[HN Gopher] Windows 0day privilege escalation still not fixed
___________________________________________________________________
Windows 0day privilege escalation still not fixed
Author : zaltekk
Score : 255 points
Date : 2020-12-23 17:09 UTC (5 hours ago)
(HTM) web link (bugs.chromium.org)
(TXT) w3m dump (bugs.chromium.org)
| [deleted]
| etiam wrote:
| It may seem pedantic, but since this vulnerability is publicly
| known since months back, and furthermore has been exploited in
| the wild (according to description in the target article), is it
| not per definition _not_ a 0day.
| kjaftaedi wrote:
| The reason it is considered a 0day is _because_ it is being
| exploited in the wild.
|
| This wasn't discovered by a security researcher looking for
| holes. This was discovered by a virus scanning company that
| realized people were actively being attacked using this method.
| saagarjha wrote:
| It _was_ a 0-day at that point. Right now it is a 90-day.
| albntomat0 wrote:
| Only to Project Zero and Microsoft.
|
| Everyone else has known about it for exactly 2 hours.
| saagarjha wrote:
| Days are counted by how long a vendor has known about a
| bug, not the general public.
| albntomat0 wrote:
| My understanding of the term is days are counted in the
| view of "the defender," which is more than Microsoft
| saagarjha wrote:
| Microsoft would always be the first to know of the
| defenders-any other defender would just tell them. It
| then makes sense to count from there, rather than have
| multiple counts for each level of people learning of the
| vulnerability.
| albntomat0 wrote:
| I think your argument makes sense when the day counts are
| close to each other. There really isn't any difference
| between a 55-day and a 57-day, nor does it make sense to
| account for some sysadmin who took a vacation day.
|
| I still think that your usage of "0-day" breaks down
| precisely in the case we're in currently, where the
| vulnerability has been exploited in the wild and
| Microsoft has known about it for some time, but there is
| not a patch available, and the general public (everyone
| who has to defend against the exploit) found out about it
| today.
| luch wrote:
| Not exactly, historically days are counted by how long
| the editor has provided a patch fixing the bug, as in
| "you[the adminsys] had X many days to apply the bugfix".
|
| 0day means no patch is available, whether the
| vulnerability is known privately/publicly or not
| saagarjha wrote:
| If you (the public) learn of the exploit at the same time
| as the vendor, then it is still a 0-day. You can
| construct a definition where it is "a zero day to you,
| the sysadmin" but that would really make it difficult to
| pick a single day to measure from. For this reason the
| most useful definition would be to measure from the
| defender with the earliest knowledge, which would be the
| vendor.
| dmix wrote:
| This seems to be a phrase that has a matter of
| perspective. I always see people trying to nail down a
| meaning but it always seems to little effect in day to
| day discourse.
|
| I'm a fan of letting context infer meaning. And letting
| certain words just naturally grow to whatever the culture
| wants it to. It's always hard to fight back against it.
|
| There's a million examples of this on the internet where
| people try to be pedantic about slang or word usage. All
| that matters is "we know what you mean". I like to assume
| enough people here know the _real_ difference zero days
| vs existing vulnerabilities are. But in practice it
| matters less.
| tinus_hn wrote:
| Not if the definition is 'a known security issue with no patch'
| qeternity wrote:
| Which it isn't...
| qeternity wrote:
| It seems that 0d has since become a synonym by some for
| unpatched exploit.
| Scuds wrote:
| It feels l33t to appropriate the terminology of a
| professional -
|
| like "We need to control the optics of the situation"
|
| "I flashed my cellphone but it failed and now it's bricked."
|
| but the unsophisticated public gets it wrong and now here we
| are, every recent unpatched exploit is now 0day
| segfaultbuserr wrote:
| > _I flashed my cellphone but it failed and now it 's
| bricked._
|
| It doesn't sound wrong to me, both "flash" and "brick" are
| correct in an appropriate context. It's not "updating the
| system" but "flashing" if the process uses some low-level
| recovery mode, and it would be "bricked" if can no longer
| be recovered by usual means.
| gruez wrote:
| Most of the time "flashing" a phone (presumably referring
| to androids) involves using the recovery, which is
| basically a stripped down version of android. In that
| sense it's not any lower level than booting off a USB
| drive to fix your computer.
