Old Posted News

Place you can talk about other things not related to autopatcher.
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft’s Killing Another Windows Version Tomorrow

Post by Whatacrock »

Actually two Operating systems go dark on July 14, Windows Server 2003 and Windows XP x64.
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Life After Flash: Remove or Disable Flash from Windows Web Browsers

Post by Whatacrock »

Life After Flash: Remove or Disable Flash from Windows Web Browsers

Multimedia content usually takes up a lot of disk space, especially at good quality. In order to be able to view it online, without having to wait for download or load too much, technologies like Flash got created, but like all good things, it’s reaching an end.

Almost all online media used to rely on Flash, and browsers had to be equipped with the proper plugin for videos and songs to stream. This ended up in a lot of system resources used besides bandwidth, as well as some security issues with recent builds.

People all over the web are trying to figure out whether or not to continue using Flash, since it’s slowly becoming obsolete, and online multimedia apparently lives pretty well without it. This can easily be done by choosing not to install it after deploying Windows, but if it’s already on your computer here’s what you can do to remove it:
Removing Flash from your computer

The first place to look for Flash is through all installed programs on your computer. Here’s where to go and what to look for:

Step 1: Access the Control Panel.

Step 2: Under the Programs section, choose to Uninstall a Program.

Step 3 (optional): Click on the Name header to organize the list alphabetically, so that Flash gets put among the top entries, since it’s from Adobe.

Step 4: Select Adobe Flash Player NPAPI and choose to Uninstall it.

Note: There are three separate plug-ins on which browsers rely, and the NPAPI component only affects Firefox, and a few other desktop third-party applications. Internet Explorer uses an ActiveX plug-in, while Chromium browsers and Opera work with a PPAPI plug-in.

Individual browser management --- can be found on the website http://news.softpedia.com/news/life-aft ... 6722.shtml

In conclusion

Now, we’re not saying that Flash became a useless Internet utility, but you can easily perform all online activities without it. Not only does this prevent Flash-related security issues, but also reduces resource usage, since multimedia content is not automatically loaded when landing on a web page. You can still download Macromedia Flash Player, but if you decide to use it, just make sure to keep it updated and under control.

http://news.softpedia.com/news/life-aft ... 6722.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Life After Flash: Remove or Disable Flash from Windows Web Browsers

Post by Whatacrock »

Alternately you can uninstall Flash Player by using the uninstaller can be found here http://download.macromedia.com/get/flas ... player.exe
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
TheAPGuy
Site Admin
Site Admin
Posts: 979
Joined: Sun Oct 27, 2013 12:38 am
Location: California
Contact:

Re: Microsoft’s Killing Another Windows Version Tomorrow

Post by TheAPGuy »

A Sad day for XP owners. The last XP bastion is going down.
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Java and Flash both vulnerable—again—to new 0-day attacks

Post by Whatacrock »

Java and Flash both vulnerable—again—to new 0-day attacks

Internet users should take renewed caution when using both Adobe Flash and Oracle's Java software framework; over the weekend, three previously unknown critical vulnerabilities that could be used to surreptitiously install malware on end-user computers were revealed in Flash and Java.

The Java vulnerability is significant because attackers are actively exploiting it in an attempt to infect members of NATO, researchers from security firm Trend Micro warned in a blog post published Sunday. They said the attack involves a separate Windows vulnerability indexed as CVE-2012-015, which Microsoft addressed in 2012 in bulletin MS12-027. Oracle developers are working on a fix, the blog post said.

Windows and Android phones may be affected by other leaked exploits.
The two Flash vulnerabilities were unearthed late last week in the 400-gigabyte dump taken from Hacking Team, the Italian spyware developer that was breached eight days ago. The two zero-day flaws, designated CVE-2015-5122 and CVE-2015-5123, are in addition to a separate previously unknown Flash vulnerability found by Hacking Team that Adobe patched on Wednesday. The currently unpatched vulnerabilities reside in the Windows, Mac OS X, and Linux versions of the most recent versions of Flash and allow attackers to remotely execute malicious code.

There's no indication that either of the newly discovered Flash vulnerabilities are being actively exploited, but the published Hacking Team materials give complete technical details and include proof-of-concept attack code. That means it won't be hard for more experienced hackers to quickly fold the attacks into exploit kits that are sold in underground crime forums online. Adobe has issued an advisory stating that the bugs will be patched later this week. Ars is once again advising readers to limit, or if possible completely curtail, use of both Flash and Java, at least until fixes for these three critical bugs are available.

http://arstechnica.com/security/2015/07 ... ava-0-day/
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Java and Flash both vulnerable—again—to new 0-day attacks

Post by Whatacrock »

Hacking Team leak releases potent Flash 0day into the wild.

