Page 1 of 3

Every version of Windows hit by 'critical' security vulnerability

Posted: Wed Feb 10, 2016 10:13 am
by burger2227
Every version of Windows hit by 'critical' security vulnerability
The serious vulnerability (MS16-013) could allow an attacker to run arbitrary code as the logged-in user. Administrator accounts are at the greatest risk. An attacker would have to trick a user into opening a specially-crafted Journal file, which would let the attacker run programs, delete data, and create new accounts with full user rights.
I don't even have FULL USER RIGHTS in Windows 10 and I'm the only one using my computers!

Image
Security updates available for Adobe Flash Player

Temporary loss of WIFI with install of Cumulative Update for Windows 10 Version 1511 (KB3135173).

Microsoft finally supplies fix information about Updates

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Thu Feb 11, 2016 10:31 am
by burger2227
How to find the version of Flash Player used by the Chrome browser and Enable or Disable it:
You may have disabled Flash Player in Chrome. To re-enable it:

Type about:plugins into the address bar at the top of a Chrome browser window.

Click Details at the upper-right corner of the page.

Find the Flash (or Shockwave Flash) listing on the Plug-ins page and click the corresponding Enable button.

Close all Chrome windows and restart the browser.
Adobe Flash Player - Version: 20.0.0.306 is the latest critical update!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Feb 12, 2016 7:28 am
by burger2227
Older versions of Internet Explorer are now at risk
Of the 13 vulnerabilities patched by MS16-009, nine affected every version of IE that is still supported, including IE9 on Windows Vista and IE10 on Windows Server 2012. Because different versions of Microsoft's browser share large amounts of code -- that was one of the primary reasons the Redmond, Wash. company has dead-ended IE and started over with Edge -- it's almost certain that the nine vulnerabilities also exist in IE7 and IE8, and in IE9 and IE10 on Windows editions ineligible for patching.

In other words, more than two-thirds of the vulnerabilities patched by Microsoft on Tuesday probably exist in the retired IE versions.
I will be checking my XP computer today to see if the Chrome browser's Flash is updated...

Adobe Flash Player - Version: 20.0.0.286 found in Chrome browser at startup

Here is what the XP PC had listed:
Image
Click the Product Updates in the More Information box for updates.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Feb 12, 2016 9:11 am
by burger2227
Clicking on the Product Update link listed took me to this page saying that Chrome would update itself:
Image
I clicked on the link for a Different OS and was able to download an update for XP, Vista and Win 7

Also found an update for IE Active X and Chromium listed. I downloaded both:
Image
The Chromium version must affect Chrome as it wanted to close it.

Both now display the proper updated Version: 20.0.0.306!
Image
I kept both new versions for now as there are no conflicts. Never know...

Chrome browser Plugins version remains 20.0.0.286 so far:
Image

By the time I was done updating, Windows Update had a new IE POS update ready with 13 others:
Image
We shall never know if that could have fixed the problem! But at least we can update ourselves in XP.

What's with the extra download of McAfee Security Scan?

How to keep XP and IE Updated with POS hack

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Feb 12, 2016 10:39 am
by burger2227
A reboot brought the XP Chrome Plugins up to snuff:
Image
Not sure how much was necessary to do on my part.

If you have an XP, just get the POS Updates and you should be fine!

Chrome browser will automatically update the Adobe Flash Plugin on reboot!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Tue Feb 16, 2016 4:59 pm
by burger2227
Windows 7 desktop won't update

Just found one optional update for Skype since last updated December 16th, 2 months ago:
Image
Ran the Windows Update Diagnostic program which fixed 3 things, but Updates still not coming.

Belarc Advisor found 20 missing updates:
Image

Troubleshooting in Control Panel led me to M$ Fix It:
Image
It installs first and then runs for a while trying to fix things.

Fix It first creates a restore point. It just sat there until i found a hidden allow prompt box:
Image
Note that a prompt may come up to Allow the creation of the restore point.

The program just ends without saying much of anything!
Image

Update continued to scan without finding anything! So I went back and tried Troubleshooting:
Image
This Fix scanned a bit and then started looking for updates too. Ran for 3 hours!

Finally I closed the Troubleshooter and tried Update again. Found 24 updates:
Image

Here's the list of them with one optional update for Silverlight:
Image

Downloading the updates is taking FOREVER! 55% so far after 2 boots...

Noticed an unchecked one so I added it and went from 80% to 0!
Got so mad I rebooted, it FAILED to install one update and then resumed at 95%

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Tue Feb 16, 2016 7:40 pm
by burger2227
After a few hours of starting, stopping updates and rebooting WUDiagnostic says:
Image
This time diagnosis took 20 minutes! Last two updates refuse to install!

