Old Posted News

Place you can talk about other things not related to autopatcher.
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Windows Security Flaw Allows Hackers to Steal Your Usernames

Post by Whatacrock »

Windows Security Flaw Allows Hackers to Steal Your Usernames and Passwords

All Windows versions appear to be affected by this flaw

A security flaw uncovered by Cylance allows hackers to steal usernames and passwords from computers running any Windows version currently on the market, including the Windows 10 Technical Preview that’s technically not available for consumers right now.

In a blog post detailing the issue, Cylance writes that not only Microsoft’s applications are affected but also software developed by 30 other companies, including Symantec, Adobe, and Apple.

The exploit is possible with the help of a malicious link that the attacker is sending to the victim. Once the link is loaded on a vulnerable computer, authentication is performed without any prompt, so cybercriminals get users’ login credentials without any warning.

The security firm calls this method “redirect to SMB” and describes it as a way “for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password.”
Several Microsoft apps affected

Right now, the vulnerability list includes several Microsoft applications, among which Internet Explorer and Windows Media Player.

Redmond has already confirmed the flaw, but the company is yet to provide a fix that would keep users secure. It has, however, mentioned that computers running Extended Protection for Authentication are fully protected.

As a general word of advice for end users, it’s better to avoid clicking suspicious links coming from unknown sources, at least until Microsoft patches the flaw. Running up-to-date antivirus software could also help, but just like Microsoft says, this flaw cannot be exploited without the user knowingly clicking a link, so if you keep yourself on the safe side, there’s no chance to get exploited.

Windows XP users, beware! Microsoft won’t release a patch for this particular operating system, so if you’re still running it, your PCs has just become vulnerable forever.

http://news.softpedia.com/news/Windows- ... 8303.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Windows Security Flaw Allows Hackers to Steal Your Usern

Post by Whatacrock »

Microsoft Confirms Windows Flaw, Says Users Are Responsible for Their Security

Today security company Cylance has revealed a security flaw affecting all Windows versions, confirming that pretty much every single edition of the desktop operating system is affected by a vulnerability that could expose usernames and passwords on a PC.

In a statement provided by Microsoft and attributed to a company spokesperson, Redmond confirms the flaw but says that it's not necessarily a new kind of attack, but mostly an old technique that involves users and lures them into clicking malicious links.

Indeed, Cylance said in its original report that users would have to click a malicious link sent by the attacker in order to have their computers exploited, but it explained that usernames and passwords would be stolen after authentication is performed in the background without any other prompt displayed to users.

Microsoft, on the other hand, says that users are at the core of this exploit and explains that, without their input, no such vulnerability would be possible. The software giant, however, hasn't provided any information on a possible patch to address the flaw, but this is expected to be launched next month as part of the Patch Tuesday rollout.

“We don't agree with Cylance's claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics. However, several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they don't recognize or visiting unsecure sites,” a company spokesperson said.
How to block exploits

While there are some other more advanced techniques to block the flaw, Microsoft provides some basic recommendations to those who'd like to make sure that no exploit is possible until a patch arrives.

As we told you earlier today, it's recommended to avoid clicking on suspicious links coming from unknown sources, and Microsoft says that this is pretty much the most effective way to avoid getting hacked. Even with up-to-date antivirus software, visiting malicious links could still get you exploited, so just don't click on anything that seems suspicious.

This month's Patch Tuesday updates will ship later today, but a fix for this issue is unlikely to be provided, so expect one in May.

http://news.softpedia.com/news/Microsof ... 8349.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Microsoft Fixes Internet Explorer One More Time

Post by Whatacrock »

Microsoft Fixes Internet Explorer One More Time Before Its Public Demise

Microsoft released this month's Patch Tuesday updates this morning, and among the 11 fixes that the company shipped to Windows users, there's also one supposed to fix a critical vulnerability in Internet Explorer.

Absolutely all versions of Internet Explorer are affected, starting with the old Internet Explorer 6 that was bundled into Windows XP at launch, and ending with Internet Explorer 11 that's now available on Windows 8.1 as the default browser and in Windows 10 Technical Preview until the new Spartan browser becomes available.

Interestingly, Internet Explorer will be replaced with Spartan browser in Windows 10 when the new operating system becomes available, but this doesn't necessarily mean that the app will be discontinued once Spartan makes its official debut.

Microsoft has already confirmed that no other updates will be released for Internet Explorer, and the same version that's currently available in Windows 8.1 won't get any new features, but security updates and patches will still be released.
It could allow remote code execution

According to Microsoft itself, a successful exploit would allow an attacker to get the same privileges as the logged-in user, so if an administrator account is hacked, the cybercriminal could get remote code execution rights and compromise the entire system.

This is only possible if the user loads a malicious webpage, the company explained, so if you stay away from suspicious links, you should be safe. Needless to say, deploying the update would be a much smarter way to deal with this vulnerability, but keep in mind that opening links that come from unknown people is not recommended no matter if your system is fully patched or not.

