|Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there`s no reason to freak out about it. From a report: Last year, Google announced some upgrades to Chrome, by far the world`s most used browser -- and the one security pros often recommend. The company promised to make internet surfing on Windows computers even `cleaner` and `safer` adding what The Verge called `basic antivirus features.` What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET. [...] Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. `In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation -- even just to preemptively ease...|
|2018-03-29 19:24:36||The Register|
If at first you don`t succeed, you`re Redmond
Microsoft today issued an emergency security update to correct a security update it issued earlier this month to correct a security update it issued in January and February.
|2018-03-27 20:21:10||The Register|
You`ll want to install the March update. Like right now if you can avoid broken networking
Microsoft`s January and February security fixes for Intel`s Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes.
|Microsoft has revealed today that `we will begin testing a change where links clicked on within the Windows Mail app will open in Microsoft Edge.` What this means is that if you have Chrome or Firefox set as your default browser in Windows 10, Microsoft will simply ignore that and force you into Edge when you click a link within the Mail app. The Verge reports: `As always, we look forward to feedback from our WIP community,` says Microsoft`s Dona Sarkar in a blog post today. I`m sure Microsoft will receive a lot of feedback over this unnecessary change, and we can only hope the company doesn`t ignore ...|
|Microsoft has backtracked on a decision it took back in January when it conditioned that computers without a special registry key would not receive any more security updates. From a report: That particular `requirement` was introduced as part of the Meltdown and Spectre patching process. At the time, Microsoft said that antivirus vendors would have to add a key to the Windows Registry to signal that they are compatible with Microsoft`s original Meltdown and Spectre patches. This was a big issue at the time because Microsoft detected during testing that some antivirus vendors would inject code into parts of the kernel that the company was trying to patch against Meltdown and Spectre...|
|Catalin Cimpanu, writing for BleepingComputer: The admission came in a knowledge base article updated last week. Not all users of older Windows versions were forcibly updated, but only those whose machines were running Windows 10 v1703 (Creators Update). This is the version where Microsoft added special controls to the Windows Update setting section that allow users to pause OS updates in case they have driver or other hardware issues with the latest OS version. But according to reports, a Microsoft snafu ignored these settings and forcibly updated some users to Windows 10 v1709 (Fall Creators Update...|
|Power was lost in many parts of the East Coast on Friday morning, including the IPTIA Datacenter. Batteries kept everything running for several hours, but power was not restored until after 1PM on Saturday. Travel was severely hampered for our team members by fallen trees, traffic, and non-functioning signals. All systems were brought online quickly, but there were several key components that were damaged or destroyed by the extended power outage. These were rebuilt or replaced by the IPTIA team. As of Saturday evening, all systems were back online. At the time of this writing, we have completed the extensive diagnostic scan started ...|
|Microsoft has resumed the rollout of security updates for AMD devices. The updates patch the Meltdown and Spectre vulnerabilities. From a report: Microsoft released these patches on January 3, but the company stopped the rollout for AMD-based computers on January 9 after users reported crashes that plunged PCs into unbootable states. After working on smoothing out the problems with AMD, Microsoft announced today it would resume the rollout of five (out of nine) security updates.|
|2018-01-12 04:33:35||Silicon Security|
|ANALYSIS: Microsoft is halting all security updates on Windows systems with badly-behaved antivirus products. But you can fix this problem|
|Catalin Cimpanu, reporting for BleepingComputer: Microsoft has added a new and very important detail on the support page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches. According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches. The way antivirus programs become compatible is by updating their product and then adding a special registry key to the Windows Registry. The presence of this registry key tells the Windows OS the AV product is compatible and will trigger the Windows Update that installs the Meltdown and Spectre patches that address critical flaws in the design of ...|
|Intel said on Thursday that by next week it expects to have patched 90 percent of its processors that it released within the last five years, making PCs and servers `immune` from both the Spectre and Meltdown exploits. The company adds: Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services. Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional ...|
|An anonymous reader shares a report: Microsoft is issuing a rare out-of-band security update to supported versions of Windows today (Wednesday). The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft`s plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today. The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won`t automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated ...|
|Catalin Cimpanu, reporting for BleepingComputer: Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company`s assessment affect `every processor [released] since 1995.` Google says the two bugs can be exploited to `to steal data which is currently processed on the computer,` which includes `your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.` Furthermore, Google says that tests on virtual machines used in cloud computing environments extracted data from other customers using the same server. The bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google`s elite security team. These are the same bugs that have been reported earlier this week as affecting Intel CPUs. Google was planning to release details about Meltdown and Spectre next week but decided to publish the reports today `because of existing public reports and...|
|According to The Register, `A fundamental design flaw in Intel`s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.` From the report: Programmers are scrambling to overhaul the open-source Linux kernel`s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in this month`s Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December. Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we`re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- specifically, PCID -- to reduce the performance hit. Similar operating systems, such as Apple`s 64-bit macOS, will also need to be updated -- ...|
