1 00:00:01,199 --> 00:00:04,619 covering the week stop textin slight 2 00:00:04,619 --> 00:00:04,629 covering the week stop textin slight 3 00:00:04,629 --> 00:00:07,580 covering the week stop textin slight linux bias researchers have shown that a 4 00:00:07,580 --> 00:00:07,590 linux bias researchers have shown that a 5 00:00:07,590 --> 00:00:10,170 linux bias researchers have shown that a vulnerability in a decades-old microsoft 6 00:00:10,170 --> 00:00:10,180 vulnerability in a decades-old microsoft 7 00:00:10,180 --> 00:00:12,360 vulnerability in a decades-old microsoft windows component that controls printing 8 00:00:12,360 --> 00:00:12,370 windows component that controls printing 9 00:00:12,370 --> 00:00:15,090 windows component that controls printing could be abused by malicious actors to 10 00:00:15,090 --> 00:00:15,100 could be abused by malicious actors to 11 00:00:15,100 --> 00:00:17,460 could be abused by malicious actors to gain elevated privileges on the targeted 12 00:00:17,460 --> 00:00:17,470 gain elevated privileges on the targeted 13 00:00:17,470 --> 00:00:20,460 gain elevated privileges on the targeted system the flaw which they dubbed print 14 00:00:20,460 --> 00:00:20,470 system the flaw which they dubbed print 15 00:00:20,470 --> 00:00:22,770 system the flaw which they dubbed print demon resides in the print spooler and 16 00:00:22,770 --> 00:00:22,780 demon resides in the print spooler and 17 00:00:22,780 --> 00:00:23,550 demon resides in the print spooler and get this 18 00:00:23,550 --> 00:00:23,560 get this 19 00:00:23,560 --> 00:00:26,250 get this it affects all Windows versions since NT 20 00:00:26,250 --> 00:00:26,260 it affects all Windows versions since NT 21 00:00:26,260 --> 00:00:28,920 it affects all Windows versions since NT 4.0 the component has remained largely 22 00:00:28,920 --> 00:00:28,930 4.0 the component has remained largely 23 00:00:28,930 --> 00:00:30,990 4.0 the component has remained largely unchanged since even though another 24 00:00:30,990 --> 00:00:31,000 unchanged since even though another 25 00:00:31,000 --> 00:00:33,060 unchanged since even though another vulnerability affecting it was abused by 26 00:00:33,060 --> 00:00:33,070 vulnerability affecting it was abused by 27 00:00:33,070 --> 00:00:35,360 vulnerability affecting it was abused by the infamous Stuxnet a decade ago 28 00:00:35,360 --> 00:00:35,370 the infamous Stuxnet a decade ago 29 00:00:35,370 --> 00:00:38,430 the infamous Stuxnet a decade ago Microsoft said of the fix an elevation 30 00:00:38,430 --> 00:00:38,440 Microsoft said of the fix an elevation 31 00:00:38,440 --> 00:00:40,560 Microsoft said of the fix an elevation of privileged vulnerability exists when 32 00:00:40,560 --> 00:00:40,570 of privileged vulnerability exists when 33 00:00:40,570 --> 00:00:41,940 of privileged vulnerability exists when the windows print spooler service 34 00:00:41,940 --> 00:00:41,950 the windows print spooler service 35 00:00:41,950 --> 00:00:44,430 the windows print spooler service improperly allows arbitrary writing to 36 00:00:44,430 --> 00:00:44,440 improperly allows arbitrary writing to 37 00:00:44,440 --> 00:00:46,830 improperly allows arbitrary writing to the file system an attacker who 38 00:00:46,830 --> 00:00:46,840 the file system an attacker who 39 00:00:46,840 --> 00:00:48,090 the file system an attacker who successfully exploited this 40 00:00:48,090 --> 00:00:48,100 successfully exploited this 41 00:00:48,100 --> 00:00:50,220 successfully exploited this vulnerability could run arbitrary code 42 00:00:50,220 --> 00:00:50,230 vulnerability could run arbitrary code 43 00:00:50,230 --> 00:00:52,170 vulnerability could run arbitrary code with elevated system privileges an 44 00:00:52,170 --> 00:00:52,180 with elevated system privileges an 45 00:00:52,180 --> 00:00:55,110 with elevated system privileges an attacker could then install programs 46 00:00:55,110 --> 00:00:55,120 attacker could then install programs 47 00:00:55,120 --> 00:00:58,110 attacker could then install programs view change or delete data or create new 48 00:00:58,110 --> 00:00:58,120 view change or delete data or create new 49 00:00:58,120 --> 00:01:01,440 view change or delete data or create new accounts with full user rights microsoft 50 00:01:01,440 --> 00:01:01,450 accounts with full user rights microsoft 51 00:01:01,450 --> 00:01:02,729 accounts with full user rights microsoft played down the likelihood of 52 00:01:02,729 --> 00:01:02,739 played down the likelihood of 53 00:01:02,739 --> 00:01:04,709 played down the likelihood of exploitation saying that an attacker 54 00:01:04,709 --> 00:01:04,719 exploitation saying that an attacker 55 00:01:04,719 --> 00:01:06,570 exploitation saying that an attacker would need to log on to an affected 56 00:01:06,570 --> 00:01:06,580 would need to log on to an affected 57 00:01:06,580 --> 00:01:08,490 would need to log on to an affected system and use a specially written 58 00:01:08,490 --> 00:01:08,500 system and use