Computer News & Safety – Harry Waldron Rotating Header Image

February 11th, 2019:

Apple Security – JAN-2019 updates released

https://www.us-cert.gov/ncas/current-activity/2019/02/07/Apple-Releases-Multiple-Security-Updates

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system.   The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Security – UAC can mitigate attacks in 2019

Years ago, UAC was introduced in Windows Vista and there have been mixed past reviews.  It was felt to be too restrictive originally in Vista, resulting in frequent prompting for permissions from user.  However as documented in this interesting PENTEST account, it can stop or slow some attacks from the outside, when strategically enabled.

https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/

User Access Control (UAC) is a feature Microsoft added long time ago (initially with Windows Vista) in an attempt to limit what local administrators can do on Windows. Basically, when a user logs in that is a local administrator, his session token will only have basic privileges, even though the user is actually an administrator.

In case the user wants to perform an activity that requires administrator privileges, the UAC system will ask the user to confirm the action. With modern Windows, when UAC is triggered, all applications and the taskbar is generally dimmed indicating that something important in happening. As I do a lot of internal penetration tests, I actually quite often see that companies disable UAC for the whole enterprise. In many cases administrators complain that UAC causes them some problems and (as always in security), the easiest way is to disable the feature.

However, in a recent test I actually had an interesting challenge where UAC practically saved the day. Here is what happened.  The lesson of this story was that one should not just blindly disable UAC – there are cases where it definitely helps. As with any other security control, it will not solve everything, but can slow down an attacker or make him become more visible, which in the end can help defenders