RE: Windows 10 IS Unsafe! - kyonides - 03-13-2020
Server Message Block (SMB) Wormable Flaw
Windows: new wormable vulnerability found and no patch available
Short Article
https://www.linuxexperten.com/news/windows-new-wormable-vulnerability-found
Lengthy Article
https://arstechnica.com/information-technology/2020/03/windows-has-a-new-wormable-vulnerability-and-theres-no-patch-in-sight/
The flaw affects Windows 10, versions 1903 and 1909 and Windows Server versions 1903 and 1909, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks.
The service that's used to share files, printers and other resources on local networks and over the internet, can allow attacks to execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in an advisory.
Patches aren't available, and Tuesday's advisory gave no timeline for one being released.
MS offered a workaround that I call cumbersome and ridiculous because it's not even a fix, especially for those working on a local network. Even so you're encourage to read the article and see if you wanna apply it on your PC.
RE: Windows 10 IS Unsafe! - kyonides - 03-14-2020
News Update
Microsoft patches SMBv3 wormable bug
https://www.linuxexperten.com/news/microsoft-patches-smbv3-wormable-bug
MS now provides a fix available as KB4551762, an update for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909.
You know what you gotta do to keep your PC safe.
RE: Windows 10 IS Unsafe! - KDC - 03-14-2020
That didn't take as long as I thought it would to patch up.
RE: Windows 10 IS Unsafe! - kyonides - 07-11-2021
CyberScoop Wrote:That’s the nickname for a bug for a proof-of-concept exploit accidentally published online on June 30. Microsoft on Tuesday issued an emergency update for the critical flaw, which affects all versions of Windows’ Print Spooler that manages interactions between computers and printers. The vulnerability could allow hackers to take over computers remotely.
But on Thursday Microsoft had to fend off claims from researchers that its patch didn’t work.
Previously, the patch had encountered other problems, such as breaking connections to some brands of printers. Microsoft acknowledged that issue, and recommended rolling back the patch to fix it.
Microsoft also faced criticism for initially labeling a similar vulnerability as low-risk in an earlier update.
The bug was bad enough to warrant an alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. It also prompted Microsoft to issue a security update for Windows 7, which the company ended support for back in January of 2020.
It’s not the first time Print Spooler has dealt with wide-spanning vulnerabilities. Last summer, researchers discovered a denial of service vulnerability that affected versions of Windows as old as Windows 2000.
How is it possible that they still let your be vulnerable to attacks targeting that old timer known as the print spooler?
RE: Windows 10 IS Unsafe! - kyonides - 08-18-2021
CyberScoop Wrote:The so-called PrintNightmare vulnerability in Microsoft software is turning into a dream for ransomware gangs.
For the second time this week, security researchers have warned that extortionists exploited the critical flaw in an attempt to lock files and shake down victims. It shows how, more than a month after Microsoft disclosed the bug and urged users to update their software, a new round of exploitation is under way against vulnerable organizations.
A ransomware group dubbed Vice Society recently seized on the PrintNightmare bug to move through an unnamed victim’s network and attempt to steal sensitive data, Talos, Cisco’s threat intelligence unit, said Thursday. A day earlier, cybersecurity firm CrowdStrike said that hackers using another type of ransomware had tried to use PrintNightmare to infect victims in South Korea. Neither Talos nor CrowdStrike named the targeted organizations.
The PrintNightmare vulnerability affects how Windows’ Print Spooler manages interactions between computers and printers. The severity of the vulnerability forced Microsoft to change the default settings on the software to make them more secure. Given how ubiquitous the software is in corporate environments, the remote code execution flaw is a boon for ransomware gangs.
Vice Society, which emerged earlier this year, has previously claimed responsibility for ransomware attacks on school districts and health care systems, including an incident in May that hindered non-urgent care at multiple hospitals in New Zealand. The Magniber ransomware used in the incident flagged by CrowdStrike has been around since 2017 and has typically featured in intrusions in the Asia Pacific.
I wonder if updating the software will be enough to avoid getting targeted by hackers. Let's hope that's the case here.
Even so it truly sounds incredible that companies have not taken care of such vulnerability...
RE: Windows 10 IS Unsafe! - kyonides - 03-15-2023
Quote:Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks.
The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw (CVE-2023-23397, CVSS score: 9.8) and a Windows SmartScreen security feature bypass (CVE-2023-24880, CVSS score: 5.1).
...
A threat actor could leverage this flaw by sending a specially crafted email, activating it automatically when it is retrieved and processed by the Outlook client for Windows. As a result, this could lead to exploitation without requiring any user interaction and before even the message is viewed in the Preview Pane.
Microsoft credited the Computer Emergency Response Team of Ukraine (CERT-UA) with reporting the flaw, adding it is aware of "limited targeted attacks" mounted by a Russia-based threat actor against government, transportation, energy, and military sectors in Europe.
CVE-2023-24880, on the other hand, concerns a security bypass flaw that could be exploited to evade Mark-of-the-Web (MotW) protections when opening untrusted files downloaded from the internet.
...
Other notable mentions include patches for four privilege escalation bugs identified in the Windows Kernel, 10 remote code execution flaws affecting Microsoft PostScript and PCL6 Class Printer Driver, and a WebView2 spoofing vulnerability in the Edge browser.
...
Microsoft also remedied two information disclosure flaws in OneDrive for Android (CVE-2023-24882 and CVE-2023-24923, CVSS scores: 5.5), one spoofing vulnerability in Office for Android (CVE-2023-23391, CVSS score: 5.5), one security bypass bug in OneDrive for iOS (CVE-2023-24890, CVSS score: 4.3), and one privilege escalation issue in OneDrive for macOS (CVE-2023-24930, CVSS score: 7.8).
If you're using Firefox or Thunderbird or even Zoom, please upgrade them ASAP.
|