Page 2 of 3

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Tue Nov 15, 2016 9:03 am
by burger2227
How to Enable Adware or PUA Protection in Microsoft Security Essentials
In Windows 7 start the Registry Editor (regedit.exe) and go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware

Create a DWORD value named PUAProtection and set its data to 1.

Exit the Registry Editor.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Dec 12, 2016 12:27 pm
by burger2227
Google is replacing Flash in Chrome once and for all
This means that unless a website has an HTML5 content player, video content will not automatically display. All Flash content will be blocked, unless users manually enable it on a site-by-site basis.

At first, permission requests will only pop up on sites that users are visiting for the first time, but by October, every site will require user permission to run Flash. One percent of users on the current version of Chrome will see this feature. Everyone should have an updated Chrome by February, when the most recent beta version goes stable.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Jan 27, 2017 1:08 pm
by burger2227
Gmail will block JavaScript file attachments starting next month
Google will soon begin blocking Javascript attachments in Gmail in an effort to protect users form malicious attacks. The ban will take effect beginning February 13 and expands upon the service’s existing list of restricted file attachments, which also includes .exe, .msc and .bat archives.

Similar to how it handles other restricted attachments, if you try to attach a .js file to an email on or after the 13th, you'll get a notification that says it's blocked "because its content presents a potential security issue." The service will detect .js files even if they're sent in compressed form as a .zip, for example.

If you still need to send .js files for legitimate reasons, Google suggests you use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files
Vista extended support ends 4/10/2017.

Perhaps you can get WEPOS or POSready updates like I do on XP:

See: How to keep Microsoft updating XP and IE 8

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Mar 10, 2017 11:49 am
by burger2227
Microsoft reissues its infamous snooping patches for Windows 7 and 8.1
It’s good to keep Windows up to date, as it ensures you’re safe from the latest security threats, and you might benefit from other improvements. However, you shouldn’t always blindly install every patch that comes along.

Case in point are the infamous snooping patches KB2952664 (for Windows 7) and KB2976978 (for Windows 8.1), which today get yet another outing.

In the past these triggered a snooping Windows task called DoScheduledTelemetryRun, and were linked to the infamous GWX (Get Windows 10) campaign that forced OS upgrades on Windows 7 and 8.1 users. Microsoft is at pains to point out there’s no GWX or upgrade functionality in the updates now, but you still shouldn’t install them.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Tue May 09, 2017 3:14 pm
by burger2227
How to check for the Intel Active Management exploit that lets hackers take over your PC
If you think you're immune from a scary exploit found in Intel's Active Management Technology just because you're a consumer, think again.

The exploit, disclosed on May 1, lets bad actors bypass authentication in Intel's remote management hardware to take over your PC. This hardware, built into enterprise-class PCs, lets IT administrators remotely manage fleets of computers—install patches and software, and even update the BIOS as though they were sitting in front of it. It is, in essence, a God-mode.
Follow the download link in the article and download guide and app for Windows 7 and 10.

Unzip and go to appropriate Windows folder and run the GUI application shown below:

Image
The console application was too fast for me to see...

My Windows XP to 10 (1511) laptop downloaded an application installer that I ran with these results:
Image
The results were not obvious to me so I followed the links for more info. LMS is listed as Not present.

LMS or Local Manageability Service may show up in Task Manager Services or Startup.
Found this way to disable LMS: Right click Start and run Command Prompt(Admin) and the following:
sc config LMS start=disabled to disable. Response may indicate service does not exist...a good thing
or:
sc delete LMS to remove. Businesses may require!
NOT LSM!!!! That is the Local System Manager.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon May 15, 2017 7:36 am
by burger2227
Microsoft reneges on update policy to push out patch for unsupported Windows XP and Windows 8 to help defend against ransomware attack
The vulnerability does not exist within Windows 10, the latest version of the software, but is present in all versions of Windows prior to that, dating back to Windows XP.

As a result of Microsoft’s first patch, users of Windows Vista, Windows 7, and Windows 8.1 can easily protect themselves against the main route of infection by running Windows Update on their systems. In fact, fully updated systems were largely protected from WanaCrypt0r even before Friday, with many of those infected having chosen to delay installing the security updates.

