Every version of Windows hit by 'critical' security vulnerability

Discuss whatever you want here--both QB and non-QB related. Anything from the DEF INT command to the meaning of life!

Moderators: Pete, Mods

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Tue Jan 30, 2018 8:08 am

Microsoft issues emergency Windows update to disable Intel’s buggy Spectre fixes
Microsoft has been forced to issue a second out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some systems to spontaneously reboot. Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to “data loss or corruption.”

Intel has been advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing a new software update for Windows 7, Windows 8.1, and Windows 10 systems to disable protection against Spectre variant 2. Microsoft says its own testing has found that this update prevents the reboots that have been occurring.

MICROSOFT’S UPDATE CAN ONLY BE MANUALLY DOWNLOADED RIGHT NOW
Microsoft has issued the update as part of its Windows Update catalog, which means you’ll need to download it manually for now. It’s worth applying it to systems that are experiencing the issues since Intel’s buggy firmware updates. Microsoft is also releasing a new registry key setting for impacted devices, allowing IT admins to manually disable or enable the Spectre variant 2 protections.
Only update if your Windows PC is having problems with Intel's firmware updates!
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Fri Feb 23, 2018 9:54 am

Intel did not tell U.S. cyber officials about chip flaws until made public
Alphabet said that security researchers at its Google Project Zero informed chipmakers Intel, Advanced Micro Devices Inc and SoftBank Group Corp-owned ARM Holdings of the problems in June.

It gave the chipmakers 90 days to fix the issues before public disclosing them, standard practice in the cyber security industry intended to give the targets of bugs time to fix them before hackers can take advantage of the flaws.

Alphabet said it left the decision of whether to inform government officials of the security flaws up to the chipmakers, which is its standard practice.
Intel claims it may finally have fixed Spectre flaw
Intel has announced that a stable microcode update is now available for all variants of its Skylake, Kaby Lake and Coffee Lake processors to protect them against the Spectre security flaw.

The latest microcode update is designed to protect all of the chipmaker's latest processors from Spectre variant 2 attacks.

Users with Broadwell and Haswell processors in their machines have still not received a patch to protect them from Spectre and the chipmaker has claimed that microcode updates are currently in the beta stage for Sandy Bridge, Ivy Bridge, Broadwell and Haswell processors.

Patching all of its processors to protect them from Spectre based attacks has already taken Intel quite some time and those running older chips will have to wait longer before their systems are fully patched.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Wed Mar 14, 2018 7:37 am

Windows 10 warning: Beware staff planting cryptominers on work systems, says Microsoft
Microsoft says it's seen a huge surge in coin-mining trojans hitting Windows PCs across the world in the past six months and is cautioning businesses not to treat them as a nuisance but as a serious threat.

Between September 2017 and January 2018 on average 644,000 computers become potentially infected with coin-mining malware, according to Microsoft's Windows Defender researchers Alden Pornasdoro, Michael Johnson, and Eric Avena.
Spectre/Meltdown Part Two? Research Firm Audit Reveals Critical Flaws, Backdoors In Four AMD Processors
The Tel Aviv, Israel-based cybersecurity research firm said Tuesday that 13 security flaws and manufacturer backdoors have been discovered in Santa Clara, Calif.-based AMD's latest Epyc, Ryzen, Ryzen Pro and Ryzen Mobile processors. The vulnerabilities affect any consumer or organization purchasing AMD servers, workstations and laptops, according to CTS Labs.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Thu Mar 29, 2018 7:16 am

Meltdown Patch Opened Bigger Security Hole on Windows 7 64 bit only
This issue affected only 64-bit versions of Windows 7 and Windows Server 2008 R2, Frisk said. We say affected because Microsoft patched the bug by flipping the PML4 permission bit back to its original value in this month's Patch Tuesday.

Windows 7 and Server 2008 R2 users should make sure they installed both the January 2018 and March 2018 Patch Tuesday releases.