In the meantime, those who want to give a try to Spartan browser, Internet Explorer's replacement in Windows 10, can download the technical preview available as part of the Windows Insider program. Yet, keep in mind that Spartan is still in development right now, and a lot could change until the final version of the browser becomes available.

http://news.softpedia.com/news/Microsof ... 8438.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Windows Users Being Offered the Same Updates Over and Over

Post by Whatacrock »

Windows Users Being Offered the Same Updates Over and Over Again

It’s not a secret that quite a lot of users out there are experiencing issues with the updates that Microsoft rolls out on Patch Tuesday, but this time it’s not necessarily about botched bulletins, but mostly about some that are being offered over and over again.

Complaints published on Microsoft’s support forums reveal that several updates are repeatedly offered to certain computers after failing to install and, sometimes, even after getting installed successfully.

Right now, it appears that KB3004375 and KB3031432 are two of the patches experiencing this behavior, and while Microsoft hasn’t provided any possible fix for this issue, some more experienced users who took to the company’s forums claim that hiding the updates is pretty much the only option.
First reported in February, still happening in April

The issue was first reported by users who posted on Microsoft’s community forums in February, but in the beginning, it was believed that it wasn’t a widespread issues and only a few computers were experiencing it on both Windows 7 and Windows 8.

And yet, it appears that, after this month’s Patch Tuesday rollout, more users are seeing the same behavior, which is obviously troublesome for many IT administrators who need to install the very latest patches on their computers and thus keep them secure.

Here’s the post of a user getting the same error after installing the April 2015 patches:

“I am having the same problem. I have been repeatedly offered the 2 security updates, KB3004375 and KB3031432, and they have not installed successfully. The most recent occurrence of this was after I updated my Windows 7 x64 today with the Microsoft Updates (4/14/2015). The updates installed correctly but when I manually checked for Windows Updates, KB3004375 and KB3031432 reappeared. I don't think that they they are actually being installed because they have never showed up in Installed Updates.”

Right now, there’s no workaround available, but we’ve contacted the company for more information on this and will update the post when we get an answer.

http://news.softpedia.com/news/Windows- ... 8418.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Microsoft Finally Takes Down Pirated Windows 2000 Source

Post by Whatacrock »

Microsoft Finally Takes Down Pirated Windows 2000 Source Code After 11 Years

Microsoft has finally managed to take the pirated Windows 2000 and Windows NT 4.0 source code offline, no less than 11 years after it first got leaked to the web.

The Redmond-based software giant submitted a DMCA takedown request to GitHub, the developer platform that was still hosting the source code since 2011, and although some copies are still likely to exist in some private communities, it's clearly a lot harder to find it right now.

The Windows 2000 and NT 4.0 source code first got leaked in February 2004, and Microsoft confirmed at that time that it wasn't "the result of any breach of Microsoft's corporate network or internal security," trying to work with the FBI to take down links and find the ones responsible for the leak.

It took years for Microsoft to get in touch with all websites hosting the source code, and after more than one decade, the company still hasn't managed to take it offline for good.

But with today's GitHub takedown request, it's believed that finding the original source code would be a lot harder, especially because most private communities require registration and most often block the access of search engines for indexing their files.
Why Microsoft wanted the source code offline

There's no doubt that getting the Windows 2000 and NT 4.0 source code means nothing for Microsoft right now, as the company managed to patch most of the vulnerabilities found in the last decade and it has already switched to modern operating systems and is only supporting them exclusively.

But as TorrentFreak writes, it's most likely an attempt for Microsoft to protect its own goods, especially because Redmond has always tried to prevent illegal copies of its software from reaching the web.

This time, it's hard to believe that anyone would be interested in downloading the source code for anything else besides curiosity, but with a little effort, you can still find it if you know where to look.

http://news.softpedia.com/news/Microsof ... 8432.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Microsoft Disables SSL 3.0 in Internet Explorer

Post by Whatacrock »

Microsoft Disables SSL 3.0 in Internet Explorer to Kill POODLE Once and for All

As promised in February, Microsoft disabled SSL 3.0 in Internet Explorer with this month’s Patch Tuesday updates, thus squashing the POODLE bug found in late 2014 once and for all.

Microsoft is the latest big company that proceeds to turn off SSL 3.0 in its browser, as Mozilla and Google have already taken similar measures to protect their users.

The POODLE bug, which could be used to exploit vulnerabilities in SSL 3.0 and the HTTPS connection between browsers and web servers, could be fixed by simply disabling support for this protocol altogether, and Microsoft promised to do so since December.

The company, however, had to do this gradually, so in February it disabled insecure fallback to SSL 3.0 in Internet Explorer 11 for Protected Mode sites, but starting this month, the browser no longer uses this protocol unless the IT administrator specifically requires it to do so.

“Today we’re releasing an update that disables SSL 3.0 by default in Internet Explorer 11. Enterprise customers can choose to enable SSL 3.0 for compatibility with their web applications, however we strongly recommend instead that they update their web servers and web applications to use latest security protocols such as TLS 1.2,” Microsoft said in a post today.
Other security updates for Internet Explorer

In addition to these security improvements, Microsoft also released a patch to address multiple vulnerabilities in the browser that the company says could be used by an attacker to get remote code execution rights on a vulnerable machine.