Users of Windows XP, Windows Server 2003 and Windows 8 can defend against the ransomware by downloading the new patch from Windows.
WCry is so mean Microsoft issues patch for 3 unsupported Windows versions
Microsoft also rolled out a signature that allows its Windows Defender antivirus engine to provide "defense-in-depth" protection. The moves came after attackers on Friday used a recently leaked attack tool developed by the National Security Agency to virally spread ransomware known as "WCry" or "WannaCrypt." Within hours, computer systems around the world were crippled, prompting hospitals to turn away patients while telecoms, banks, and companies such as FedEx were forced to turn off computers for the weekend.
How to avoid the WannaCrypt virus if you run Windows on a Mac

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri May 26, 2017 9:14 am
by burger2227
Wanawiki is the WannaCry fix that might save affected PCs—if you work fast
Benjamin Delpy's wanawiki tool sniffs out the prime numbers used by the ransomware to reconstruct the key used to encrypt your PC. Once the wanawiki tool is run, the software can basically generate the key, and the tool will then unlock the encypted files.

There's a catch: To give the tool a chance to reconstruct the key, the infected PC cannot be rebooted. Also, wanawiki needs to be run as soon as possible, because the prime numbers the ransomware uses may be overwritten over time, Suiche wrote. Users with PCs infected by WannaCry need to download the tool, run it, and "pray" the prime numbers haven't been overwritten, according to Suiche.
Windows 10 is not vulnerable to the WannaCry ransomware!

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon May 29, 2017 5:22 pm
by burger2227
Any website can crash your Windows 7 or 8 PC with these four characters
Here’s how the bug works. All a naughty website has to do is use the character string ‘$MFT’ in the directory name where a website keeps its images. Windows expects to see the four characters $MFT only in a special metadate file on your PC. When it sees those characters as a directory name, however, it causes enough problems that an affected PC will begin to slow down and eventually hang. At that point your only recourse is to reboot the machine. In some cases, the problem may even trigger the dreaded blue screen of death (BSOD).

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Thu Jun 15, 2017 5:41 am
by burger2227
Microsoft warns of 'destructive cyberattacks,' issues new Windows XP patches
Last month's devastating WannaCry ransomware outbreak was just a warning shot. In an unprecedented move, Microsoft today released critical security updates to block another wave of similar attacks, making those patches available on unsupported versions like Windows XP and Server 2003.
Microsoft security advisory 4025685: Guidance for older platforms

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Aug 25, 2017 8:13 am
by burger2227
90% of Companies Get Attacked with Three-Year-Old Vulnerabilities
According to the Fortinet Q2 2017 Global Threat Landscape, 90% of organizations the company protects have experienced cyber-attacks during which intruders tried to exploit vulnerabilities that were three years or older. In addition, 60% of organizations were attacked with exploits ten years or older.

Organizations that did a relatively good job at keeping systems patched would have been able to block the attacks.
Cybersecurity Workforce Will Be Drastically Inadequate by 2022

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Tue Aug 29, 2017 2:19 am
by burger2227
How to Disable SMBv1 and Protect Your Windows PC From Attack
The WannaCry and Petya ransomware epidemics both spread using flaws in the ancient SMBv1 protocol, which Windows still enables by default (for some ridiculous reason). Whether you’re using Windows 10, 8, or 7, you should ensure SMBv1 is disabled on your PC.

SMBv1 is an old version of the Server Message Block protocol Windows uses for file sharing on a local network. It’s been replaced by SMBv2 and SMBv3. You can leave versions 2 and 3 enabled—they’re secure.

The older SMBv1 protocol is only enabled because there are some older applications that haven’t been updated to use SMBv2 or SMBv3. Microsoft maintains a list of applications that still require SMBv1 here.
Read the article for the Windows 7 fix.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Thu Sep 28, 2017 7:52 am
by burger2227
Internet Explorer bug leaks whatever you type in the address bar
There's a bug in the latest version of Internet Explorer that leaks the addresses, search terms, or any other text typed into the address bar.