Windows 10 or 8.1 systems were never affected or put at risk. Physical access is required to exploit the bug
Both updates must be done to flip the bit properly!

That Microsoft's patch for CVE-2018-1038 can be found here.


VPN leaks users’ IPs via WebRTC.
The following providers leaks users’ IP:

BolehVPN (USA Only)
ChillGlobal (Chrome and Firefox Plugin)
Glype (Depends on the configuration)
hide-me.org
Hola!VPN
Hola!VPN Chrome Extension
HTTP PROXY navigation in browser that support Web RTC
IBVPN Browser Addon
PHP Proxy
phx.piratebayproxy.co
psiphon3 (not leaking if using L2TP/IP)
SOCKS Proxy on browsers with Web RTC enabled
SumRando Web Proxy
TOR as PROXY on browsers with Web RTC enabled
Windscribe Addons
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Tue Apr 24, 2018 8:19 am

Microsoft is urged to rush out a patch for a bug in Internet Explorer that's used in attacks.
We asked Microsoft for a response to the IE Zero Day attacks. Microsoft's answer didn't really give much away:

Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Mon May 21, 2018 6:48 am

Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets
"These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," he notes.

"This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM. Additionally, since we demonstrate that the speculative memory access occurs from the context of SMM, this could be used to reveal other secrets in memory as well."
Google and Microsoft disclose new CPU flaw, and the fix can slow machines down
Microsoft and Google are jointly disclosing a new CPU security vulnerability that’s similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says “these mitigations are also applicable to variant 4 and available for consumers to use today.

However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.

If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” explains Leslie Culbertson, Intel’s security chief.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Tue Jun 12, 2018 5:32 am

Microsoft Answers staff will no longer provide technical support for older Microsoft Products
The change will take into effect on July 2018, and Microsoft Staff will no longer proactively review, monitor, or answer questions for a certain subset of old Microsoft products (seen below). Microsoft Staff, however, will still be present in these parts of the Answers forum and will instead moderate and ensure a safe and positive environment. Support for the following products is being discontinued across various forums in the Microsoft Answers community.

Windows 7, 8.1, 8.1 RT
Microsoft Security Essentials
Internet Explorer 10
Office 2010, 2013
Surface Pro, Surface Pro 2, Surface RT, Surface 2
Microsoft Band – this topic will be locked. Users are invited to participate in Microsoft Band 2 topic.
Mobile devices forum – Microsoft support will continue in “Other Windows mobile devices” topic
Zune – this topic will be locked, but will remain available for browsing
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Wed Jul 04, 2018 8:08 am

New malware highjacks your Windows clipboard to change crypto addresses
In what amounts to be an amazingly nefarious bit of malware, hackers have created an exploit that watches 2.3 million high-value crypto wallets and replaces the addresses in the Windows clipboard with an address associated with the hackers. In other words, you could paste your own wallet address – 3BYpmdzASG7S6WrpmrnzJCX3y8kduF6Kmc, for example – and the malware would subtly (or unsubtly) change it to its own private wallet. Because it happens in the clipboard most people wouldn’t notice the change between copying and pasting.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Thu Sep 06, 2018 7:57 am

Windows Task Scheduler Zero Day Exploited by Malware
The vulnerability affects Windows versions 7 through 10 and can be used by an attacker to escalate their privileges to all-access SYSTEM account level.

Microsoft did not patch the ALPC bug to this day, but it is expected to release a fix in its monthly security updates, on September 11.

Some mitigation is possible without Microsoft's help, though the company did not approve it. A solution provided by Karsten Nilsen blocks the exploit and allows scheduled tasks to run, but it may break things created by the legacy Task Scheduler interface.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

dimkad
Newbie
Posts: 1
Joined: Fri Oct 12, 2018 4:50 am

Re: Every version of Windows hit by 'critical' security vulnerability

Post by dimkad » Fri Oct 12, 2018 4:54 am

Thanks, very useful
Everything is cool :D

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Fri Dec 21, 2018 7:04 am

Microsoft issues emergency update to fix critical IE flaw under active exploit
Microsoft has issued an emergency update that fixes a critical Internet Explorer vulnerability that attackers are actively exploiting on the Internet.

