A WINDOWS 7 VULNERABILITY

A WINDOWS 7 VULNERABILITY

Security researcher accidentally discovers Windows 7 and Windows Server 2008 zero-day

A WINDOWS 7 VULNERABILITY

A French security researcher has accidentally discovered a zero-day vulnerability that impacts the Windows 7 and Windows Server 2008 R2 operating systems while working on an update to a Windows security tool.

The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.

  • HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper
  • HKLM\SYSTEM\CurrentControlSet\Services\Dnscache

French security researcher Clément Labro, who discovered the zero-day, says that an attacker that has a foothold on vulnerable systems can modify these registry keys to activate a sub-key usually employed by the Windows Performance Monitoring mechanism.

“Performance” subkeys are usually employed to monitor an app’s performance, and, because of their role, they also allow developers to load their own DLL files to track performance using custom tools.

While on recent versions of Windows, these DLLs are usually restricted and loaded with limited privileges, Labro said that on Windows 7 and Windows Server 2008, it was still possible to load custom DLLs that ran with SYSTEM-level privileges.

Issue discovered and disclosed accidentally

But while most security researchers report severe security issues like these to Microsoft in private, when they find them, in Labro’s case, this was too late.

Labro said he discovered the zero-day after he released an update to PrivescCheck, a tool to check common Windows security misconfigurations that can be abused by malware for privilege escalation.

The update, released last month, added support for a new set of checks for privilege escalation techniques.

Labro said he didn’t know the new checks were highlighting a new and unpatched privilege escalation method until he began investigating a series of alerts appearing on older systems like Windows 7, days after the release.

By that time, it was already too late for the researcher to report the issue to Microsoft in private, and the researcher chose to blog about the new method on his personal site instead.

ZDNet has reached out to Microsoft for comment today, but the OS maker has not provided an official statement before this article’s publication.

WIN 7 AND 2008 HAVE REACHED END OF LIFE

Both Windows 7 and Windows Server 2008 R2 have officially reached end of life (EOL) and Microsoft has stopped providing free security updates. Some security updates are available for Windows 7 users through the company’s ESU (Extended Support Updates) paid support program, but a patch for this issue has not been released yet.

DAWG SAYS: REMEMBER IF YOU ARE STILL USING THESE VULNERABLE PLATFORM, THEY ARE NO LONGER SUPPORTED BY MICROSOFT, AND YOU WILL NOT RECEIVE A “FIX” FOR IT.

YOU ARE BETTER OFF GOING TO WINDOWS 10 FOR SAFETY.


DIPSHIDIOT THANKSGIVING PROTESTORS TOPPLE MORE STATUES

DIPSHIDIOT THANKSGIVING PROTESTORS TOPPLE MORE STATUES

Statues vandalized over Thanksgiving in ‘LANDBACK’ campaign

DIPSHIDIOT THANKSGIVING PROTESTORS TOPPLE MORE STATUES

While families across the U.S. were celebrating Thanksgiving with scaled-down gatherings or Zoom calls, protesters were toppling historical statues and monuments.

In Washington state, the Spokane Police Department reported that a statue of 16th President Abraham Lincoln was vandalized with red paint, while multiple colonial statues — including one of George Washington — were defaced and toppled overnight in Minneapolis.

“No more genocide” and “all colonizers are bastards” were scrawled in red graffiti on the works.

The Pan-Indigenous People’s Liberation (PIPL) network took responsibility for the move and explained in a statement that it was partly in response to a callout for a “national decolonial day of action.”

The American Indian Movement had previously pulled down a statue of explorer Christopher Columbus outside the state capitol.

Portland, Ore., protesters tagged local markets and a monument dedicated to the veterans of the Civil War, Mexican, Spanish and Indian wars with anti-colonialist rhetoric.

THREE ARRESTS MADE

Local law enforcement arrested three suspects at Portland’s Lone Fir Cemetery.

The Midwestern hub of Chicago witnessed a similar effort, though protesters ultimately failed to knock down a park statue of President William McKinley on Wednesday.

The words “land back” were painted in multiple cities, referring to the LANDBACK campaign. The indigenous movement aims to develop communities in a sustainable manner, defend American land and fight against White supremacy.

“We must continue to decolonize our minds, communities, and sovereign nations,” LANDBACK says in its mission statement. “The decolonization of our communities and people is directly related to our ability to prosper.”

“Through the revitalization of our Indigenous ceremonies, culture, languages and life ways we will continue to strengthen our identity, and break free from the oppressive systems that disconnect us from achieving the healing growth and connection to spirit that is integral for us as Indigenous people,” they wrote.

As citizens took to the streets in droves following the police killing of George Floyd, state and local governments were forced to make decisions over whether to remove Confederate statues and monuments that — in some cases — had been standing for over a century.

DAWG SAYS: THESE CLOWNS ARE NEVER HAPPY AND I WONDER IF THEY WERE WEARING MASKS AND GOING TO BE JAILED BY THE OREGON GOVERNOR.


TRUMP HAS MAJOR CAMPAIGN DEBTS

TRUMP HAS MAJOR CAMPAIGN DEBTS

Trump Set to Leave Office with at Least $850,000 of Unpaid Campaign Rally Bills

TRUMP HAS MAJOR CAMPAIGN DEBTS TO PAY

With just weeks until his presidency ends, several cities across the U.S. are still owed payments from Donald Trump‘s campaign for rallies he held, totaling hundreds of thousands of dollars.

The Texas city of El Paso said this week that they will be hiring outside legal counsel as part of their fight to obtain more than $500,000 from Trump’s team to cover the security and other costs from a rally held there in February 2019.