The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services.

The flaw was disclosed Tuesday by security researcher Manuel Caballero. This proof-of-concept site shows the exploit works as described on the latest version of IE.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Oct 30, 2017 9:11 am
by burger2227
Hackers Can Steal Windows Login Credentials Without User Interaction
Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction.

The hack is easy to carry out and doesn't involve advanced technical skills to pull off. All the attacker needs to do is to place a malicious SCF file inside publicly accessible Windows folders.

Once the file has been placed inside the folder, it executes due to a mysterious bug, collects the target's NTLM password hash, and sends it to an attacker-configured server. Using publicly available software, an attacker could crack the NTLM password hash and later gain access to the user's computer.

Such a hack would allow an attacker that has a direct connection to a victim's network to escalate access to nearby systems.

Microsoft patched the attack vector in this month's Patch Tuesday via the ADV170014 security advisory. The patch is only for Windows 10 and Windows Server 2016 users.

Older Windows versions remain vulnerable to this attack because the registry modifications are not compatible with older versions of the Windows Firewall.
The critical settings are in the Control Panel's All Networks portion of the Advanced Sharing Settings:
Image
These were my laptop settings. Control Panel was recently REMOVED from the Start right click menu so
you will have to TYPE Control into Cortana to find it...BRILLIANT M$ EH?

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Thu Jan 04, 2018 9:39 am
by burger2227
Microsoft issues emergency Windows update for processor security bugs
Microsoft is issuing a rare out-of-band security update to supported versions of Windows today. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft’s plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today.

The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won’t automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

While Microsoft is quickly addressing the issues, the fixes will also rely on firmware updates from Intel, AMD, or other vendors that are rolling out. Some anti-virus vendors will also need to update their software to work correctly with the new patches, as the changes are related to Kernel-level access.
How to protect your PC against the major ‘Meltdown’ CPU security flaw
If you own a Windows-powered PC or laptop, the best thing to do right now is ensure you have the latest Windows 10 updates and BIOS updates from Dell, HP, Lenovo, or one of the many other PC makers. We’re hoping Microsoft or Intel creates a simple tool (they have a PowerShell script right now) to check protection for both the firmware and Windows updates, but until such a tool is available you’ll need to manually check or get familiar with PowerShell. Here’s a quick step-by-step checklist to follow for now:

Update to the latest version of Chrome (on January 23rd) or Firefox 57 if you use either browser
Check Windows Update and ensure KB4056892 is installed for Windows 10
Check your PC OEM website for support information and firmware updates and apply any immediately


These steps only currently provide protection against Meltdown, the more immediate threat of the CPU flaws. Spectre is still largely an unknown, and security researchers are advising that it’s more difficult to exploit than Meltdown. The New York Times reports that Spectre fixes will be a lot more complicated as they require a redesign or the processor and hardware changes, so we could be living with the threat of a Spectre attack for years to come.

Update, 9:15AM ET: Removed links to Intel’s detection tool that a now deleted Microsoft security blog may have incorrectly referenced.
Intel says major flaw affects ‘many different vendors’
The flaw makes it possible for ordinary users and processes to access data deep in the inner mechanisms of the processor and architecture — specifically, kernel memory. The possibilities for bad actors taking advantage of such a gaping hole are numerous, and unfortunately there is no easy solution that does not also slow the processor’s operations considerably.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

In other words, it’s not just them. This may seem like deflection, but it’s also possible that the issue is more widespread than just Intel hardware — and Intel isn’t likely to blow smoke with a claim that can’t be verified. Other major chip and OS companies are almost certainly all already aware of the problem
Windows 7 storm looms as retirement milestone nears
But the Net Applications' numbers hint at a potentially huge problem, because the portion of Windows PCs projected to remain on Windows 7 come January 2020 is significantly larger than what remained on XP at its retirement and is also larger than what Computerworld calculated two full years before Windows XP's deadline.

