0-Day Vulnerability to be Discovered in Windows

As reported,  privilege escalation exploit, for which no cure exists, is on the GitHub now
29 August 2018   427

In Windows, a 0-day vulnerability has been discovered that allows malicious users to gain system-level rights. The problem was reported by a Twitter user with the SandboxEscaper nickname. The exploit's PoC code is available on the GitHub.

The problem lies in the Windows task scheduler. When processing the ALPC tool, it becomes possible to obtain privileges at the SYSTEM level. It can be used by attackers to enhance the capabilities of malware.

According to the head of the coordination center CERT Will Dormann, the vulnerability remains urgent. The performance of the PoC code was tested on 64-bit Windows 10 with the latest updates. You can raise the user's rights to the SYSTEM level.

In response to a letter from The Register, a Microsoft representative announced that they were aware of the problem. The company promised to release an update fixing the vulnerability.

Unity 2018.3 to be Now Available

Unity 2018.3 by default uses the .NET 4.x Scripting Runtime
14 December 2018   98

Game engine Unity 2018.3 is represented, in which users are waiting for:

  • new opportunities in working with prefabs - a special type of assets, in which several objects are stored;
  • Improved SRP (Scriptable Render Pipeline) rendering pipeline;
  • Unity landscape system update;
  • New Script Runtime .NET 4.x;
  • preview version of visual effect graph.

Prefab Variants - allows you to create a variation of the prefab, adopting objects and properties of the parent resource, but not affecting it. Changes in the child prefab will not affect the original, but editing the source will affect the child.

Prefab Nesting - allows you to organize prefabs by investing smaller ones into larger ones. For example, prefabs of rooms can be enclosed in a prefab of a building, and prefabs of furniture and decorative elements can be enclosed in prefabs of rooms.

Prefab Mode - a function for editing a prefab in an isolated space.

Unity 2018.3 by default uses the .NET 4.x Scripting Runtime. Version 3.5 will be removed from one of the releases in 2019.

Projects for .NET 4.x can now use the Roslyn open source compiler.

Visual Effect Graph will build work with simple and complex node-based effects. The VEG architecture allows you to generate millions of particles on a GPU without loss of performance.

In Unity 2018.3, the Visual Effect Graph tool is available only in the preview version.