| segfaultbuserr wrote:
| According to your standard: to "flash" something, at
| least you need to use the bootloader itself, or possibly
| at a lower level? Well, calling the process of uploading
| a firmware image to an embedded device during early boot
| via U-Boot as "firmware flashing" is well established, so
| we can start from here... thus, uploading a new Android
| image in _Android Recovery_ is not "flashing", but
| uploading a "recovery" image in Android bootloader is?
| Now, would you call firmware uploading via iOS's DFU mode
| "flashing" too? Or do you believe that the DFU mode is
| end-user accessible, thus not low-level enough? Then,
| would you accept that uploading the firmware to the
| baseband processor (which I believe uses its own EEPROM)
| via DFU "flashing"?
|
| I guess the definition varies, it was what I meant by "an
| appropriate context".
| gruez wrote:
| >thus, uploading a new Android image in Android Recovery
| is not "flashing", but uploading a "recovery" image in
| Android bootloader is? Now, would you call firmware
| uploading via iOS's DFU mode "flashing" too? Or do you
| believe that the DFU mode is end-user accessible, thus
| not low-level enough? Then, would you accept that
| uploading the firmware to the baseband processor (which I
| believe uses its own EEPROM) via DFU "flashing"?
|
| The difference is that the recovery is almost a full
| blown operating system. It can mount filesystems, has
| various shell utilities installed, and there's a user
| interface (through ADB and on-screen). This in contrast
| to fastboot which has noneof those things, and only
| allows you to flash/erase partitions with the help of a
| computer.
| segfaultbuserr wrote:
| Fair enough.
| d33 wrote:
| What's wrong with the second example?
| vmception wrote:
| Now using the concept of language, what distinction does that
| give you? What message does that convey to _anyone_ better?
|
| 0-day versus "publicly disclosed unpatched vulnerability"
| doesnt help anyway
| mindslight wrote:
| "0-day ... still not fixed" makes it sound like someone is
| expecting Microsoft to have created a patch for a new exploit
| with same day turnaround. And therefore what's the big deal
| that they haven't?
|
| If you want to use the "day" framing, the appropriate
| headline is "90-day exploit still not fixed". The entire
| point is that it's an old exploit that is still unpatched,
| and _not_ some new discovery.
| albntomat0 wrote:
| It was an 0-day at one point in time though. Unless you're the
| one using it, an exploit is only ever an 0-day in the past.
|
| An alternative title could include "actively used" or similar
| to maybe be more clear.
| cortesoft wrote:
| So then every exploit is a zero day?
| verroq wrote:
| They all begin as a zero day.
| tremon wrote:
| Not true, some exploits are written by examining the
| holes fixed by a vendor security patch, then writing an
| exploit to target the systems that haven't been patched
| yet. Those are not zero-day exploits.
| albntomat0 wrote:
| Every one that is initially found and used by an attacker,
| up until it is detected.
|
| The exploit was a 0-day at one point in time. Furthermore,
| I'd argue that the perspective of the one talking also
| matters. If Microsoft etc know about it, but haven't
| patched it or made anything public, it's definitely a 0-day
| if used against me, as I haven't had any opportunity to
| defend against it.
| Jare wrote:
| > 2020-12-03 Microsoft advises that due to issues identified in
| testing, the fix will now slip to January 2021.
|
| > 2020-12-08 Meeting between MSRC and Project Zero leadership to
| determine details and discuss next steps. The 14-day grace period
| is unavailable as Microsoft do not plan to patch this issue
| before Jan 6 (next patch Tuesday is Jan 12).
|
| > 2020-12-23 90 day deadline exceeded - derestricting issue.
|
| Ouch. With xmas in the middle the grace period, I could see how
| this can be considered too strict on P0's part. Then, again, the
| initial bad fix surely harmed whatever trust there was between
| the parties.
| hackcasual wrote:
| It's being actively exploited, so frankly a 14 day grace is the
| best MS can hope for
| corty wrote:
| Any grace period for actively exploited bugs is
| irresponsible. Stuff that the bad guys use needs to be public
| asap.
| ta1272814 wrote:
| Issues like these, the massive hack of US government, etc.
|
| Taken together these things feel like the death knell of Wintel.
| geofft wrote:
| Not being super familiar with Windows, is an escalation from "low
| privilege" to "medium privilege" actually concerning in practice?
|
| (e.g., this be used for something like breaking out of a Chrome
| sandbox?)
| tonyedgecombe wrote:
| The print spooler runs under the local system account so you
| effectively get admin rights over the local machine. If it's a
| terminal server then you control the server.