The memory-corruption flaw allows attackers to remotely execute malicious code when computers use IE to visit a booby-trapped website, Microsoft said Wednesday. Indexed as CVE-2018-8653, the flaw affects all supported versions of Windows. The vulnerability involves the way Microsoft's scripting engine handles objects in memory in Internet Explorer.
Microsoft wants AI to predict if your Windows PCs will get malware
Microsoft has launched a new $25,000 malware challenge for data scientists on the Google-owned Kaggle crowdsourcing site to develop an algorithm that can predict what types of Windows PCs are most likely to be soon infected with malware.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Tue Mar 05, 2019 8:51 am

Windows Exploit Suggester Lists Known Exploits for Your Windows Install
This program works by comparing a Windows SystemInfo report with a downloaded CSV file of known vulnerabilities and their associated security updates. Using this data, Windows Exploit Suggester will display a report showing all of the unpatched vulnerabilities found on the computer and their respective CVE IDs, Microsoft knowledge base article numbers, and a link to any known exploits for that vulnerability.

According to the projects description, every version of Windows between Windows XP and Windows 10, including the Windows Server counterparts, is supported.
InSpectre 0.6675.8 checks system for Meltdown and Spectre protection
This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Wed May 15, 2019 9:19 am

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
The vulnerability (CVE-2019-0708) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.

Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is trying to head off a serious and imminent threat.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Fri Jun 14, 2019 12:49 pm

Microsoft's June 2019 updates have created a bug in the Event Viewer tool in all supported versions of Windows.
The problem may occur for anyone who installed cumulative updates, monthly rollups, and security-only updates released on June 11.

Microsoft has now offered a workaround to the problem, but is planning on rolling out a proper fix in late June, according to a support note.

The issue affects all versions of Windows, from Windows 10 version 1903 through to Windows 7, and corresponding versions of Windows Server.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Mon Jun 24, 2019 8:41 am

Millions of Dell and other PCs using Support Assist Vulnerable to Attack: Patch Now
In Dell machines, the software is called SupportAssist. It's made by PC-Doctor, a maker of hardware-diagnostics software that licenses its software to other electronic-device makers.

The SafeBreach researchers said PC-Doctor refused to give them a list of its other clients, but the PC-Doctor website states that "leading manufacturers have installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide."

Dell and PC-Doctor have pushed out a firmware update that fixes this issue, which you can install following the instructions on Dell's support page for the SupportAssist flaw. However, you might have to wait for more information regarding devices made by other licensees of PC-Doctor software.

"More than 90% of customers to date have received the update, released on May 28, 2019, and are no longer at risk. Dell SupportAssist updates automatically if automatic updates are enabled, and most customers have automatic updates turned on."
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Fri Aug 16, 2019 9:06 am

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches
Sometime in the past few hours, Microsoft posted official warnings about an 'invalid procedure call error' associated with August patches for all versions of Windows, from Win7 onward, and encompassing all flavors of Visual Basic. Who’s testing this stuff?
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2344
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Tue Aug 27, 2019 7:59 am

All Windows users should update immediately as ‘Complete Control’ hack is confirmed
Overall, these detection techniques apply for organizations and for personal/home users, the best thing to do right now is to update every piece of software to make sure it’s running on the latest version. This includes Windows drivers, 3rd party softwares and even Windows Updates. Most importantly, don’t download or open any suspicious email or install any 3rd party software from an unknown vendor.
Microsoft is offering a Windows 7 extended security update to some users
Microsoft announced last September that it would offer, for a fee, continuing security updates for Windows 7 to businesses through January 2023. Microsoft will no longer provide free Windows 7 security updates after January 14, 2020.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

Post Reply