|From Donald Trump to Russian hackers, these are the dangerous characters weve been watching online in 2017.|
|An anonymous reader writes: Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers. Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user`s login information, such as username and passwords. The trick is an old one, known for more than a decade but until now it`s only been used by hackers trying to collect login information during XSS (cross-site scripting) attacks. Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information. The ...|
|U.S. Internet provider Armstrong has warned persistent pirates on its network of limiting their access to the thermostats if they didn`t play by its rules. From a report: Our attention was caught by a recent letter the company sent to one of its users. The ISP points out that it received multiple copyright infringement notices, urging the customer to stop, or else. [...] While reduced Internet speeds are bad enough, there`s another scary prospect. The reduced service level may also prevent subscribers from controlling their thermostat remotely. Not ideal during the winter. `Please be advised that this may affect other services which you may have connected to your internet service, such as the ability to control your thermostat remotely or video monitoring services.` Accused pirates who want their full service restored, and regain control over their thermostats, have to answer some copyright questions and read an educational piece about...|
|Mozilla Thunderbird Prior to 52.5.2 Multiple Security Vulnerabilities|
|Windows Hello, the face scanning security feature in Windows 10, has been defeated with the use of a printed out picture. From a report: In a report published yesterday, German pen-testing company SySS GmbH says it discovered that Windows Hello is vulnerable to the simplest and most common attack against facial recognition biometrics software -- the doomsday scenario of using a printed photo of the device`s owner. Researchers say that by using a laser color printout of a low-resolution (340x340 pixels) photo of the device owner`s face, modified to the near IR spectrum, they were able to unlock several Windows devices where Windows Hello had been previously activated. The attack worked even if the `enhanced anti-spoofing` feature had been enabled in the Windows Hello settings panel, albeit for these attacks SySS researchers said they needed a photo of a higher resolution of 480x480 pixels (which in reality is still a low-resolution photo). [...] Microsoft released updates earlier...|
|kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps and amp; Features, and click `Manage optional features` to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs. It also says that it doesn`t use the OpenSSL library. That`s the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn`t MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn`t compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers. Still, it`s a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its ...|
|An anonymous reader writes: A Google security researcher has found and helped patch a severe vulnerability in Keeper, a password manager application that Microsoft has been bundling with some Windows 10 distributions this year... `This is a complete compromise of Keeper security, allowing any website to steal any password,` Tavis Ormandy, the Google security researcher said, pointing out that the password manager was still vulnerable to a same vulnerability he reported in August 2016, which had apparently been reintroduced in the code. Based on user reports, Microsoft appears to have been bundling Keeper as part of Windows 10 Pro distributions since this past summer. The article reports that Keeper issued a fix -- browser extension version 11.4 -- within less than 24 hours...|
|An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called `Process Doppelganging.` This new attack works on all Windows versions and researchers say it bypasses most of today`s major security products. Process Doppelganging is somewhat similar to another technique called `Process Hollowing,` but with a twist, as it utilizes the Windows mechanism of NTFS Transactions. `The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine,` Tal Liberman and amp; Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. `Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and...|
|An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR`s implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode. The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it ...|
|2017-10-23 04:58:47||Silicon Security|
|The unpatched security vulnerability allows attackers to use a Windows code-sharing feature to trigger malware using formatted Outlook messages|
|Adobe has released an out-of-band security update for Adobe Flash Player that patches a zero-day remote code execution vulnerability actively exploited in the wild. Kaspersky Lab researchers spotted the live attacks on October 10, 2017, and say that the exploit is delivered through a Microsoft Word document and deploys the most recent version of the FinSpy (aka FinFisher) commercial malware developed by Gamma International. The attack leveraging CVE-2017-11292 The researchers believe that the zero-day is … More →...|
|Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: `We have released a security update to address this issue,` says a Microsoft spokesperson in a statement to The Verge. `Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.` Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices `in the coming weeks.` Google`s own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to ...|
|A vulnerability called KRACK affects nearly every Wi-Fi device on the market.|
|2017-10-11 11:50:12||Silicon Security|
|No rest for system admins as Patch Tuesday tackles 62 vulnerabilities; 28 of which are rated as critical|
|A reader shares a report Windows users in Germany were particularly unimpressed when Microsoft forcibly downloaded many gigabytes of files to upgrade from Windows 7 and 8 to Windows 10. Having held out for 18 months, and losing its case twice, Microsoft has finally agreed to stop its nefarious tactics. After a lengthy battle with Germany`s Baden-Wurtenberg consumer rights center, Microsoft made the announcement to avoid the continuation of legal action. A press release on the Baden-Wurtenberg website reveals that Microsoft has announced it will no longer download operating system files to users` computers without their permission: Microsoft will not download install files for new operating systems to a user system`s hard disk without a user`s consent. The consumer rights center hoped for this resolution to be reached much sooner, but Microsoft`s decision will please the courts and could have a bearing on how the ...|
|2017-08-08 16:55:24||The Register|
Update IE, Edge, Windows, SQL Server, Office and of course Flash
Patch Tuesday Microsoft has released the August edition of its Patch Tuesday update to address security holes in multiple products. Folks are urged to install the fixes as soon as possible before they are exploited.
