Every version of Windows hit by 'critical' security vulnerability

Discuss whatever you want here--both QB and non-QB related. Anything from the DEF INT command to the meaning of life!

Moderators: Pete, Mods

User avatar
burger2227
Veteran
Posts: 2188
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Tue Jan 30, 2018 8:08 am

Microsoft issues emergency Windows update to disable Intel’s buggy Spectre fixes
Microsoft has been forced to issue a second out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some systems to spontaneously reboot. Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to “data loss or corruption.”

Intel has been advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing a new software update for Windows 7, Windows 8.1, and Windows 10 systems to disable protection against Spectre variant 2. Microsoft says its own testing has found that this update prevents the reboots that have been occurring.

MICROSOFT’S UPDATE CAN ONLY BE MANUALLY DOWNLOADED RIGHT NOW
Microsoft has issued the update as part of its Windows Update catalog, which means you’ll need to download it manually for now. It’s worth applying it to systems that are experiencing the issues since Intel’s buggy firmware updates. Microsoft is also releasing a new registry key setting for impacted devices, allowing IT admins to manually disable or enable the Spectre variant 2 protections.
Only update if your Windows PC is having problems with Intel's firmware updates!
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : http://www.QB64.NET
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2188
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Fri Feb 23, 2018 9:54 am

Intel did not tell U.S. cyber officials about chip flaws until made public
Alphabet said that security researchers at its Google Project Zero informed chipmakers Intel, Advanced Micro Devices Inc and SoftBank Group Corp-owned ARM Holdings of the problems in June.

It gave the chipmakers 90 days to fix the issues before public disclosing them, standard practice in the cyber security industry intended to give the targets of bugs time to fix them before hackers can take advantage of the flaws.

Alphabet said it left the decision of whether to inform government officials of the security flaws up to the chipmakers, which is its standard practice.
Intel claims it may finally have fixed Spectre flaw
Intel has announced that a stable microcode update is now available for all variants of its Skylake, Kaby Lake and Coffee Lake processors to protect them against the Spectre security flaw.

The latest microcode update is designed to protect all of the chipmaker's latest processors from Spectre variant 2 attacks.

Users with Broadwell and Haswell processors in their machines have still not received a patch to protect them from Spectre and the chipmaker has claimed that microcode updates are currently in the beta stage for Sandy Bridge, Ivy Bridge, Broadwell and Haswell processors.

Patching all of its processors to protect them from Spectre based attacks has already taken Intel quite some time and those running older chips will have to wait longer before their systems are fully patched.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : http://www.QB64.NET
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2188
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Wed Mar 14, 2018 7:37 am

Windows 10 warning: Beware staff planting cryptominers on work systems, says Microsoft
Microsoft says it's seen a huge surge in coin-mining trojans hitting Windows PCs across the world in the past six months and is cautioning businesses not to treat them as a nuisance but as a serious threat.

Between September 2017 and January 2018 on average 644,000 computers become potentially infected with coin-mining malware, according to Microsoft's Windows Defender researchers Alden Pornasdoro, Michael Johnson, and Eric Avena.
Spectre/Meltdown Part Two? Research Firm Audit Reveals Critical Flaws, Backdoors In Four AMD Processors
The Tel Aviv, Israel-based cybersecurity research firm said Tuesday that 13 security flaws and manufacturer backdoors have been discovered in Santa Clara, Calif.-based AMD's latest Epyc, Ryzen, Ryzen Pro and Ryzen Mobile processors. The vulnerabilities affect any consumer or organization purchasing AMD servers, workstations and laptops, according to CTS Labs.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : http://www.QB64.NET
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
burger2227
Veteran
Posts: 2188
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Re: Every version of Windows hit by 'critical' security vulnerability

Post by burger2227 » Thu Mar 29, 2018 7:16 am

Meltdown Patch Opened Bigger Security Hole on Windows 7 64 bit only
This issue affected only 64-bit versions of Windows 7 and Windows Server 2008 R2, Frisk said. We say affected because Microsoft patched the bug by flipping the PML4 permission bit back to its original value in this month's Patch Tuesday.

Windows 7 and Server 2008 R2 users should make sure they installed both the January 2018 and March 2018 Patch Tuesday releases.

Windows 10 or 8.1 systems were never affected or put at risk. Physical access is required to exploit the bug
Both updates must be done to flip the bit properly!

VPN leaks users’ IPs via WebRTC.
The following providers leaks users’ IP:

BolehVPN (USA Only)
ChillGlobal (Chrome and Firefox Plugin)
Glype (Depends on the configuration)
hide-me.org
Hola!VPN
Hola!VPN Chrome Extension
HTTP PROXY navigation in browser that support Web RTC
IBVPN Browser Addon
PHP Proxy
phx.piratebayproxy.co
psiphon3 (not leaking if using L2TP/IP)
SOCKS Proxy on browsers with Web RTC enabled
SumRando Web Proxy
TOR as PROXY on browsers with Web RTC enabled
Windscribe Addons
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : http://www.QB64.NET
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

Post Reply