OH NO NO NO NO

Kek

I know I do. I got fired from my job for suggesting that they should just use containers or even VMs rather than permanently clinging to Windows 7.

Cucked wayland shill

No, you got fired for being an incompetent pajeet.

Do you imply that you need to be root to take a screenshot of your desktop?

1- Stop ctfmeme
2- cmd, type this
regsvr32 /u msctf.dll
3- regedit, delete ctfmon value under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
4- Control Panel -:> regional blabla -> languages -> details -> check the 2nd box
5- Restart

you are welcome

Attached: XP screenfetch.png (1366x768, 1.11M)

No, you just need to launch a program that is setuid root.

>Ormandy responsibly reported his findings to Microsoft in mid-May this year and released the details to the public today after Microsoft failed to address the issue within 90 days of being notified.
NOOO PAJEET RAJESH SON STOP SHITTING IN THE STREET AND FIX THIS PRO-
NOOOOOO

>This technique can only be exploited by a local user, so it does require the attacker having a user session on the machine
it's fucking nothing

Windows 7 is the best Windows operating system. Shitdoze 8 was garbage, Shitdoze 10 is a horrendous pile of shit that says "you dont own nuffin'" as its an operating system for NPC-cattle.

I prefer to create a write Deny ACE for LocalSystem and TrustedInstaller. But yeah, yours has the bonus of working for non-NTFS volumes.

I'll bet it requires Administrator to do any damage, too. In other words, it's ABSOLUTELY fucking nothing.

It only requires any other known window process running as administrator. Which Windows provides.

ok here's a question I've had forever because I know nothing about OS.
If ctfmon.exe can escalate privileges, then even if they patch it, can't you just write a new ctfmon.exe and give yourself admin rights? all you need is a compiler and the source? Or i guess answering my own question, the services in the kernel that ctfmon was using were badly designed and exploitable, and once those services are fixed by msoft they can't be abused again.
So an attacker wants to focus on kernel services to gain root

also this is kind of funny, the pajeets were right all along
>A few fraudulent anti-virus and tech-support companies have been trying to present genuine processes in the Windows Task Manager as a virus or malware to fool customers into buying their product or service. One such case is with the process ctfmon.exe or CTF Loader.

This won't affect my life at all.

The CTF in msctf is for all the free roots we got today.

It literally works even if you delete ctfmon.
Are you guys on crack?

It doesn't, and in all fairness it doesn't really matter since you need physical access to exploit this.

Sure, Microsoft probably didn't patch it because it was a low priority issue that is hard to exploit.

How can this be exploited remotely? This looks like it requires physical access because you need to be able to sign in as a regular user and run an .exe.

>svchost.exe was malware all along

Attached: 1565544766684.gif (480x270, 244K)

You don't need physical access, you just need to embed malware into a regular unprivileged program that your victim will run.

>NPC cattle
You mean the nigger cattle? Terry would be ashamed...

>You just need to trick the retard into running this specific program
And whoever retard falls for it, deserves what happens to them.

What's your point?

Can someone upload a vocaroo of them reading out the article, thanks in advance.

Looks like Google is constantly looking for competitors flaws. Wonder if they're getting some deep government money to find these things and disclose the ones gubment don't want.

That this is a non-issue unless you're mentally handicapped, like one of the Anons you quoted said.

gates.neocities.org/

You reminded me if this site.

The control that windows 7 gives the user compared to windows 10 is very ,very inconvenient for corporations like microsoft and google, yes

This is functionally equivalent to physical access.

"invoice.pdf.exe" sent over email doesn't qualify as remote access.

No, but if you'd like, here's a video of the hack from the guy who researched it:
youtube.com/watch?v=quenNNqoDBs

This is why i only put it in a virtual machine. Only thing i need windows for is excel.

I suspect there is more to the story.

>haha preying on people is good!
kill yourself, boomer.