|Microsoft on Wednesday announced the Windows Bounty Program. Rewards start at a minimum of $500 and can go up to as high as $250,000. From a report: To be clear, Microsoft already offers many bug bounty programs. This is also not the first to target Windows features -- the company has launched many Windows-specific bounties for those starting in 2012. The Windows Bounty Program, however, encompasses Windows 10 and even the Windows Insider Preview, the company`s program for testing Windows 10 preview builds. Furthermore, it also has specific focus areas: Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge...|
|Reader Baron_Yam shares a PCWorld report: No Windows 10 Creators Update for you, Microsoft says -- at least, not if you happen to be the unlucky owner of certain older Atom-based Windows devices, and other aging models in the future. After stories arose of failed attempts to upgrade such hardware to the Creators Update, Microsoft confirmed late Wednesday that any hardware device that falls out of the manufacturer`s support cycle may be ineligible for future Windows 10 updates. In the case of the four `Clover Trail` processors (part of the Cloverview platform) that have fallen into Intel`s End of Interactive Support phase, they will be ineligible for the Windows 10 Creators Update, Microsoft confirmed. Instead, they`ll simply be offered the Windows 10 Anniversary Update, plus security updates through January, 2023, the end of the original Windows 8.1 support period. The problem, however, is that Microsoft`s language opens up the possibility that...|
|An anonymous reader quotes a report from The Hacker News: WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors. Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy -- implant for Microsoft Windows Xshell client, and Gyrfalcon -- targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu. Both implants steal user credentials for all active SSH sessions and then sends them...|
|Reader Mark Wilson writes: There have been lots of complaints about invasion of privacy since the release of Windows 10. Microsoft`s telemetry lead to several lawsuits, including one from France`s National Data Protection Commission which said Windows 10 was collecting `excessive personal data` about users. But now the Commission Nationale de l`Informatique et des Libert`s has decided to drop its case against Microsoft. The commission is happy that sufficient steps have been taken to reduce the amount of data that is collected and users are now informed about ...|
|WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool`s 42-page manual, the tool`s name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target`s environment. This is done using a tool called the `PATCHER wizard,` which generates the ELSA payload, a simple DLL file. Step 2: CIA operative deploys ELSA implant on target`s Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim`s PC. Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data ...|
|2017-06-28 13:59:28||The Register|
Malicious chats mostly came from India, say police
Four Britons have been arrested on suspicion of helping organise fraudulent telephone support scam calls that caused hundreds of millions of pounds of losses worldwide.
|An anonymous reader quotes a report from Ars Technica: The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard. Microsoft`s EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques -- some built in to Windows, some part of EMET itself -- to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible. With Windows 10, however, EMET`s development was essentially cancelled. But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues -- a few even require applications to be deliberately written with the mitigation in mind -- which means that Windows does...|
|According to an exclusive report via The Register, `a massive trove of Microsoft`s internal Windows operating system builds and chunks of its core source code have leaked online.` From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft`s in-house systems since around March. The leaked code is Microsoft`s Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond`s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this...|
|Earlier this month, Microsoft said `no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack,` adding that `no known ransomware works against Windows 10 S.` News outlet ZDNet asked a security researcher to see how good Microsoft`s claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system`s various layers of security, but he got there. `I`m honestly surprised it was this easy,` he said in a call after his attack. `When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would`ve wanted more restrictions on trying to run privileged processes instead of it being such ...|
|2017-06-22 19:21:05||The Register|
Redmond adds UI tweaks, more emojis and Edge enticements
Microsoft has released the newest build of Windows 10 Insider, version 16226, to developers on its fast-track release list.