|
| Not sure about Chrome though.
| gruez wrote:
| https://chromium.googlesource.com/chromium/src/+/master/docs...
|
| >Integrity levels are available on Windows Vista and later
| versions. They don't define a security boundary in the strict
| sense, but they do provide a form of mandatory access control
| (MAC) and act as the basis of Microsoft's Internet Explorer
| sandbox.
|
| And yes, chrome uses it as a sandbox.
| ChrisSD wrote:
| To be clear, Chrome uses it as part of a "defense-in-depth"
| strategy, but its sandbox does not rely on it. From your
| link:
|
| > So, the integrity level is a bit redundant with the other
| measures, but it can be seen as an additional degree of
| defense-in-depth, and its use has no visible impact on
| performance or resource usage.
| zaltekk wrote:
| > In May, Kaspersky (@oct0xor) discovered CVE-2020-0986 in
| Windows splwow64 was exploited itw as a 0day. Microsoft released
| a patch in June, but that patch didnt fix the vuln. After
| reporting that bad fix in Sept under a 90day deadline, it's still
| not fixed.
|
| https://twitter.com/maddiestone/status/1341781305126612995
| sedatk wrote:
| > 2020-12-03 Microsoft advises that due to issues identified in
| testing, the fix will now slip to January 2021.
| zaltekk wrote:
| More details on the original bug:
|
| https://securelist.com/operation-powerfall-cve-2020-0986-and...
| intricatedetail wrote:
| That's why I don't use Windows for work. It's not a system for
| professionals. As usual with Microsoft - smoke and mirrors and
| money is what matters the most.
| app4soft wrote:
| This is a feature, not a bug.
| high_density wrote:
| just wondering... is there any defense normies like me can do?
| eg. turn some windows feature off?
| [deleted]
| xeeeeeeeeeeenu wrote:
| It isn't exploitable remotely, so just don't run shady
| software.
| andrewxdiamond wrote:
| Install a better OS
| colejohnson66 wrote:
| That's not a very helpful comment. Not everyone has a choice
| in what OS they use (especially if it's at work)
| corty wrote:
| At work, when windows is corporate policy, you do not need
| to care about exploits. It is literally other peoples'
| problem.
| annoyingnoob wrote:
| Its a problem for _someone_ and knowing about any
| mitigation is helpful.
| corty wrote:
| OK, yes, if you are the IT dept, you are on the hook. At
| least if you are the ones who picked windows. But maybe
| you didn't and strategically protested the directive to
| use windows that came from up above. Then again, you
| don't really have to care, not your problem...
| colejohnson66 wrote:
| _It is your problem_ because IT's job is to _prevent_
| this stuff from happening. It doesn't matter if the order
| came down from above, you need to do what you can to
| mitigate damage.
| corty wrote:
| There is a world of difference between "job" (try to do
| it properly) and "responsibility" (you are on the hook if
| things go wrong). If the order came from above and you
| pointed out the problems, it might still be your job. But
| not your responsibility.
| annoyingnoob wrote:
| You don't personally care so the rest of use should not
| care either? You think its someone else's problem, so
| hide the solution from everyone?
| corty wrote:
| You buy support contracts and software from Microsoft so
| you don't have to care. If Microsoft fails like in this
| case, you just shouldn't give them money. In all cases,
| no need to ask anyone but Microsoft for a workaround or
| other info.
| annoyingnoob wrote:
| Why even bother reading anything on this site or
| commenting here when you can always just go to the source
| or manufacturer? Obviously, you have all of the answers
| anyway. Its clear no one here has anything to offer you.
| The rest of us however find value in understanding the
| experiences of others.
| [deleted]
| high_density wrote:
| hm... do you mean linux-based? can't... Korean banks have
| activeX + other crap requirements. (they even detect VMs in
| linux)
|
| also, linux can't run apps like photoshop / adobe cc apps /
| etc
|
| as for mac... I'm waiting for a M2 macbook pro 16 inch with
| RTX 3090 graphics for about $1500...
| jjuhl wrote:
| "also, linux can't run apps like photoshop / adobe cc apps
| / etc" - seem to run pretty well under Wine most of the
| time...
| _underfl0w_ wrote:
| I haven't been able to get PS running in Wine since the
| 2017 CC release (and that required some hackery).