On a good note...
Chrome browser will automatically update the Adobe Flash Plugin on reboot!
Image
Note that XP Chrome updates will stop in April 2016!. Manual updates possible?...

Fix Microsoft Windows Update Issues

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Wed Feb 17, 2016 5:49 am
by burger2227
How do I reset Windows Update components?

Manually reset Windows XP, Vista or 7 Update components
The following process is TEDIOUS if not RIDICULOUS so you may want to COPY the bold commands to the command window!
Right click the command window header and select Edit and Paste after copying each command below. Verify paste and press Enter.
I have also shown my Windows 7 results after each command below in parenthesis. Results may vary, not all may succeed!
Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To reset the Windows Update components, follow these steps:
Step 1) Open a command prompt. To do this, use one of the following methods, depending on your version of Windows:
Windows 8.1 and Windows 8: From the Start screen, swipe in from the right side to display the charms, select Search, and then search for cmd. (Or, if you are using a keyboard and mouse, type cmd at the Start screen.) In the search results, press-and-hold or right-click Command Prompt, and then select Run as Administrator.
Windows 7 and earlier versions: Press the Windows logo key + R, type cmd in the Run box, and then press Enter. Right-click cmd, and then select Run as Administrator.

Step 2: Stop the BITS service, the Windows Update service, and the Cryptographic service. To do this, at a command prompt, type the following commands. Make sure that you press Enter after you type each command.
net stop bits (verifies successfully stopped)
net stop wuauserv (verifies successfully stopped)
net stop appidsvc (no verification)
net stop cryptsvc (verifies successfully stopped)

Step 3: Delete the qmgr*.dat files. To do this, at a command prompt, type the following command, and then press Enter:
Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" (quotes required-no verification)

Step 4: SKIP THIS STEP IF IT IS YOUR FIRST ATTEMPT TO FIX WINDOWS UPDATE! This step removes update history!
If this is your first attempt at resolving your Windows Update issues by following the steps in this article, you should skip step 4 and go to step 5. You should follow step 4 at this point in the troubleshooting only if you cannot resolve your Windows Update issues after you follow all steps except step 4. (Step 4 is performed by the "Aggressive" mode of the Fix it Solution that was mentioned earlier.)
Rename the softare distribution folders backup copies. To do this, at a command prompt, type the following commands. Make sure that you press Enter after you type each command. Expect no verifications! May indicate file or folder not found if typo.

Ren %systemroot%\SoftwareDistribution SoftwareDistribution.bak (success if no error)
Ren %systemroot%\system32\catroot2 catroot2.bak (success if no error)

Step 5: Reset the BITS service and the Windows Update service to the default security descriptor. To do this, at a command prompt, type the following commands. Make sure that you press Enter after you type each command.

sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

Step 6: At a command prompt, type the following command, and then press Enter. Prompt should now display Windows\System32:
cd /d %windir%\system32

Step 6: Reregister the BITS files and the Windows Update files. To do this, at a command prompt, type the following commands. Make sure that you press Enter after you type each command.
regsvr32.exe atl.dll (verified success)
regsvr32.exe urlmon.dll (verified success)
regsvr32.exe mshtml.dll (not found)
regsvr32.exe shdocvw.dll (not found)
regsvr32.exe browseui.dll (not found)
regsvr32.exe jscript.dll (verified success)
regsvr32.exe vbscript.dll (verified success)
regsvr32.exe scrrun.dll (verified success)
regsvr32.exe msxml.dll (not found)
regsvr32.exe msxml3.dll (verified success)
regsvr32.exe msxml6.dll (verified success)
regsvr32.exe actxprxy.dll (verified success)
regsvr32.exe softpub.dll (verified success)
regsvr32.exe wintrust.dll (verified success)
regsvr32.exe dssenh.dll (verified success)
regsvr32.exe rsaenh.dll (verified success)
regsvr32.exe gpkcsp.dll (failed to load)
regsvr32.exe sccbase.dll (failed to load)
regsvr32.exe slbcsp.dll (failed to load)
regsvr32.exe cryptdlg.dll (verified success)
regsvr32.exe oleaut32.dll (verified success)
regsvr32.exe ole32.dll (verified success)
regsvr32.exe shell32.dll (verified success)
regsvr32.exe initpki.dll (failed to load)
regsvr32.exe wuapi.dll (verified success)
regsvr32.exe wuaueng.dll (verified success)
regsvr32.exe wuaueng1.dll (failed to load)
regsvr32.exe wucltui.dll (failed to load)
regsvr32.exe wups.dll (verified success)
regsvr32.exe wups2.dll (verified success)
regsvr32.exe wuweb.dll (failed to load)
regsvr32.exe qmgr.dll (not found)
regsvr32.exe qmgrprxy.dll (verified success)
regsvr32.exe wucltux.dll (verified success)
regsvr32.exe muweb.dll (failed to load)
regsvr32.exe wuwebv.dll (verified success)