>google researcher discovers bug
>google also heavily promoting chromebooks
>google unwilling to admit that its compromised constantly
hmm

That's fucking cool

>hey user the exploit you published doesn't work
github.com/taviso/ctftool/issues

> backdoor
> flaw
pick one. It's working as intended.

It requires the x86 (NOT X64) version of Visual C++ 2015 Runtime for the hack to work.

lol

the need full x86 sirs

Fuck this shit, I'm not turning the updates back on here in my Windows 10 installation.

based windows 7

Attached: 1538710513829.png (688x603, 36K)

This user here gets it.

probably administrator, not the guy you asked BTW

During the course of this argument that led you to be fired, did you, by any chance, happen to call your direct superior a faggot, nigger, retard of any combination of the three?

I'd belive this, but only if you work in Healthcare

damn....freetards btfo!

that doom video is interesting
it's a shame about the current state of windows, yet it's still the best platform for games

I would say it's only good for legacy proprietary software that can't be easily ported to another OS. Games ported to GNU/Linux often run better there.

that's true, does bill gates even give a shit or have any role in windows now? I can't imagine him approving of win10
I wish all versions of windows just had their source code leaked, what kind of chaos would that cause?

>new Android exploit
>wait until phone maker finally pushes an OTA update

>iOS exploit
>wait for Apple to release a patch and hope it doesn't require an upgrade that makes your phone lag badly

>Linux exploit
>apply patch file and recompile stuff

>Windows exploit
>just run a couple commands, there, all fixed

They do for now, until five years down the road when some API implementation or whatnot gets overhauled with zero effort towards backwards compatibility.

There will be some pretty upset three-letter-agencies out there now that this has become public knowledge

Attached: eff-nsa-utah-data-center.jpg (5184x3456, 3.32M)

I'm OK with it. Having TLAs come through the door every five minutes so they could use this requires-physical-access exploit was pissing me off.
t. works in iranian atomic weapons division

Windows is broken, everyone knows this. This isn't news or shock anyone not even normies. Google are trying to market their own is but nobody is going to react to this, all people care is software support.

>the control

you mean the telemetry they discovered in 2014?

let's windows monitor the text/input status of all open applications.

Thanks, I guess? But why is Google focused on fixing other companies issues and not their own. Like they’re trying to take attention off themselves.

Next headline:
>Google finds that hiring Indians was a bad idea.

No, you're wrong. Any X client may read contents of any other client connected to the same X session.

>"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."
>nobody
really, nobody?

no one noticed?

noooo bodyyyyy?

Attached: microsoft.png (1300x4704, 1.14M)

I love that screenshot - because nearly everything in it is so wrong it hurts to read it. People who only have the most casual understanding of (for example) the development of Vista can see the colossal holes in the story that you could drive the fucking Orion Arm through.

I get ctfmon.exe Unknown Hard Error popup spam in Safe Mode login screen, made typing the password pretty difficult until I realized I can just ignore the popup

enjoy no games cuckolds :D

>local

Attached: 3a0.gif (250x250, 277K)

itodlels btfo
le_satania.png

lmao at seething winfags in this thread

Don't do it your computer will start producing mustard gas

not directly from memory but with xdotool I fire crtl+c +a and echo xclip to work with.

I don't really understand why this is bad. It is nice to have this feature in X because it allows to build parsers for nearly everything. I have been doing this with a few programs and being able to do this in windows sounds great. If you share your computer with someone you got other problems anyways. Things that are only local aren't an issue for me.
>inb4 you have no issue that any program of anyone you use can read and talk to any other program?
No. Just watch out what you are using.

>to try to deceive or harm weaker people
I'm literally not caring. If people is too retarded to fall for this, they shouldn't use a PC in the first place.
Also kill yourself, retard.

That's referred to as local access, local code execution or arbitrary code execution

am I the only one here who downloads the past, reverse engineers the patch, does a binary differential analysis against the patch and the executable currently on my machine, and then write shellcode to work against all the people who haven't bothered to update yet?

Attached: 1565395326607.webm (854x480, 854K)

no

Attached: 1564352637839.jpg (1034x1053, 89K)