news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

NT OS Kernel Information Disclosure Vulnerability

https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

46•voidsec•2h ago

Comments

Jare•1h ago

I went to check when the bug had been patched, and was left wanting. I however lack the expertise to really appreciate how much danger exists in practice, or for whom. I just know I do have Win11 24H2 and "This leak primitive is particularly useful for Windows versions 24H2 or later"

Ethee•46m ago

If you follow the CVE link included: https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

It would seem this was patched in the Aug 12 security patch rollout.

MattSteelblade•40m ago

This type of exploit is useful as part of a chain of exploits; it defeats a defense-in-depth protection.

twoodfin•21m ago

Specifically, it leaks a kernel address inside a security-sensitive structure, which is supposed to be unpredictable / unknowable because the layout of kernel memory is randomized.

If you have another exploit that will write bytes under the attacker’s control to an attacker-supplied kernel address, you will be able to do the Windows equivalent of escalate to root.

KyleBerezin•40m ago

I find myself thinking "wow, what an obvious bug. How did Microsoft not catch that?" but then I think back to some of my own extremely obvious bugs. Thankfully my code is much lower impact.

btreecat•29m ago

I still think of the lessons learned from a root traverse bug I accidentally coded into one of our internal apps as a jr dev.

You could change the URL of the image, and get any file off the system to download as long as the service account had read access.

Invaluable XP, and really glad everything was behind AD authentication and internal users were trustworthy enough and operating in a network isolated context.

lysace•24m ago

Random: Perhaps that full source code leak in 2004 actually helped harden the kernel, long term?

https://betanews.com/2004/02/13/windows-source-leak-traces-b...

Bosses can reject applicants who support rival football team to existing staff

https://www.theguardian.com/law/2025/sep/10/bosses-can-reject-applicants-who-support-rival-footba...

1•speckx•30s ago•0 comments

Tesla, Ford and VW: China, maintaining autonomous cars, & a new Mode T moment

https://blog.tryresearchly.com/articles/tesla-ford-vw-earnings-calls

1•leo_researchly•52s ago•1 comments

Ask HN: Product vs. Platform, which has better job security?

1•meter•1m ago•0 comments

Taiwan increases defensive patrols around 24 undersea cables

https://www.tomshardware.com/networking/taiwan-increases-undersea-cable-protection-patrols-closel...

1•giuliomagnifico•3m ago•0 comments

Show HN: Real-time texture compression in Three.js

https://www.ludicon.com/castano/blog/2025/09/three-js-spark-js/

1•castano-ludicon•7m ago•0 comments

Canada's new Minister of AI must not be naive to its harms

https://www.theglobeandmail.com/opinion/article-canadas-new-minister-of-ai-must-not-be-naive-to-i...

2•gnabgib•7m ago•0 comments

Memes Can Be Good for Business

https://www.bloomberg.com/opinion/newsletters/2025-09-11/memes-can-be-good-for-business

1•ioblomov•7m ago•1 comments

Show HN: Fast Isolated Postgres DB for Spring Boot Integration Tests

https://github.com/misirio/dbsandboxer

1•misirio•10m ago•0 comments

Show HN: ScamBare Text Checker

https://www.scambare.com/

2•sbworker•13m ago•0 comments

GCC Rust Compiler Continues Quest to Compile the Linux Kernel Crate

https://www.phoronix.com/news/gccrs-August-2025

2•kPwn•15m ago•0 comments

Show HN: PreSub – A tool to help researchers prepare anonymous submissions

https://gigacore.github.io/PreSub/

1•Gigacore•15m ago•0 comments

Show HN: The world's first bilingual job board

https://bilingualjobs.io

1•florianwueest•16m ago•0 comments

HN this is completely random

1•Forgret•19m ago•0 comments

Ask HN: Any learnings from launching on Product Hunt?

2•mightymosquito•19m ago•0 comments

Mathematical research with GPT-5: a Malliavin-Stein experiment

https://arxiv.org/abs/2509.03065

3•FergusArgyll•20m ago•0 comments

Fire: Violence must never be a response to speech

https://www.thefire.org/news/violence-must-never-be-response-speech

4•SilverElfin•23m ago•2 comments

FakeIt: C++ Mocking Made Easy

https://github.com/eranpeer/FakeIt

3•klaussilveira•23m ago•0 comments

A framework for pricing AI products

https://stripe.com/blog/a-framework-for-pricing-ai-products

1•emschwartz•24m ago•0 comments

13 reasons SQL has got to go

https://www.infoworld.com/article/2335455/13-reasons-sql-has-got-to-go.html

1•lr0•24m ago•0 comments

Show HN: Kafkatop, top-like CLI for Kafka

https://github.com/sivann/kafkatop

1•sivann•24m ago•0 comments

4-Bit Single Board Computer Based on the Intel 4004 Microprocessor

https://hackaday.com/2025/09/11/4-bit-single-board-computer-based-on-the-intel-4004-microprocessor/

2•renehsz•25m ago•0 comments

Rust Support Now in Beta

https://socket.dev/blog/rust-support-now-in-beta

2•feross•27m ago•0 comments

Show HN: Testing Masterclass

https://sonoflilit.github.io/testing/

1•SonOfLilit•28m ago•0 comments

Why the magic mushroom anti-aging claims are overblown

https://medicalxpress.com/news/2025-08-magic-mushroom-anti-aging-overblown.html

2•PaulHoule•29m ago•0 comments

Show HN: Journal – A minimalist journaling app with emotion tracking

https://www.paperly.id/

1•hogypitersan•29m ago•0 comments

Image-GS: Content-Adaptive Image Representation via 2D Gaussians

https://github.com/NYU-ICL/image-gs

1•xnx•31m ago•0 comments

Show HN: Story to Manga – Paste a story, get a manga

https://www.storytomanga.com/

4•xtrkil•31m ago•0 comments

Bluesky Issues Warning to Any Users Celebrating Charlie Kirk Assassination

https://www.newsweek.com/bluesky-chariie-kirk-assassination-warning-2128023

6•SilverElfin•32m ago•7 comments

Small Businesses Face a New Threat: Pay Up or Be Flooded with Bad Reviews

https://www.nytimes.com/2025/09/11/technology/fake-reviews-small-businesses.html

5•mitchbob•32m ago•6 comments

Linux 6.18 Will Further Complicate Non-GPL Out-of-Tree File-Systems

https://www.phoronix.com/news/Linux-6.18-write-cache-pages

4•my123•33m ago•0 comments