a specially written 59 00:01:08,500 --> 00:01:11,640 system and use a specially written script or application but as we know RDP 60 00:01:11,640 --> 00:01:11,650 script or application but as we know RDP 61 00:01:11,650 --> 00:01:13,649 script or application but as we know RDP exploits are occurring in the wild with 62 00:01:13,649 --> 00:01:13,659 exploits are occurring in the wild with 63 00:01:13,659 --> 00:01:16,109 exploits are occurring in the wild with malware such as SAR whant opening a 64 00:01:16,109 --> 00:01:16,119 malware such as SAR whant opening a 65 00:01:16,119 --> 00:01:19,320 malware such as SAR whant opening a remote access to Windows systems so in 66 00:01:19,320 --> 00:01:19,330 remote access to Windows systems so in 67 00:01:19,330 --> 00:01:21,149 remote access to Windows systems so in today's connected world saying a hacker 68 00:01:21,149 --> 00:01:21,159 today's connected world saying a hacker 69 00:01:21,159 --> 00:01:23,160 today's connected world saying a hacker needs to have access to a system in 70 00:01:23,160 --> 00:01:23,170 needs to have access to a system in 71 00:01:23,170 --> 00:01:25,170 needs to have access to a system in order to exploit it is an irresponsible 72 00:01:25,170 --> 00:01:25,180 order to exploit it is an irresponsible 73 00:01:25,180 --> 00:01:27,480 order to exploit it is an irresponsible point to make which could mislead 74 00:01:27,480 --> 00:01:27,490 point to make which could mislead 75 00:01:27,490 --> 00:01:29,730 point to make which could mislead inexperienced IT departments into 76 00:01:29,730 --> 00:01:29,740 inexperienced IT departments into 77 00:01:29,740 --> 00:01:33,450 inexperienced IT departments into complacency the vulnerability can be 78 00:01:33,450 --> 00:01:33,460 complacency the vulnerability can be 79 00:01:33,460 --> 00:01:35,490 complacency the vulnerability can be abused to elevate privileges bypass 80 00:01:35,490 --> 00:01:35,500 abused to elevate privileges bypass 81 00:01:35,500 --> 00:01:37,530 abused to elevate privileges bypass endpoint detection and response rules 82 00:01:37,530 --> 00:01:37,540 endpoint detection and response rules 83 00:01:37,540 --> 00:01:40,380 endpoint detection and response rules and game persistence as part of this 84 00:01:40,380 --> 00:01:40,390 and game persistence as part of this 85 00:01:40,390 --> 00:01:42,270 and game persistence as part of this month's Patch Tuesday which plugged a 86 00:01:42,270 --> 00:01:42,280 month's Patch Tuesday which plugged a 87 00:01:42,280 --> 00:01:45,420 month's Patch Tuesday which plugged a total of 111 security holes Microsoft 88 00:01:45,420 --> 00:01:45,430 total of 111 security holes Microsoft 89 00:01:45,430 --> 00:01:47,310 total of 111 security holes Microsoft changed how the windows print spooler 90 00:01:47,310 --> 00:01:47,320 changed how the windows print spooler 91 00:01:47,320 --> 00:01:49,289 changed how the windows print spooler component writes data to the file system 92 00:01:49,289 --> 00:01:49,299 component writes data to the file system 93 00:01:49,299 --> 00:01:52,560 component writes data to the file system and it advised to download and apply the 94 00:01:52,560 --> 00:01:52,570 and it advised to download and apply the 95 00:01:52,570 --> 00:01:55,319 and it advised to download and apply the update this exploit goes to show why 96 00:01:55,319 --> 00:01:55,329 update this exploit goes to show why 97 00:01:55,329 --> 00:01:57,630 update this exploit goes to show why running a version of one of Windows that 98 00:01:57,630 --> 00:01:57,640 running a version of one of Windows that 99 00:01:57,640 --> 00:02:00,270 running a version of one of Windows that his past end-of-life is unwise the fix 100 00:02:00,270 --> 00:02:00,280 his past end-of-life is unwise the fix 101 00:02:00,280 --> 00:02:02,039 his past end-of-life is unwise the fix for this exploit will not be released to 102 00:02:02,039 --> 00:02:02,049 for this exploit will not be released to 103 00:02:02,049 --> 00:02:04,920 for this exploit will not be released to eol operating systems such as Windows XP 104 00:02:04,920 --> 00:02:04,930 eol operating systems such as Windows XP 105 00:02:04,930 --> 00:02:07,109 eol operating systems such as Windows XP or even Windows 7 which will remain 106 00:02:07,109 --> 00:02:07,119 or even Windows 7 which will remain 107 00:02:07,119 --> 00:02:10,199 or even Windows 7 which will remain vulnerable to this critical flaw perhaps 108 00:02:10,199 --> 00:02:10,209 vulnerable to this critical flaw perhaps 109 00:02:10,209 --> 00:02:11,470 vulnerable to this critical flaw perhaps this is also another 110 00:02:11,470 --> 00:02:11,480 this is also another 111 00:02:11,480 --> 00:02:13,570 this is also another sample of why is high time to consider 112 00:02:13,570 --> 00:02:13,580 sample of why is high time to consider 113 00:02:13,580 --> 00:02:27,630 sample of why is high time to consider switching to Linux 114 00:02:27,630 --> 00:02:27,640 115 00:02:27,640 --> 00:02:30,720 [Music]