|An anonymous reader quotes a report from the BBC: Microsoft has admitted that it does temporarily disable anti-virus software on Windows PCs, following an competition complaint to the European Commission by a security company. In early June, Kaspersky Lab filed the complaint against Microsoft. The security company claims the software giant is abusing its market dominance by steering users to its own anti-virus software. Microsoft says it implemented defenses to keep Windows 10 users secure. In an extensive blog post that does not directly address Kaspersky or its claims, Microsoft says it bundles the Windows Defender Antivirus with Windows 10 to ensure that every single device is protected from viruses and malware. To combat the 300,000 new malware samples being created and spread every day, Microsoft says that it works together with external anti-virus partners. The technology giant estimates that about 95% of Windows 10 PCs were using anti-virus software that was already compatible...|
|Ed Bott, reporting for ZDNet: Citing an `elevated risk for destructive cyberattacks,` Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today`s critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They`ll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. The new updates can be found in the Microsoft Download Center or, alternatively, in the Update Catalog...|
|msm1267 writes: EternalBlue, the NSA-developed attack used by criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers. The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks. These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable. You can read the researchers` report here (PDF), which explains what was necessary to bring the NSA exploit to Windows 10...|
|A viral Twitter rant about Windows 10 Enterprise supposedly ignoring users` privacy settings has since been clarified. `I made mistakes on my original testing and therefore saw more connections than I should have,` writes IT security analyst Mark Burnett, `including some to Google ads.` But his qualified results -- quoted below -- are still critical of Microsoft: You can cut back even more using the Windows Restricted Traffic Limited Functionality Baseline but break many things.Settings can be set wrong if you aren`t paying attention. Also, settings are not consistent and can be confusing to beginners.You are opted-in to just about everything by default and have to set hundreds of settings to opt out, even on an Enterprise Windows system. Sometimes multiple settings for the same feature. Most Microsoft documentation discourages opting out and warns of a less optimal experience... But you can`t completely opt-out. Windows still tracks too much.Home and Professional users are much worse...|
|Windows 7 and 8.1 (and also Windows Vista) have a bug that is reminiscent of Windows 98 age, when a certain specially crafted filename could make the operating system crash (think of file:///c:/con/con). From an ArsTechnica report: The new bug, which fortunately doesn`t appear to afflict Windows 10, uses another special filename. This time around, the special filename of choice is $MFT. $MFT is the name given to one of the special metadata files that are used by Windows` NTFS filesystem. The file exists in the root directory of each NTFS volume, but the NTFS driver handles it in special ways, and it`s hidden from view and inaccessible to most software. Attempts to open the file are normally blocked, but in a move reminiscent of the Windows 9x flaw, if the filename is used as if it were a directory name -- for example, trying to open the file c:\$MFT\123 -- then the NTFS driver takes out a lock on the file and never releases it. Every subsequent operation sits around waiting for the...|
The NSA`s exploit toolkit has been weaponized to target critical systems all over the world. So much for the debate over the theoretical downside of undisclosed vulnerabilities. (It also inadvertently provided the perfect argument against encryption backdoors.) The real world has provided all the case study that`s needed.
It appears the NSA finally engaged in the Vulnerabilities Equity Process -- not when it discovered the vulnerability, but rather when it became apparent the agency wouldn`t be able to prevent it from being released to the public. What`s happened recently has been devastating and Microsoft -- whose software was targeted -- has expressed its displeasure at the agency`s inaction.
Maybe the agency will be a bit more forthcoming in the future. Ellen Nakashima and Craig Timberg of the Washington Post report former NSA employees and officials had concerns about the undisclosed exploit long before the Shadow Brokers gave it to the world. <...