|
| Are you aware of a way to get recent releases working
| aside from QEMU or KVM?
| [deleted]
| TavsiE9s wrote:
| That's not a very helpful comment and highly subjective.
| Depending on their requirements and needs a different OS
| might not even be feasible.
| willcipriano wrote:
| Pihole with the right block list can prevent known malicious
| software from hitting its command and control endpoints.
|
| They can always use DOH but you can block DOH domains via the
| pinhole as well.
| uponcoffee wrote:
| It's pretty easy to hardcore IPs of doh resolvers and bypass
| pihole completely.
| acdha wrote:
| There's considerable precedent for seeding IP lists or
| using stealthy tactics (e.g. imagine how it'd be trying to
| block something which searches Google or Twitter, hits a
| random ad network).
| willcipriano wrote:
| Fair enough. On the other hand it can also prevent users
| from stumbling upon malware distribution sites by both
| blocking them directly and secondly blocking
| advertisements that often link to malware.
|
| All of this of course is part of defense in depth,
| multiple layers of incomplete protection is better than
| nothing at all.
| acdha wrote:
| Oh definitely, I'm not saying that there's _no_ benefit
| -- the key point is the distinction between something
| which you control to something you don't. DNS filtering
| is good for clients you control but it's important to
| understand that you can't force malware to use it to
| avoid accidentally thinking that you're protected against
| other threats (which I've heard various times from people
| who should know better but weren't thinking about it
| carefully in-depth at the time).
| AnIdiotOnTheNet wrote:
| Aside from using IPs directly, modern malware often uses an
| algorithm to generate domain names for C&C communication.
| Good luck trying to use a domain whitelist on the modern
| internet because web developer seem to actively fight against
| such a concept as not using every domain they possibly can.
| high_density wrote:
| isn't PiHole some kind of external firewall? that works 90%
| of the average-joe known botnets against a desktop PC, but
| it's not helpful for laptops / unknown-control endpoints. (or
| endpoints that are really good at hiding)
| benglish11 wrote:
| PiHole is a network wide ad blocker that works at the DNS
| level. Basically you route all of your network's DNS
| requests through PiHole and it blocks any domains that are
| known ad/malware domains.
| david_perason wrote:
| Why would you not just modify your hosts file on your
| machine? Do you really need a raspberry pi for this?
| duckmysick wrote:
| Sometimes you don't have access to the hosts file, like
| on an unrooted phone or a smart TV.
| tinus_hn wrote:
| No, it's a DNS server with blacklisting features. It can't
| block traffic, it can only prevent some software from
| looking up addresses.
| dspillett wrote:
| You can use PiHole or one of the many equivalents on a
| laptop or other location shifting device in a few ways:
|
| 1. Run it locally and have it configured to use a public
| name server as its source (if you run Windows/other there
| are not doubt native options that'll work this way too).
| Even if the network you connect to redirects requests to
| public DNS resolvers you'll still be going through your
| local filter. Though you'll need to set your machine to
| ignore DNS config via DHCP, and you'll have to point it at
| the local resolvers if the network simply blocks public DNS
| servers.
|
| 2. Run it in a VM or container, this would mean you can run
| PiHole specifically even if you are running Windows, and
| configure as above. Memory requirements are pretty low so
| unless you are using very low spec device it should fit.
|
| 3. If you have a hosted server (you can get a VPS big
| enough for PiHole for a few $/year) or a publicly
| addressable address at home, you can run a VPN and access
| it that way (assuming the network you are on does not block
| your VPN of choice of course). You don't have to run a VPN,
| but I'd not recommend running a publicly addressable DNS
| server. This will even work on phones depending on the OS
| there and the chosen VPN.
|
| Of course these are not viable options for a lesser techie
| user.
| [deleted]
| ffpip wrote:
| What is the point of disclosing it if it is not fixed? I
| understand it is to put pressure and likeness, but doesn't it
| cause more harm than good?
|
| Windows is very popular.
| gene91 wrote:
| It is in the public's best interest to demand timely fix
| because you never really know whether bad actors know about it.
| A demand has no teeth, therefore you have to make a threat (fix
| in 90 days, or we disclose publicly). A threat is only good if
| you have a track record of delivering on it without exceptions.
| Therefore, it isn't an option to not disclose it at 90 days.