The outstanding debt includes $470,000 in additional services provided by the local police and fire departments, as well as an additional $99,000 in late fees.

Last year, the Center for Public Integrity included El Paso among a list of 10 cities still waiting for payment from the Trump campaign team for rallies as far back as 2016.

A number of city officials have now confirmed to Newsweek that they have still not received the money that they invoiced, with some accepting that it may never arrive.

The debts range from just a few thousands dollars to more than $200,000 in Albuquerque, with El Paso owed the most of them all.

The city of Burlington, Vermont, confirmed that Trump’s team still has not paid the $8,464.27 amount they are owed from a campaign rally he held there in January 2016 before he was elected president.

“Mr Trump’s failure to cooperate with local law enforcement officials and lack of communication with the public and ticketholders put undue strain on the City’s police, and unnecessarily hurt downtown businesses,” Burlington Mayor Miro Weinberger said in June 2016.


 

SANTA DECLARED ESSENTIAL IN IRELAND

SANTA DECLARED ESSENTIAL IN IRELAND

Ireland declares Santa’s work “essential” so he can dodge quarantine

SANTA DECLARED ESSENTIAL IN IRELAND

It’s okay, kids, the coronavirus won’t keep Father Christmas at bay — not in Ireland, at least. Self-quarantine rules will not apply to Jolly Old Saint Nick, Ireland’s top diplomat confirmed on Thursday, seeking to allay any fears that might be fueling anxiety in children who’ve had plenty to worry about this year.

Concern grows over impact of COVID-19 pandemic on children’s mental health

“We have been working on the Santa Claus issue for a number of weeks,” Foreign Minister Simon Coveney said on the floor of the Irish parliament, without so much as a twinkle in his eye. “It’s important to say to all children in the country that we regard Santa Claus’ travels as essential travel for essential purposes, and therefore he is exempt from the need to self-quarantine for 14 days and should able to come in and out of Irish airspace, and indeed in and out of Irish homes, without having to restrict his movements.”

With a population of about 5 million, Ireland has managed to keep a tighter lid on its COVID-19 epidemic than many other European countries, blaming a total of around 2,000 deaths on the disease to date.

In line with most of its European neighbors, Ireland’s government currently “advises against all non-essential overseas travel to and from Ireland,” and anyone who flies in from outside the European Union [the North Pole is not in the EU] is “requested to restrict their movements for 14 days.”

IRELAND SCHOOLS OPEN INFECTIONS STILL LOW

Irish schools were closed during the first wave of the pandemic but they reopened for the autumn term. Infection rates have remained low, with schools relying on tracing of suspected cases and close contacts to make individual students revert to home learning for two-week isolation periods as necessary, largely avoiding whole-school closures.

But while Ireland’s kids, like their contemporaries around the world, have had ample time this year to familiarize themselves with the creaks and cracks of their homes’ floorboards, Coveney warned them not to go creeping around in the wee hours of Christmas morning.

With his advanced age and weakness for cookies, Santa Claus is, after all, in a high-risk group.

“I am assured that children should not stay up at night, because he does need to social distance,” said the foreign minister. “So people need to keep at least 2 meters away at all stages to make sure that we keep him safe, and indeed children as well.”

“He is exempt, he is coming,” stressed the diplomat, claiming first-hand information from the North Pole. “He has confirmed that and appreciates the fact that Ireland has ensured that in a very, very different Christmas in 2020, the visit of Santa Claus will be something that will remain consistent.”

Coveney did not say whether Santa would be required to wear a mask on his house calls.

DAWG SAYS: NO GRINCHES IN IRELAND I SEE. GOOD FOR THE KIDS TO SEE SOME NORMALCY

NOR CAL ADVENTURES

NOR CAL ADVENTURES

Everyone Goes Nuts For The Hamburgers At This Nostalgic Eatery In Northern California

NOR CAL ADVENTURES

Let’s face it, there’s nothing quite as American as a juicy, filling cheeseburger. There are plenty of places in Northern California that grill up a tasty burger, but there’s only one place like this Dunsmuir Classic, the Burger Barn.

The Burger Barn is a Dunsmuir tradition. It’s been around for over 40 years and is family owned and operated.


Loyal customers love them because they don’t skimp out on the toppings.
Check out this heaping of bacon… yum!

They are also an incredibly community oriented business.
Look at this nod to local military members. They also offer military discounts.

MILITARY DISCOUNTS HONORED

It’s an old fashioned burger joint that is incredibly good at what they know best: Burgers.
Hungry eaters always leave here satisfied.
It’s a meat lover’s paradise.
Check out the three patties on this hefty burger.

Vegetarians might be surprised to know these folks know how to cater to your preferences, too.
Like we said above, they don’t skimp
The french fries, onion rings, and fried asparagus are also out of this world.

And did we mention the bacon?
If you are a meat eater, there’s not much that can beat their BLT Burger. They also offer Gluten Free options in addition to their Deli Sandwiches, Fish & Chips, Veggie Burgers, Turkey Burgers, Chicken Nuggets, Corn Dogs, Onion Rings and more!
They are also known for their flavorful milkshakes, so come with an empty belly.
You definitely won’t be leaving with one!
Dunsmuir’s Burger Barn is a one of a kind place with people who are as nice as the burgers are greasy.
It’s one of the best nostalgic burger restaurants in Northern California and well worth a stop in this charming small town.

The Burger Barn is located at

5942 Dunsmuir Ave
Dunsmuir, CA 96025
You can learn more by calling (530) 235-2902 or just showing up and trying these delicious burgers for yourself.