|An anonymous reader writes: Today, WikiLeaks leaked documentation about a tool called Athena. According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant -- a CIA technical term for `malware` -- that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft`s latest OS version. Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS. [...] The documents reveal that CIA had received help from a non-government contractor in developing the malware. The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA`s headquarters, in a zone peppered ...|
|Security researchers Troy Hunt, writing on his blog: Often, the updates these products deliver patch some pretty nasty security flaws. If you had any version of Windows since Vista running the default Windows Update, you would have had the critical Microsoft Security Bulletin known as `MS17-010` pushed down to your PC and automatically installed. Without doing a thing, when WannaCry came along almost 2 months later, the machine was protected because the exploit it targeted had already been patched. It`s because of this essential protection provided by automatic updates that those advocating for disabling the process are being labelled the IT equivalents of anti-vaxxers and whilst I don`t fully agree with real world analogies like this, you can certainly see where they`re coming from. As with vaccinations, patches protect the host from nasty things that the vast majority of people simply don`t understand. This is how consumer software these days should be: self-updating with zero...|
|An anonymous reader quotes the AP: Teams of technicians worked `round the clock` Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.`s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003] An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it`s an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes ...|
|An anonymous reader quotes a report from BleepingComputer: Two Google security experts have found a severe remote code execution (RCE) bug in the Windows OS, which they`ve described as `crazy bad.` The two experts are Natalie Silvanovich and Tavis Ormandy, both working for Project Zero, a Google initiative for discovering and helping patch zero-days in third-party software products. The two didn`t release in-depth details about the vulnerability, but only posted a few cryptic tweets regarding the issue. Drilled with questions by the Twitter`s infosec community, Ormandy later revealed more details: the attacker and the victim don`t necessarily need to be on the same LAN; the attack works on a default Windows install, meaning victims don`t need to install extra software on their systems to become vulnerable; the attack is wormable (can self-replicate). The tweets came days before Microsoft`s May 2017 Patch Tuesday, scheduled tomorrow, May 9. The researchers said a report is ...|
|The vast majority of IT organizations (91%) have installed Windows 10, but there is still great variation in the current level of Windows 10 adoption, according to a new survey conducted by Dimensional Research. Factors impacting Windows 10 adoption Nearly nine in ten (87%) have concerns about moving to Windows 10 including application compatibility (65%), the need for user training (43%), manual effort required to migrate (31%), the performance of applications (24%) and the increased … More ...|
|2017-04-26 15:02:41||The Register|
We`ll give it to you when it`s ready and it is not
Microsoft has urged non-tech-savvy people or anyone who wants a stable computer to not download and install the biggest revision to Windows this year. And that`s because it may well bork your machine.
|An anonymous reader shares a report: Over the weekend, I put together a little tool that scans executable files for PNG images containing useless Adobe Extensible Metadata Platform (XMP) metadata. I ran it against a vanilla Windows 10 image and was surprised that Windows contains a lot of this stuff. Adobe XMP, generally speaking, is an Adobe technology that serializes metadata like titles, internal identifiers, GPS coordinates, and color information into XML and jams it into things, like images. This data can be extremely valuable in some cases but Windows doesn`t need or use this stuff. It just eats up disk space and CPU cycles. Thanks to horrible Adobe Photoshop defaults, it`s very easy to unknowingly include this metadata in your final image assets. So easy, almost all the images on this site are chock full of it. But you can appreciate my surprise when a bunch of important Windows binaries showed up in ...|
|Karma has long been a staple man-in-the-middle attack used in authorised wireless security assessments and unsanctioned ones, but as many modern operating systems now provide effective countermeasures, other approaches for tricking wireless clients into automatically associating with a rogue access point are wanted. Enter Lure10 – a new attack that, by taking advantage of Wi-Fi Sense, tricks wireless devices running Windows into doing exactly that. What is Wi-Fi Sense? Wi-Fi Sense, enabled by default on … More ...|
|Has your Windows machine been implanted with NSA’s DoublePulsar backdoor? If you haven’t implemented the security updates released by Microsoft in March, chances are good that it has. What is DoublePulsar? DoublePulsar is a backdoor implant that enables the injection and running of DLLs – potentially malicious ones – on Windows computers. It was recently leaked by the Shadow Brokers, and hackers have been using it – in conjunction with the EternalBlue exploit – to … More ...|
|An anonymous reader quotes a report from BleepingComputer: GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1. This limitation was delivered through Windows Update KB4012218 (March 2017 Patch Tuesday) and has made many owners of Intel Kaby Lake and AMD Bristol Ridge CPUs very angry last week, as they weren`t able to install any Windows updates. Microsoft`s move was controversial, but the company did its due diligence, and warned customers of its intention since January 2016, giving users enough time to update to Windows 10, move to a new OS, or downgrade their CPU, if they needed to remain on Windows 7 or 8.1 for various reasons. When the April 2017 Patch Tuesday came around last week, GitHub user Zeffy finally had the chance to test four batch scripts he created in March, after the release of KB4012218. His ...|
The Shadow Brokers -- having failed to live up to half their name -- released more NSA exploits last week when it became apparent no one was willing to purchase the exploits from them. This dump was far more interesting than previous releases, as it contained a large number of Windows exploits and -- for some -- a very handy, easy-to-use front end for malware deployment.