| albntomat0 wrote:
| A while ago, responsibly disclosed bugs took an extraordinarily
| long time to be patched. Disclosure deadlines ensure things are
| patched in a responsive manner. They only work though when the
| reporter actually follows through if the deadline is missed
| (and has standing & legal projection to execute like the
| Project Zero folks).
| TheDong wrote:
| Historically, vendors often refused to allocate time to patch
| things for anywhere from months to years.
|
| Leaving vulnerabilities in products for an extended period of
| time is a problem, and adding a deadline helps to ensure that
| important security issues actually do get triaged and
| addressed.
|
| As a recent project zero blog post about their policy calls out
| (https://googleprojectzero.blogspot.com/2020/01/policy-and-
| di...) "We've seen some big improvements to how quickly vendors
| patch serious vulnerabilities, and now 97.7% of our
| vulnerability reports are fixed within our 90 day disclosure
| policy."
|
| It sounds like it's working as intended. The only way you can
| make it actually work is to make sure it has some teeth though,
| hence you have to actually disclose when you say you will.
|
| > doesn't it cause more harm than good?
|
| Microsoft is harming its users by not fixing a security
| vulnerability. In this case, it's even more clear since there's
| "in the wild" exploits. Project zero's just helping to raise
| awareness of the harm microsoft's causing.
| [deleted]
| codexon wrote:
| If you've ever try reporting vulnerabilities, you'll see that
| some companies won't ever fix the problem until it is
| widespread.
| theptip wrote:
| This is a foundational policy question in security research,
| and Project Zero gives a lot of detail on its aproach, e.g.
|
| https://googleprojectzero.blogspot.com/p/vulnerability-discl...
| https://googleprojectzero.blogspot.com/2020/01/policy-and-di...
| ffpip wrote:
| Thanks for sharing the links. I knew it was a policy, but
| never really looked more into it.
| [deleted]
| stefan_ wrote:
| I'm dumbfounded why Microsoft can't fix this, it's essentially
| just a parameter validation issue. They must have some ghoulish
| software actually relying on the broken behavior.
|
| Add to that their recklessly incompetent initial fix:
|
| https://twitter.com/maddiestone/status/1341781306766573568
| tonyedgecombe wrote:
| Perhaps they are trying to avoid breaking 3rd party code.
|
| I've spent quite a lot of time poking around in the print
| spooler and my gut feeling is it's probably riddled with issues
| like this.
| Meph504 wrote:
| I would agree I was baffled how basically windows will take
| anything from print drivers and ram it into the spooler.
| tonyedgecombe wrote:
| Also I suspect nobody wants to work on it because who wants
| to do printing.
| m-p-3 wrote:
| That must be some kind of purgatory where developers goes
| to slowly die inside.
| q3k wrote:
| I assume it's bigcorp slowness, having to roll up all updates
| into patch batches, following release schedules, testing
| against all release trains, going through QA, etc. No
| accelerated way to push critical, but trivial software fixes.
| Retric wrote:
| Microsoft has patched issues fairly quickly in the past. This
| may be a "critical" issue, but I think they have even higher
| internal classifications which this doesn't qualify for.
| the8472 wrote:
| MS can and does issue out of schedule patches every now and
| then. This presumably doesn't meet the bar since it only is a
| local privesc.
| foepys wrote:
| Last year they pushed some "simple" fixes fast and broke
| quite a few older VB applications. That was quite a fun day
| at my office when some customers couldn't work anymore...
| dmix wrote:
| This is interesting do you have more details you could
| share or point to a link?
| qz2 wrote:
| Alt+tab has been thoroughly broken on Windows 10 20H2 for over
| two months now. It randomly switches between the second and
| third window. No fix in customer facing versions yet either.
|
| They are slow and incompetent.
| FartyMcFarter wrote:
| This may explain it:
|
| https://www.wsj.com/articles/microsoft-diminishes-windows-
| ro...
|
| > The company is breaking Windows in pieces. The platform
| technology, on which Microsoft's partners build their own
| devices, apps and services, will now fall under Scott
| Guthrie, who runs the Azure business. Mr. Guthrie's unit,
| called Cloud + AI Platform, will also include the company's
| mixed-reality business, including Microsoft's Hololens
| device, as well as its artificial-intelligence business.
|
| Maybe someone with insider knowledge will comment, but it
| looks like Windows is far from being a priority for
| Microsoft.