Researchers sifting through the confidential material stolen from spyware developer Hacking Team have already uncovered a weaponized exploit for a currently unpatched vulnerability in Adobe Flash, and they also may have uncovered attack code targeting Microsoft Windows and a hardened Linux module known as SELinux.

Hacking Team documentation accompanying the Flash exploit said it targeted "the most beautiful Flash bug for the last four years," according to a blog post published Wednesday by researchers from antivirus provider Trend Micro. The use-after-free flaw resides in a Flash Bytearray object. Researchers at competing AV company Symantec have confirmed the existence of a Flash exploit that works against the latest version of Flash (18.0..194). They also have confirmed it works against people viewing content with Internet Explorer, and it's presumed it will work against other browsers as well.

"Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer," they wrote in a blog post published Tuesday. "Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued."

An Adobe spokeswoman said company officials are aware of the finding and expect to release a fix on Wednesday. The officials have no indication the vulnerability is being actively exploited at the moment. The zeroday was one of two Flash exploits Trend Micro researchers reported finding, with the other one targeting a vulnerability cataloged as CVE-2015-0349, which Adobe patched in April. Until a fix is installed, readers should consider disabling Flash, particularly when browsing websites they are unfamiliar with.

Separately, there was a report on Twitter from a well-known exploit broker of a separate zeroday in the Windows kernel. An English translation of a technical analysis of the exploit leaked from Hacking Team, which is available here, indicates the vulnerability is in every version of Windows since Windows XP. The so-called escalation of privileges exploit could be used in combination with another exploit to increase an attacker's access to a targeted machine.

Users on Reddit also reported finding a previously unknown vulnerability in SELinux and cited this Github repository, which appeared to suggest the exploit could be used against Android phones, which incorporate the Linux module. SELinux developers have yet to weigh in on the reports.

The exploits can be used to surreptitiously install Hacking Team surveillance software, or other types of malware, on vulnerable computers with little or no indication anything is amiss. If the exploits leaked from the colossal Hacking Team breach are limited to two or three unpatched vulnerabilities in Flash, Windows, and SELinux, the resulting damage will be much less severe than it might have been. Still, with 400 gigabytes of data to digest, there may yet be other surprises to find.

http://arstechnica.com/security/2015/07 ... -the-wild/
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Microsoft Ends Windows XP Anti-Malware Support

Post by Whatacrock »

Microsoft Ends Windows XP Anti-Malware Support

Microsoft ended Windows XP support on April 8, 2014, but the company decided to offer anti-malware updates for its security apps running on this particular OS version for another year and a half, thus trying to keep users who were yet to upgrade protected until they complete the process.

Today, however, anti-malware support for Windows XP has come to an end too, so Microsoft’s security solutions are no longer getting updates on the 14-year-old operating system.

As a result, if you’re a Windows XP user still running Microsoft Security Essentials, you’re highly recommended to upgrade to a newer Windows version or to install a different security software solution to protect your computer. There are plenty of them still offering support for Windows XP, and the freeware versions of Avast and AVG are two of the best.

In the case of enterprises, this anti-malware support end for Windows XP concerns System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Microsoft Intune.
Windows XP still not secure

Despite the fact that you can still install third-party anti-malware software on Windows XP, Microsoft warns that computers running this particular OS version are still unprotected because of security holes that are no longer patched.

“While the anti-malware updates enable the ability to detect and block certain malware on Windows XP PCs, it is important to note that since the underlying vulnerability in the Windows XP operating system will not be patched with a new security update, a new strain of malware attacking the same vulnerability may not be detected in the future and may be able to infect the PC,” Microsoft says.

Windows XP still has a market share of approximately 10 percent, according to third-party data, despite the fact that it hasn’t receive a single update in the last 12 months.

Microsoft hopes that Windows 10 would help reduce Windows XP’s market share, but obviously, users still running this particular OS version would also need hardware upgrades to get a better experience in the new operating system.

http://news.softpedia.com/news/microsof ... 6848.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Microsoft Patches Windows Zero-Day Security Flaw Found in Hacking Team Leak

Post by Whatacrock »

Microsoft Patches Windows Zero-Day Security Flaw Found in Hacking Team Leak

Microsoft has just released and out-of-band security patch for Windows that’s supposed to fix a critical flaw in the operating system which could allow remote code execution and expose user data.

According to the security bulletin page updated today, MS15-078 is now being shipped to computers running absolutely any Windows version, starting with Vista and ending with Windows 8.1 and Windows RT 8.1. Windows 10 users running preview builds are protected, as Microsoft has apparently already patched the hole silently

Microsoft says there’s a problem in the font driver that could allow remote code execution, which basically means that attackers can get the same privileges as the logged in user. In other words, the attacker can do the same thing as you can on your computer, so if you’re administrator, imagine what could happen.
Hacking Team leak

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,” Microsoft explains.