This dump probably ruined a few Easter weekends at Microsoft, but not nearly as many as was first presumed. While the exploits targeted older versions of Windows , they would have caused trouble for government and corporate networks still relying those versions. Those targeting unsupported versions are the most dangerous, as those holes will never be patched. They`re also the ones with the smallest user bases, so that mitigates the damage somewhat. As Marcy Wheeler points out, the NSA had plenty of time to warn Microsoft about unpatched holes prior to the Shadow Brokers` latest dump. ...
|halfEvilTech writes: Last year, Microsoft announced they were planning on blocking OS updates on newer Intel CPU`s, namely the 7th Generation Kaby Lake processors. Ars Technica reports: `Now, the answer appears to be `this month.` Users of new processors running old versions of Windows are reporting that their updates are being blocked. The block means that systems using these processors are no longer receiving security updates.` While Windows 7 has already ended mainstream support, the same can`t be said for Windows 8.1 which is still on mainstream support until January of next year...|
|2017-04-12 03:32:11||The Register|
Support ended on Tuesday and Microsoft`s not offering even a single strand of safety net
Farewell, Windows Vista, we hardly knew ye. But as of now * you`re out of support and even-more-unloved than was previously the case.
|Microsoft is officially banning emulators from Windows Store. The company has updated the Windows Store policy to announce the changes. The new rules bar any applications that emulate pre-existing game systems, resulting in the removal of a popular program that supported games from Nintendo and Sega and other consoles. From a report on ArsTechnica: An affected developer was notified of the change on Tuesday when its product, Universal Emulator, was delisted from the Windows Store. While no proof of a letter or notice from Microsoft was published, the developers at NESBox linked to relevant changes in the Windows Store application rules, dated March 29, which now include this line: `Apps that emulate a game system are not allowed on any device family.` This list of general Windows Store rules, written for developers, received a massive update to its `Gaming and Xbox` requirements; these used to contain only one sentence, and it referred hopeful Windows Store game developers to the ID...|
|Starting today, Microsoft is updating its privacy statement and publishing information about the data it collects as part of Windows 10. From a report: `For the first time, we have published a complete list of the diagnostic data collected at the Basic level,` explains Windows chief Terry Myerson in a company blog post. `We are also providing a detailed summary of the data we collect from users at both Basic and Full levels of diagnostics.` Microsoft is introducing better controls around its Windows 10 data collection levels in the latest Creators Update, which will start rolling out broadly next week. The controls allow users to switch between basic and full levels of data collection. `Our teams have also worked diligently since the Anniversary Update to re-assess what data is strictly necessary at the Basic level to keep Windows 10 devices up to date and secure,` says Myerson. `As a result, we have reduced the number of events collected and reduced, by about half, the ...|
|An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel`s method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV`s background processes, meaning users won`t notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA`s Weeping Angel toolkit, which makes his work even more impressing...|
Last week, the Senate voted 50-48 along party lines to kill consumer broadband privacy protections. That vote then continued today in the House, where GOP lawmakers finished the job, apparently happy to advertise how ISP campaign contributions consistently, directly manifest in anti-consumer policy with a 215 to 205 vote (you can find a full vote breakdown here ). The rules, which were supposed to take effect this month, were killed using the Congressional Review Act -- which not only eliminates the protections, but limits the agency`s ability to issue similar rules down the road.
The broadband industry`s effort to kill the rules is one of the uglier examples of pay-to-play government in recent memory. The protections, originally passed last October by the FCC , have been endlessly demonized by the broadband industry, despite the fact that they`re relatively straight forward. The rules would have simply required that ISPs are transparent about what they collect (...
