ylai@lemmy.ml to Technology@lemmy.worldEnglish · 8 months agoMicrosoft waited 6 months to patch actively exploited admin-to-kernel vulnerabilitywww.theregister.comexternal-linkmessage-square16fedilinkarrow-up1355arrow-down17cross-posted to: cybersecurity@infosec.pub
arrow-up1348arrow-down1external-linkMicrosoft waited 6 months to patch actively exploited admin-to-kernel vulnerabilitywww.theregister.comylai@lemmy.ml to Technology@lemmy.worldEnglish · 8 months agomessage-square16fedilinkcross-posted to: cybersecurity@infosec.pub
minus-squareKevin@programming.devlinkfedilinkEnglisharrow-up2·8 months agoThe firmware has to allow it, so if you’ve got physical access to the machine that’s possible. Remote access root, on the other hand, can’t tell the firmware to register new keys as long as it’s configured correctly
So why can’t root add new keys?
The firmware has to allow it, so if you’ve got physical access to the machine that’s possible. Remote access root, on the other hand, can’t tell the firmware to register new keys as long as it’s configured correctly