Redmond shipped the patch through Windows Update for all Internet Explorer versions, so in case you haven’t installed it yet, you’d better do it as soon as possible because this is the only way to remain secure when browsing the web and coming across malicious websites.

A new Flash version is also available for Internet Explorer users, so make sure you deploy this one too, just to be on the safe side when browsing the web and loading Flash content.

http://news.softpedia.com/news/Microsof ... 8447.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Non Security Updates Tuesday 21, 2015

Post by Whatacrock »

Non Security Updates Tuesday 21, 2015

Was double checking that I had included all updates for the Operating Systems for April when I noticed new listing for updates to be released on Tuesday April 21. It would appear that Microsoft in all it's wisdom has changed strategies at this time. "If it doesn't rain, it pours" and so giving notice that users of Windows 7 and Windows 8.1 be prepared for an update to the respective releases.

Here is the intended list of updates:
► Show Spoiler
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Microsoft Details Windows 10 Upgrade Patches for Windows 7

Post by Whatacrock »

Microsoft Details Windows 10 Upgrade Patches for Windows 7 and 8.1

A few weeks ago, we came across an update that was supposedly installing on Windows 7 and 8.1 computers to prepare them for the upgrade to Windows 10, and at that time, it all seemed to be a way to nag users and more or less “force” them to switch to the new OS.

While Microsoft hasn’t said anything about KB3035583, the update that has often been referred to as a “Windows 10 downloader,” the company has revealed that there are two more patches that make sure that your computer is ready for the new OS.

KB2990214 for Windows 7 and KB3044374 for Windows 8.1 are both being shipped to users starting this month, and according to information provided by a company employee, you have no other option than to install them.
“Don’t think you can skip it”

joscon, who claims to be a Microsoft engineer, said in a post on TechNet that both updates are supposed to bring a number of improvements for Windows Update, so even if you don’t plan to switch to Windows 10, you still need them. So skipping them is not an option. Here’s his statement in full, but emphasis is ours:

“As you can tell from the KB article titles, these WU clients are used as part of the Windows 10 upgrade scenarios which will go live at release but are still used for down-level operating systems as the ‘regular’ Windows Update client. This update is applicable to your systems even if you're not planning to migrate to Windows 10, so don't think you can skip it. It rolls out today as an Important class release.”

These updates are being shipped to users who are running Windows 7 Service Pack 1 and Windows 8.1, as well as their server variants, the Microsoft engineer added.

And if you don’t want to install Windows 10, Microsoft is shipping them to all PCs because there are people who actually want that, so in case you change your mind at some point, your computer will be fully prepared for the new operating system.

http://news.softpedia.com/news/Microsof ... 8663.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft Details Windows 10 Upgrade Patches for Windows

Post by Whatacrock »

It sounds like Microsoft are going to hold a gun to our head to upgrade to Windows 10, well definitely not this little black duck!!

Hope there will be some enterprising gentlemen out there who will create ways to block the nags etc

And why don't Microsoft release a version that does NOT the apps store and associated crap, Windows 8 is an eyesore with the junk.. whinge time over..
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Non Security Updates Tuesday 21, 2015

Post by Whatacrock »

Microsoft to Launch 34 Windows Updates Tomorrow

They are not part of Patch Tuesday, don’t include security fixes, and are flagged as optional updates on all systems.

Microsoft rolled out this month’s Patch Tuesday updates last week, but the company is now gearing up for another important rollout that’s scheduled to go live tomorrow.

This time, Microsoft will be rolling out a total of 34 non-security updates for Windows, most of which would resolve issues with the operating system, improve performance and reliability.

But as Woody Leonhard of Infoworld points out today, some of the updates scheduled to launch tomorrow are expected to bring some very important fixes for Windows users, including a few that are developed to address problems with Wi-Fi connections.

Old updates being re-issued

Microsoft hasn’t provided a reason for this, but it appears that the company has started re-issuing old updates these days, most likely with few improvements, to address problems that it has recently found in desktop operating systems.

For example, KB3033446, which is actually one of the patches scheduled to launch tomorrow, was first rolled out on March 10 as part of the Patch Tuesday release and addresses “Wi-Fi connectivity issues or poor performance on CHT platform computers in Windows 8.1.”

KB3037924 and KB3038002 were both released on March 10 as well and come to fix an error blocking you from creating system image backup to Blu-ray media in Windows and to work with UHS-3 cards on a Surface tablet, respectively.

As usual, IT administrators must prepare for this new batch of updates and it’s worth knowing that some might require a reboot, so saving your work should be on tomorrow’s agenda in order to get this new install right.

Microsoft hasn’t released a public statement to announce this new rollout, but Windows 7, Windows 8.1, Window RT 8.1, Windows 8 and Windows RT are all among the operating systems that will get patched tomorrow. Keep in mind that all these updates will be offered as optional, so you won’t be forced to install them when they become available. You’re still recommended to do it, though.

http://news.softpedia.com/news/Microsof ... 8842.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
Post Reply