|Slashdot reader AmiMoJo quotes The Register: Three people in Illinois have filed a lawsuit against Microsoft, claiming that its Windows 10 update destroyed their data and damaged their computers. The complaint, filed in Chicago`s U.S. District Court on Thursday, charges that Microsoft Windows 10 [installer] is a defective product, and that its maker failed to provide adequate warning about the potential risks posed by Windows 10 installation -- specifically system stability and data loss... The attorneys representing the trio are seeking to have the case certified as a class action that includes every person in the U.S. who upgraded to Windows 10 from Windows 7 and suffered data loss or damage to software or hardware within 30 days of installation. They claim there are hundreds or thousands of affected individuals. Microsoft responded that they`d offered free customer service and other support options for `the upgrade experience,` adding `We believe the plaintiffs` claims are ...|
|Earlier this week, CEO of Microsoft Greater China, Alain Crozier, told China Daily that the company is ready to roll out a version of Windows 10 with extra security features demanded by China`s government. `We have already developed the first version of the Windows 10 government secure system. It has been tested by three large enterprise customers,` Crozier said. The Register reports: China used Edward Snowden`s revelations to question whether western technology products could compromise its security. Policy responses included source code reviews for foreign vendors and requiring Chinese buyers to shop from an approved list of products. Microsoft, IBM and Intel all refused to submit source code for inspection, but Redmond and Big Blue have found other ways to get their code into China. IBM`s route is a partnership with Dalian Wanda to bring its cloud behind the Great Firewall. Microsoft last year revealed its intention to build a version of Windows 10 for Chinese government users in...|
|Security researchers from computer and network security outfit Cybellum have revealed a new zero-day code injection and persistence technique that can be used by attackers to take over applications and entire Windows machines. They demonstrated the attack on antivirus solutions, and ultimately dubbed it DoubleAgent, as it turns the antivirus security agent into a malicious agent. The DoubleAgent attack “DoubleAgent exploits a legitimate tool of Windows called Microsoft Application Verifier which is a tool included … ...|
|2017-03-22 04:26:05||The Register|
There`s Reds under the Windows! And that`s the way China`s government wants it
Microsoft`s supremo for China has told state-owned China Daily that Redmond`s ready roll out version of Windows 10 with extra security features demanded by China`s government.
|Reader AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for `smooth operation` to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face ...|
|An anonymous reader writes: `A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning,` reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn`t known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk...|
|Artem Tashkinov writes: In a move that will shock a lot of people, someone at Microsoft decided to deny Windows 7/8.1 updates to the users of the following CPU architectures: Intel seventh (7th)-generation processors (Kaby Lake); AMD `Bristol Ridge` (Zen/Ryzen); Qualcomm `8996.` It`s impossible to find any justification for this decision to halt support for the x86 architectures listed above because you can perfectly run MS-DOS on them. Perhaps, Microsoft has decided that the process of foisting Windows 10 isn`t running at full steam, so the company created this purely artificial limitation. I expect it to be cancelled soon after a wide backlash from corporate customers. KitGuru notes that users may encounter the following error message when they attempt to update their OS: `Your PC uses a processor that isn`t supported on this version of Windows.` The only resolution is to upgrade to Windows 10...|
|In less than a month`s time, Microsoft will put Windows Vista to rest once and for all. If you`re one of the few people still using it, you have just a few weeks to find another option before time runs out. (I mean, nobody will uninstall it from your computer, but.) From a report on PCWorld: After April 11, 2017, Microsoft will no longer support Windows Vista: no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates, Microsoft says. (Mainstream Vista support expired in 2012.) Like it did for Windows XP, Microsoft has moved on to better things after a decade of supporting Vista. As Microsoft notes, however, running an older operating system means taking risks -- and those risks will become far worse after the deadline. Vista`s Internet Explorer 9 has long since expired, and the lack of any further updates means that any existing vulnerabilities will never be patched -- ever. Even if you have Microsoft`...|
|Tom Warren, writing for The Verge: Microsoft is unveiling some changes to the way Windows Updates are applied to Windows 10 PCs with the upcoming Creators Update. The software giant has long been criticized by Windows 10 users for its aggressive approach to applying updates, and it`s introducing some new options to prevent annoying reboots. `What we heard back most explicitly was that you want more control over when Windows 10 installs updates,` admits John Cable, Microsoft`s Windows director of program management. `We also heard that unexpected reboots are disruptive if they happen at the wrong time.` To stop these random reboots, Microsoft is adding a new snooze option that appears in a new prompt to let you know there`s a Windows 10 update available. Snooze will stop an update installing for three days, and give you time to save any crucial work...|
|2017-02-28 05:47:50||Silicon Security|
|Google Zero`s latest unpatched bug is ranked `critical` and could be used to target Windows 10 Edge and Internet Explorer 11|
|2017-02-28 05:45:03||Silicon Security|
|Windows 10 Creators Update scheduled for April, with another coming later in the year|
