button.

Second, I also utterly despise Word when the document simply gets locked up after you want to exit it.  This is where the handy Task Manager comes into play.  With a simple CNTRL + ALT + DELETE you can call it up, and stop the task at hand.  But if you are writing a document, make sure that you save consistently, or if not, you will lose all unsaved work when using the Task Manager.

It is with this in mind that I bring to you a major Security flaw that has just been  discovered in Task Manager.  For some reason or another, an end user can actually have their privileges escalated automatically.  Apparently, this flaw is found in the Advanced Local Procedure Call (ALPC) interface of the Task Manager.

According to experts from Microsoft:  “Microsoft Windows task scheduler contains a vulnerability in the handling of ALPC, which can allow a local user to gain SYSTEM privileges . . . we have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems.”  (SOURCE:  https://www.scmagazine.com/microsoft-windows-task-manager-contains-local-privilege-escalation-vulnerability/article/791680/).

The scary part about this:  There is currently no fix for this yet.

My thoughts on this?

To me, and probably even to you, this is really not a big deal, as we use our laptops locally, and the chances of a Cyber attacker actually penetrating through to get to our Task Manager is pretty low.  This is of course, assuming that we are using our own private networks in order to connect to the Internet.  This could be an entirely different issue if you connect to a public hotspot, such as Starbuck’s or Panera Bread.

But, the real issue comes down to the business or corporation that has many employees connected to a network drive(s). In these situations, a Cyber attacker has a much greater chance of attempting to break through the lines of defense, and if successful, and even remotely hijack your employee’s workstations, or laptop, and gain the escalated privileges from there.

If the Cyber attacker is successful at this point, then all havoc can the break loose. For example, he or she could launch an internal like Botnet attack, where they can take control over just one computer, and from there, use that to launch attacks simultaneously.

Or, the situation could be the reverse:  Once one computer has been hijacked, then that can also be used to launch a Botnet attack against other computers that are outside of the organization.

If a Cyber attack does happen like this, a forensics investigation will  show that the Botnet originated from that particular business or corporation, thus, making them  an unsuspecting victim, and also giving them a bad image in the eyes of the public.

It is recommended that one of the best ways to combat this threat is for the Network Administrator of an organization to keep monitoring all of their security devices, such as  the Firewalls, Network Intrusion Devices, Routers, etc.  They should pay very careful attention to the alerts that come out, and closely scrutinize all of the log files for any anomalies or other types of erroneous behavior.

Everybody  is still waiting to hear back from Microsoft on this one, but there could be a chance that a patch for this may not be available until September 11th.  Until then, that gives the Cyber attacker a two week time period to fully exploit this vulnerability.