| dmix wrote:
| Man I still can't believe Azure is number 2 behind Amazon
| for cloud computing. When they first started their
| marketing push to developers years ago, which I remember
| was very aggressive and full of evangelism marketing which
| I disliked, I kind of blew them off as some mid tier or old
| school oddity.
|
| But it really shows you how powerful their enterprise sales
| machine is and the legacy reach of existing programming
| languages/frameworks.
|
| It's always easy to underestimate Microsoft I guess. Ditto
| with Oracle and the like. From our view down in the startup
| world.
|
| That said. Alt-tab not working is an embarrassment though.
| And I hope they really haven't let their OS QA slip this
| badly in favour of some growth area or whatever.
| Quarrelsome wrote:
| They still have a big .NET following and they make it
| easier to use Azure via their toolsets. I feel like it
| was mildly obvious that they'd do okay.
| 411111111111111 wrote:
| They're including managed services like office 365 in
| that number though.
|
| Might be fair because aws includes their services as
| well, but I'm pretty sure aws main income is from ec2,
| while azure is business tooling like active directory,
| office etc
| semi-extrinsic wrote:
| And they seem to be pushing customers very hard on moving
| from on-prem to cloud for Office and email stuff. I don't
| know if they're subsidising the cloud services for now,
| or what.
| plif wrote:
| Microsoft is also mostly purely tech. Amazon and Google
| (Alphabet) are more pervasive and threatening to other
| industries.
|
| For that reason, I'm not surprised. I've seen the
| decision come down to not wanting to give money to the
| other two many times. MS is in a great position there.
| thekyle wrote:
| I may be wrong but I don't believe Microsoft even has a
| dedicated Windows division any more.
| radicaldreamer wrote:
| Well that and they got rid of their QA and test engineers
| so nothing is caught before it's sent out... you just
| can't rely on free beta testers for everything.
| jodrellblank wrote:
| > You just can't rely on free beta testers for
| everything.
|
| Linux distros seem to manage pretty well...?
|
| Or is this "it's only bad if Microsoft do it"?
| 9HZZRfNlpR wrote:
| If I'm paying for it, which I do hell no. O also use
| Linux but I don't ost for it, and it's hobbyist / power
| user os and I can actually fix things there unlike
| windows.
| _jal wrote:
| We pay RH rather a lot of money for the excellent testing
| and integration they do. (And alt-tab works, if you want
| it to.)
|
| Or if you're trying to limit this to individual use, I'll
| grant you equivalence once Microsoft stops charging their
| beta testers and offers them the source.
| ehvatum wrote:
| That's an interesting point. Which for-profit Linux
| distro is using you as an unpaid beta tester for their
| closed-source code?
| gralx wrote:
| Fair point. But 90% of Linux submissions are corporate,
| last I checked. Corporations (usually) do a lot of
| internal testing before submitting, and then maintainers
| have to review submissions. This is long before the
| public ("beta testers") has to deal with any bugs.
|
| And that's only the kernel. Distributions and their
| package maintainers have their own quality controls, as
| do cross-distribution upstream developers. Public bug
| trackers (beta testers) are a complement to these. The
| division of labour in quality control of Linux systems is
| fine, diverse, and of variable effectiveness before beta
| testers come into the picture.
| withinrafael wrote:
| Yep. For those that are seeking a temporary remedy, open
| Registry Editor, navigate to HKEY_CURRENT_USER\Software\Micro
| soft\Windows\CurrentVersion\Explorer, create/modify REG_DWORD
| value named AltTabSettings and set its value to 1. Restart
| your PC (restarting the Shell alone is possible but will
| currently introduce more bugs).
| tubs wrote:
| Oh god I thought I was the only one who had noticed this...
| it drives me mad every single day.
| millzlane wrote:
| I rely heavily on alt+tab. I haven't noticed this. Can you
| explain a bit more?
| bzb6 wrote:
| I think it only happens if you use Edge
| cheschire wrote:
| It does exactly as described. Sometimes it will shift to
| the second window as intended. Often it will skip to the
| third window open instead, requiring one to continue
| cycling back to the second window.
| nkrisc wrote:
| You can Alt+Shift+Tab to go in reverse direction.
| gralx wrote:
| Or just release Tab while keeping Alt depressed and
| navigate the thumbnails with the arrow keys.
| sedatk wrote:
| > 2020-12-03 Microsoft advises that due to issues identified in
| testing, the fix will now slip to January 2021.
___________________________________________________________________
(page generated 2020-12-23 23:00 UTC)