|Microsoft is planning to introduce a new feature to Windows 10 that will allow a user to prevent installation of desktop apps. The latest Windows Insider build comes with an option that allows users to enable app installations only from the Windows Store. From a report on MSPowerUser: Once enabled, users will see a warning whenever they try to install a Win32 app -- they will get a dialog saying apps from the Windows Store helps to keep their PC `safe and reliable.` This feature is obviously disabled by default, but users can enable it really easily ...|
|2017-02-22 05:45:30||Silicon Security|
|Windows 10 will get a second major update in 2017 as Microsoft also launches Skype Lite in India|
|Julia Fioretti, reporting for Reuters: European Union data protection watchdogs said on Monday they were still concerned about the privacy settings of Microsoft`s Windows 10 operating system despite the U.S. company announcing changes to the installation process. The watchdogs, a group made up of the EU`s 28 authorities responsible for enforcing data protection law, wrote to Microsoft last year expressing concerns about the default installation settings of Windows 10 and users` apparent lack of control over the company`s processing of their data. The group -- referred to as the Article 29 Working Party -- asked for more explanation of Microsoft`s processing of personal data for various purposes, including advertising. `In light of the above, which are separate to the results of ongoing inquiries at a national level, even considering the proposed changes to Windows 10, the Working Party remains concerned about the level of protection of users` personal data,` the group said ...|
|An anonymous reader writes: `For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google`s announcement,` reports BleepingComputer. `The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll)...` According to Google, the issue allows an attacker to read the content of the user`s memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many. `According to a bug report filed by Google`s Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft`s security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable.` He later resubmitted the...|
|In case you were wondering what other misery DRM could contribute to, Hacker House security researchers have an answer for you : n n HackerHouse have been investigating social engineering attacks performed with Digital Rights Management (DRM) protected media content. Attackers have been performing these attacks in the wild to spread fake codec installers since Microsoft introduced DRM to its proprietary media formats. n n Improperly-licensed media files will produce a pop-up , asking the user if they want to visit the originating site to obtain the rights to play the file. This popup also warns users that this is great way to pick up malware if they`re not careful. In these cases, computer users will likely be deterred from following through on the risky click. n n But that only happens if it`s not licensed properly. If it is -- an expensive process that runs about $10,000 -- then no warning appears, leaving users open to attack by malicious fake codec installers. What would ...|
|`The prestigious FOSS project replacing the entire city`s administration IT with FOSS based systems, is about to be cancelled and decommissioned,` writes long-time Slashdot reader Qbertino. TechRepublic reports: Politicians at open-source champion Munich will next week vote on whether to abandon Linux and return to Windows by 2021. The city authority, which made headlines for ditching Windows, will discuss proposals to replace the Linux-based OS used across the council with a Windows 10-based client. If the city leaders back the proposition it would be a notable U-turn by the council, which spent years migrating about 15,000 staff from Windows to LiMux, a custom version of the Ubuntu desktop OS, and only completed the move in 2013... The use of the open-source Thunderbird email client and LibreOffice suite across the council would also be phased out, in favor of using `market standard products` that offer the `highest possible compatibility` with external and internal software... ...|
|2017-02-10 18:26:06||The Register|
Malware can spread to gizmos and gadgets after slipping into internal systems
The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems.
|If you`re using an older, outdated version of Skype, you may want to consider updating soon. Microsoft said today that starting on March 1 people will no longer be able to sign in to version 7.16 of Skype for Window desktop and older versions, and version 7.18 of Skype for Mac and older versions thereof. VentureBeat reports: `If you`re one of those users, all you`ll need to do is download the new update,` the Skype team said in a blog post. This isn`t the first time Skype is retiring old software. But that doesn`t mean the upcoming move won`t rankle some people. Version 7.18 of Skype for Mac and version 7.16 of Skype for Windows both came out less than a year and a half ago -- in December 2015. So it`s not as if this is very old software. Still, Microsoft has been doing a lot to improve Skype in the past year. It`s been migrating the app to its Azure public cloud infrastructure, and adding chatbots. Current versions of Skype -- like version 7.44 for Mac -- come with amenities...|
|Orome1 quotes a report from Help Net Security: A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it. It is a memory corruption bug in the handling of SMB traffic that could be easily exploited by forcing a Windows system to connect to a malicious SMB share. Tricking a user to connect to such a server should be an easy feat if clever social engineering is employed. The vulnerability was discovered by a researcher that goes by PythonResponder on Twitter, and who published proof-of-exploit code for it on GitHub on Wednesday. The researcher says that he shared knowledge of the flaw with Microsoft, and claims that `they had a patch ready 3 months ago but decided to push it back.` Supposedly, the patch will be released next Tuesday. The PoC exploit has been tested by SANS ISC CTO Johannes Ullrich, and works on a fully patched Windows 10. `To be vulnerable, a client needs to support SMBv3, ...|