In April 2014, when Microsoft rescinded Windows XP support, that version accounted for about 29% of all copies of Windows worldwide. Currently, the best-guess for Windows 7 at its end-of-support is a full 10 percentage points higher.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Jan 05, 2018 9:58 am
by burger2227
Intel says it will patch 90 percent of recent chips by next week
A little more than a day since Google Project Zero went public with its findings regarding a major security flaw in Intel (and others) chip designs, the company announced that it is already pushing out patches to eliminate the vulnerability. Intel has "already issued updates for the majority of processor products introduced within the past five years," per the company press release, and expects to have 90 percent of affected chips produced within the past five years patched by the end of the week.

The flaw, which afflicts chips made over the past decade, enables ordinary processes to determine the layout of protected kernel memory. This "software analysis method", as Intel describes the flaw, allows a pair of exploits, dubbed "Meltdown" and "Spectre," to swipe data from other apps on vulnerable devices -- be they PCs, servers or mobile phones -- running Intel, ARM or AMD chips.

The solution cooked up by Intel and its partners so far entails severing the link between the kernel and these processes, though that could have a dramatic impact on a patched chip's operating speed. The company asserts that the impacts will be "highly workload-dependent" and not particularly noticeable by the average consumer.

Update: Microsoft says it will release an update for Surface devices to protect them against the chip vulnerability. The company also explains that it "has not received any information to indicate that these vulnerabilities have been used to attack customers at this time."

You can check the list of Surface gear that will receive the patch at the link above, but Microsoft says the updates will be available for devices running Windows 10 with Windows Update or through the Microsoft Download Center.
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
Issues described as hardware bugs that need software fixes
The issues at heart of all hoopla that happened today concern two attack scenarios that Horn discovered and reported to CPU vendors in June 2017.

Horn describes these issues as hardware bugs that will need both firmware patches from CPU vendors and software fixes from both OS and application vendors.

According to Google, everything and everyone is affected. This includes all major chipset vendors (Intel, AMD, ARM), all major operating systems (Windows, Linux, macOS, Android, ChromeOS), cloud providers (Amazon, Google, Microsoft), and application makers.
Intel CEO sold all the stock he could after Intel learned of security bug
The Rule 10b5-1 plan under which Krzanich scheduled the stock sale is intended to shield executives from accusations of insider trading. But because of the timing of the plan and the length of time Intel kept the vulnerability secret, SEC officials could still see the maneuver as a trade based on insider information—especially if there was no other material reason for Krzanich to sell the stock.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Jan 08, 2018 12:54 pm
by burger2227
Microsoft releases PowerShell script to check if your PC is vulnerable to Meltdown and Spectre
Microsoft has also produced a PowerShell script that checks whether your PC is vulnerable. Use the following steps to install and run the test.

Press the Windows key and type PowerShell. Right click the PowerShell shortcut and select Run as Administrator.
Or right click Start button window and use Windows PowerShell(Admin).

Type or copy-paste Install-Module SpeculationControl and press Enter.
If you are prompted to install the NuGet provider, type Y and press Enter, and repeat if you are warned about installing from an untrusted repository.
The red area below appeared because Import-Module SpeculationControl Script execution was disabled by default.
Image
To set the script execution policy type or copy-paste: powershell.exe -ExecutionPolicy AllSigned and hit enter.

About PowerShell Execution Policies
With the installation complete, type or copy-paste Import-Module SpeculationControl and press Enter.
Type or copy-paste Get-SpeculationControlSettings and press Enter.
In the list of results that's displayed, you're looking to see that a series of protections are enabled -- this will be listed as True. Microsoft explains that the ideal set of results looks like this:

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True
Image

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Customers must take the following actions to help protect against the vulnerabilities:

Verify that you are running a supported antivirus application before you install operating system or firmware updates. Contact the antivirus software vendor for compatibility information.
Apply all available Windows operating system updates, including the January 2018 Windows security updates.
Apply the applicable firmware update that is provided by the device manufacturer.

Windows-based computers (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.
Inside the Semiconductor Industry’s Meltdown
On June 1, Horn told Intel and other chip companies Advanced Micro Devices Inc. and ARM Holdings what he’d found. Intel informed Microsoft soon after. That’s when the big tech companies began working on fixes, including Graz’s KAISER patch, in private.