Step 7: Reset Winsock. To do this, at a command prompt, type the following command, and then press Enter:
netsh winsock reset (verified success)

Step 8:
ONLY If you are running Windows XP, you have to configure the proxy settings. To do this, at a command prompt, type the following command, and then press Enter:
proxycfg.exe -d

If you are running other versions of Windows, at a command prompt, type the following command, and then press Enter:
netsh winhttp reset proxy (verified Direct Access)

Step 9: Restart the BITS service, the Windows Update service, and the Cryptographic service. To do this, at a command prompt, type the following commands. Make sure that you press Enter after you type each command.
net start bits (verified start of service)
net start wuauserv (verified success)
net start appidsvc (WAIT for verification of start!)
net start cryptsvc (already started)

Windows Vista only: Clear the BITS queue. To do this, at a command prompt, type the following command, and then press Enter:
bitsadmin.exe /reset /allusers

Step 10: Install the latest Windows Update Agent. Select Windows version. x86 is 32 bit and x64 is 64 bit

Restart the computer.
NOTE: On a SECOND TRY I would just try Steps 1, 2, 4, 9 and 10 as recently posted at M$ Support for Win 10.

After a reboot, Windows Update found 10 updates and installed them all in less than a half hour!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Wed Feb 17, 2016 7:10 am
by burger2227
Two more reboots and SIX more updates. Now everything is good!

Belarc Advisor listed Adobe Flash and Adobe Reader as security concerns.
This PC did not even have Flash as it is a Plugin in Chrome and that was up to date.

Adobe Reader just required updating from the Help menu. Installed Adobe Flash for IE ActiveX...

Now on to the POSReady XP drive on the same PC!

First I got XP updates and then tried to update Java using Internet Explorer as Java won't use Chrome:
Image
Java was downloaded and installed with a few clicks and then it wanted to remove the old version:
Image

After a reboot I found Abobe Flash Active X version to be up to date thanks to the POS updates:
Image
How to keep XP and IE Updated with POS hack

Not sure what to do in April when Chrome is no longer updated in XP...
Updates for Adobe Flash PPAPI may do the trick for Chrome that way.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Thu Feb 18, 2016 10:09 am
by burger2227
How to check which version of the Windows Update Agent is installed

Open the %systemroot%\system32 folder. %systemroot% is the folder in which Windows is installed. For example, the %systemroot% folder is normally C:\Windows unless you have two OS's on one machine.
Right-click Wuaueng.dll, and then click Properties.
Click the Details tab, and then locate the file version number.

Note The latest version of the Windows Update Agent for Windows 8.1 is 7.9.9600.16422.
The latest version of the Windows Update Agent for Windows 8 is 7.8.9200.16693.
The latest version of the Update Agent for Windows 7, Windows Vista, and Windows XP is 7.6.7600.256.
No information on Windows Update Agent for Windows 10, not even from Support:
Image

I have not tested the script tool below!
Download ResetWUEng.cmd script tool for Windows XP, Vista, 7, 8, 8.1, Windows 10 and 10 Insider Preview:

Script to Reset Windows Update Agent (Back up Registry first! Run as Administrator!)

This tool is provided without warranty. Any damage caused is your own responsibility!
This tool renames folders and files as .BAK that will remove current Update history and edits Registry!
Perhaps the code lines for that REName part could be commented out. Similar to manual steps listed above.

Tool not verified on Windows 2000, Windows Server 2012, Server 2008 R2, Server 2008 or Server 2003

To back up Registry: Windows key + R, in Run box type in regedit and hit Enter.
In File menu Export to file with date in name. Default export folder is C:\Windows\system32

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Thu Feb 18, 2016 2:52 pm
by burger2227
How to Remove the “Get Windows 10” Icon from Your System Tray

My Get Windows 10 icon quit working in Win 7. It used to come up and say I needed a driver update.

Should only affect Windows 7 or 8.1. Will test out the GWX Control Panel application on it soon!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Sat Apr 09, 2016 1:24 pm
by burger2227
Adobe Flash and Java need new updates!

Chrome and Edge browsers now update themselves with internal versions of Flash.
Chrome users may have to check Settings Help About to update immediately.
If 64 bit users find that About does not say 64 bit after version then get the 64 bit version at Chrome.

Java has new updates too. Avoid the take over exploits!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Apr 11, 2016 6:42 am
by burger2227
Another month, another Flash vulnerability … Adobe issues emergency update

The article has a link which tells me that Chrome updates itself, but I have another version of PPAPI installed:
Image
Chrome has Version 21.0.0.216 and Uninstall Programs lists PPAPI Version 21.0.0.213

Using the link below, I can try to update the separate PPAPI program, but it says Chrome needs closed:
Image
Flash updates for other versions of browsers

So I try removing the program in Uninstall and still Chrome cannot be closed enough:
Image

Even rebooted and tried update and removal without ever using Chrome.