The patch is delivered via Windows Update and since it’s rated as critical, everyone is highly recommended to install it as soon as possible to make sure that their computers are protected.

The zero-day flaw was found in the Hacking Team leak and one of the reasons Microsoft rushed to fix it is the imminent launch of Windows 10 taking place next week, when a significant number of users are expected to benefit from the free upgrade to the new OS from their Windows 7 or 8.1 PCs.

Until you get to patch all your computers in organizations, make sure that users avoid opening suspicious documents containing malformed OpenType fonts. As a general recommendation, it’s better to avoid clicking on links and documents coming from unknown sources, especially if your computer is not up-to-date and you’re not running antivirus software.


http://news.softpedia.com/news/microsof ... 7397.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Zero-Day Flaws Found in Internet Explorer, Everyone Advised to Stop Using the Browser

Post by Whatacrock »

Zero-Day Flaws Found in Internet Explorer, Everyone Advised to Stop Using the Browser

Internet Explorer will soon become the second option in Windows 10, but Microsoft is still struggling to keep it secure and patch all found vulnerabilities as fast as possible to make sure that users are perfectly secure.

But it turns out that this time the company hasn’t moved fast enough, as HP’s Zero-Day Initiative (ZDI) has just published four critical zero-day vulnerabilities (ZDI-15-359, 360, 361 and 362) it found in Internet Explorer after the 120-day policy was reached.

HP’s ZDI has a policy that stipulates that vendors who are informed about the found vulnerabilities are given 120 days to fix the flaws. If they fail to do so, the zero-days are posted online.

According to the information ZDI provided today, all vulnerabilities allow for remote code execution and attackers could get the same privileges as the logged-in users.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit these vulnerabilities,” ZDI says in an advisory.
“Refrain from using the browser”

What’s very important to know is that attackers need to convince you to click a malicious link, so unless you do that, you are perfectly secure. In some cases, however, they could turn to scripts and other tricks to make you click the link, so that’s why some security experts recommend you to stop using Internet Explorer for a while until Microsoft fixes this.

“It is unlikely that exploit code exists at the moment and difficult to reverse engineer the vulnerabilities as details are sparse. There is not much you can do at the moment, except refrain from using Internet Explorer,” Wolfgang Kandek, CTO of Qualys, said in a statement.

Internet Explorer is also available in Windows 10, which launches next week, so expect another out-of-band patch released by Microsoft in the coming days.

http://news.softpedia.com/news/zero-day ... 7592.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Row Hammer DRAM Bug Now Exploitable via JavaScript, Most DDR3 Memory Chips Vulnerable

Post by Whatacrock »

Row Hammer DRAM Bug Now Exploitable via JavaScript, Most DDR3 Memory Chips Vulnerable

In March, security researchers have published a report detailing a problem with some memory chips which can be exploited to give attackers access to any computer using the latest DDR3 DRAM chips.

The exploit was named Row Hammer (also spelled Rowhammer) and works by constantly hammering a row of memory cells until they create an electromagnetic interference for the adjacent rows, causing them to lose data and alter normal operation.

While the original research showed how this type of attack was only possible from the local machine, which implied that the computer needed to be infected first, a new research by Daniel Gruss, Clémentine Maurice, and Stefan Mangard from universities in France and Austria, show how Row Hammer can be actively exploited via JavaScript (as Slate reports).

This means an attacker can simply put his exploit code in a JavaScript file and wait for random users to access a Web page and download the file.
Row Hammer can be launched from any website

The three researchers used Rowhammer.js to test out their theory and observed that the "attack runs in [a] sandboxed JavaScript which is present and enabled by default in every modern browser."

"Although implemented in JavaScript, the attack technique is independent of the specific CPU microarchitecture, programming language and runtime environment, as long as the stream of memory accesses is executed fast enough," security researchers conclude.

As with the original Row Hammer bug, the JavaScript-version of this exploit is unpatchable at a software level, and a general BIOS update would be needed to fix it.

Researchers did say that slowing down the speed at which JavaScript is being executed in the browser could diminish the memory cell row hammering effect, but this recommendation will never be heeded by any browser manufacturer, all being obsessed with their JS runtime benchmarks and trying to out-do their competition.

As the three researchers also point out, "Rowhammer.js is the first remote software-induced hardware-fault attack" which would make it a real problem if the Row Hammer bug wouldn't be so hard to implement and control.


http://news.softpedia.com/news/row-hamm ... _hotlatest
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
Post Reply