By November, Microsoft, Amazon, Google, ARM and Oracle Corp. were submitting so many of their own Linux updates to the community that more cybersecurity researchers began to realize something big -- and strange -- was happening.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Tue Jan 09, 2018 10:15 am
by burger2227
Microsoft issues an emergency fix for Windows 10 to address processor bug
For now, though, Windows 10 users should notice the arrival of KB4056892, which takes Windows up to build 16299.192.

In an email statement, Microsoft said:

We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM, and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.
We've already seen compatibility issues with some antivirus tools, and now some AMD users are reporting that the KB4056892 patch is rendering their computer unusable. A further issue -- error 0x800f0845 -- means that it is not possible to perform a rollback.
Update KB4056892 for all Windows 10 users only.

Users of Windows 7 and Windows 8 will have to wait until next week for a patch.

Intel will be offering a fix for 90% of CPU's up to 5 years old in coming weeks...

Microsoft reveals how Spectre updates can slow your PC down
Windows 10 running on Skylake, Kaby Lake or newer CPU show benchmarks show “single-digit slowdowns”, but most users shouldn’t expect to see noticeable slowdowns

Windows 10 running on Haswell or older CPUs “show more significant slowdowns” and “some users will notice a decrease in system performance”

Windows 7 or Windows 8 running on Haswell or older CPUs means “most users will notice a decrease in system performance

Microsoft says firmware updates are only required to protect against what’s being described as Spectre variant 2. For Meltdown and Spectre variant 1, Microsoft has isolated kernel and user mode page tables and hardened Edge and Internet Explorer 11 to protect against JavaScript exploits. Windows updates for 41 editions of the operating system are now available, and Microsoft expects the four remaining supported editions will be patched soon.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Mon Jan 15, 2018 9:01 am
by burger2227
Researcher finds another security flaw in Intel management firmware
The latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin.” The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

If the Intel MEBx default password was never changed, an unauthorized person with physical access to the system could manually provision Intel AMT via the Intel MEBx or with a USB key using the default password. If the system’s manufacturer has followed Intel’s recommendation to protect the Intel MEBx menu with the system BIOS password, this physical attack would be mitigated.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Fri Jan 19, 2018 10:58 am
by burger2227
Meltdown and Spectre: Good news for AMD users, (more) bad news for Intel
The bad news: Intel has previously warned that the microcode update it issued to provide some processor-based mitigation for some kinds of Spectre attack was causing machines with Haswell and Broadwell processors to reboot. It turns out that the problems are more widespread than previously reported: the chip company is now saying that Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake systems are affected, too.

Re: Every version of Windows hit by 'critical' security vulnerability

Posted: Tue Jan 23, 2018 9:03 am
by burger2227
Intel tells users to stop deploying buggy Spectre patch, citing technical issues
Intel has a patching problem. All last week, users reported computers spontaneously rebooting after installing Intel’s Spectre/Meltdown patch. Now, Intel seems to be giving up on those patches entirely. In a post today, executive vice president Navin Shenoy announced that Intel had located the source of some of the recent reboot problems and is recommending users skip the patches entirely until a better version could be deployed.

Intel says that it’s identified the issue behind the unexpected reboots on Broadwell and Haswell processors and is working toward releasing an update that addresses the exploits without causing that issue. The same issues have been happening on Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake processors too; Intel says it’s “actively working on developing solutions” for those platforms as well.

Dell Advising All Customers To Not Install Spectre BIOS Updates
The Spectre & Meltdown mess continues with Dell now recommending their customers do not install the BIOS updates that resolve the Spectre (Variant 2) vulnerabilities. These updates have been causing numerous problems for users including performance issues, boot issues, reboot issues, and general system instability.

Due to this, Dell EMC has updated their knowledge base article with the following statement advising customers to not install the BIOS update and to potentially rollback to the previous BIOS if their computers are exhibiting "unpredictable system behavior".
Latest Google Chrome update to load manually in Settings Help/About:
Version 64.0.3282.119 (Official Build) (32-bit)