Apparently 21 is the valid safe version...

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Apr 18, 2016 9:29 am
by burger2227
Uninstall QuickTime for Windows now!
Apple has failed to warn its customers, but Trend Micro's Zero Day Initiative issued a call to action and last night the US-CERT team confirmed: If you have QuickTime on your Windows system, uninstall it now.

Many people picked up QuickTime when it was a required component of iTunes for Windows. That's no longer the case -- iTunes now works fine without QuickTime. While opinions on iTunes vary (I can hardly mention it without hyperventilating), there's no ambiguity about QuickTime. Uninstall it now.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Jun 20, 2016 9:45 am
by burger2227
Official Adobe Flash uninstallers were a security hazard
The vulnerability was discovered by security researcher Stefan Kanthak and its progress with Adobe reported via Seclists. According to Kanthak the executable uninstallers prior to versions 22.0.0.192 and 18.0.0.360, which were both released on the 15th of June, were vulnerable to DLL hijacking, since they load and run Windows system DLLs from the Flash application directory instead of the more heavily protected Windows system directory.

The Adobe Flash uninstallers (which have now been patched) are executed with the requirement for administrator privileges, and once granted, the escalation is accomplished. The vulnerability was present in both the 32-bit and 64-bit versions of the Adobe uninstaller.

Finally Adobe released another revised patch on Wednesday, and this has resolved the issue, according to the report.
Revised patch

The above link will send you to a page with current version displayed. Chrome version listed below:
Image
Browsers may require other means to disable or uninstall Flash.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Wed Jul 13, 2016 6:21 am
by burger2227
Every version of Windows hit by "critical" security flaw
Microsoft has patched a security vulnerability found in every supported version of Windows, which if exploited could allow an attacker to take over a system.

The software giant said in a bulletin posted Tuesday as part of its monthly release of security fixes that the the "critical" flaw could let an attacker remotely install malware, which can be used to modify or delete data, or create new accounts with full user rights.

The "critical"-rated flaw affects Windows Vista and later -- including Windows Server 2008 and later.

Those who are logged in as an administrator, such as some home accounts and server users, are at the greatest risk.
IE: UPDATE WINDOWS!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Jul 25, 2016 7:13 am
by burger2227
Download Update for Adobe Air for Windows if installed!
Security update available for Adobe AIR
Release date: June 16, 2016

Vulnerability identifier: APSB16-23

Priority: 3

CVE number: CVE-2016-4126

Platform: Windows

Summary
Adobe has released a security update for Adobe AIR for Windows. This update addresses a vulnerability in the directory search path used by the AIR installer that could potentially allow an attacker to take control of the affected system.

Affected Versions
Product Affected Versions Platform
Adobe AIR Desktop Runtime 21.0.0.215 and earlier Windows
To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote.
Missing Adobe Air critical updates are noted by Belarc Advisor.
The installer will update Windows with the latest Adobe Air version.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Wed Aug 03, 2016 7:57 am
by burger2227
Windows attack originally found in 1997 can steal your logged-in username and password
The flaw is widely-known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.
This vulnerability MUST be fixed SOON!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Thu Aug 04, 2016 6:32 am
by burger2227
Almost half of U.S. businesses hit by ransom-ware, study says
U.S. businesses victimized by the malware generally didn’t suffer a heavy toll, and only 6 percent of them reported losing revenue. In most cases, the malicious code only affected personal files.

The survey also looked at how the ransomware was affecting these enterprises, and found that generally the malware had been designed to affect desktop PCs or laptops. The infection often came through links and attachments inside emails, or from a website or web application.

The response of companies to the threat varied across countries. In the United States, only 3 percent of the businesses hit by the ransomware decided to pay the hackers.

That’s a big difference from the Canadian businesses surveyed, of which 75 percent said they agreed to pay the ransom.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Wed Oct 19, 2016 7:11 am
by burger2227
Windows Essentials will no longer be supported after January 10, 2017
Microsoft is also pointing users of the Windows Essentials applications to the built-in Mail, Photos, One Drive, and Family Safety features in Windows 8.1 and above. As an added bonus, (and as we previously reported,) the company also hints in the support page that Windows Movie maker will soon be available from the Windows Store for Windows 10 users:
Get Windows Essentials Offline Installer Before the End of Support Date
A word of caution, though. Although you can use the program after the end of support date, Microsoft won’t supply security updates to the Windows Essentials software suite. There are chances that this suite will leave your system vulnerable at some point of time.