Jump to content
Sign in to follow this  
peteyt

Global virus fear prompts update for old Windows

Recommended Posts

Saw this on BBC news about a flaw that apparently was so bad Microsoft has released fixes for XP and some other unsupported versions. Couldn't see Vista but Windows 10 is not affected.

 

https://www.bbc.co.uk/news/technology-48295227

 

Am I the only one thinking this is a wrong move? Like the Wannacry fix, people who are still using XP could be just persumming next time there is an issue like this they will patch it. XP is so out of date now no matter how many fixes they release it will still be insecure. I can imagine the kind that refuse to update are the people who would complain when something did happen. I'd rather myself Microsoft just left it but I suppose some businesses still also use it with software that won't work on modern OS's and too expensive to get it sorted.

 

People may complain about Windows 10 but security wise it's far better than windows used to be.

Share this post


Link to post
Share on other sites

Microsoft extended support for XP embedded versions just ended on 4/9/2019.  I assume that was one factor.

Also "in a blast from the past" when MS introduced Win 7, they offered a downgrade option from devices with Win 7 installed to XP for a limited time. This in effect extended XP support on those devices to the end-of-life date for Win 7; i.e. Jan., 2020. The requirement for this was:

Quote

The downgrade rights are available only from OEM copies of Windows 7, those that are pre-installed by computer

https://www.computerworld.com/article/2519032/microsoft-extends-windows-xp-downgrade-rights-until-2020.html

So technically speaking, Win XP is still support abet in a limited scope.

Share this post


Link to post
Share on other sites

But even though that it's on limited support , I do believe it's a bit risky to use Windows XP for any kind of usage.

Share this post


Link to post
Share on other sites
2 hours ago, peteyt said:

Couldn't see Vista but Windows 10 is not affected.

All Windows versions through Win 7 are affected. Also older Win Server OS versions.

Share this post


Link to post
Share on other sites
2 minutes ago, Rami said:

I do believe it's a bit risky to use Windows XP for any kind of usage.

So is using Win 7 as far as I am concerned.

Share this post


Link to post
Share on other sites
2 hours ago, itman said:

So is using Win 7 as far as I am concerned.

Definitely. I understand some of the privacy aspects put people off. Its not something I'm knowledgeable about but I remember complaints about Cortana and location with people complaining about MS knowing this information but many seemed to use Siri which is just the same. Many people seem to want something that can basically know the user and give recommendations based on the user without giving information

Share this post


Link to post
Share on other sites
12 hours ago, peteyt said:

Definitely. I understand some of the privacy aspects put people off. Its not something I'm knowledgeable about but I remember complaints about Cortana and location with people complaining about MS knowing this information but many seemed to use Siri which is just the same. Many people seem to want something that can basically know the user and give recommendations based on the user without giving information

Switch to Linux if you can , you won't regret it :D

But even in Windows 10 , you can disable all of the Cortana features and also the location and so on.

Share this post


Link to post
Share on other sites
32 minutes ago, Rami said:

Switch to Linux if you can , you won't regret it :D

But even in Windows 10 , you can disable all of the Cortana features and also the location and so on.

I do want to look into Linux one day. I know its gotten better but I've heard you need to know a lot of commands and drivers can be a pain 

Share this post


Link to post
Share on other sites
Posted (edited)

The Win Server versions vulnerable to this are noted below. The question is how many Eset installations have applied it? And it is a Remote Desktop Services vulnerability:

Quote

Microsoft has released patches for Windows 7 and Windows Server 2008, along with Windows XP and Windows Server 2003, which are no longer supported. Windows 8 and Windows 10 are not affected. Users of Windows 7 and Server 2008 can block unauthenticated attackers from exploiting the flaw by enabling Network Level Authentication (NLA). The threat can also be mitigated by blocking TCP port 3389 at the perimeter firewall.

https://www.securityweek.com/wormable-windows-rds-vulnerability-poses-serious-risk-ics

Edited by itman

Share this post


Link to post
Share on other sites
22 hours ago, itman said:

The Win Server versions vulnerable to this are noted below. The question is how many Eset installations have applied it? And it is a Remote Desktop Services vulnerability:

https://www.securityweek.com/wormable-windows-rds-vulnerability-poses-serious-risk-ics

Off topic slightly what is the best and easiest way to prevent windows telemetry and do you think this should be something security programs should try to prevent/block or is it beyond what they should do? 

Share this post


Link to post
Share on other sites
1 hour ago, peteyt said:

Off topic slightly what is the best and easiest way to prevent windows telemetry and do you think this should be something security programs should try to prevent/block or is it beyond what they should do? 

Win 10 is the main OS that introduced OS telemetry on a level previously unheard of. As far as Win telemetry goes, some of the concerns are  well founded whereas others boarder on paranoia.

Microsoft designed Win 10 to "be chatty" that is, to provide constant feedback to its monitoring servers. "It's the nature of the animal" so to speak and nothing is going to change that abet direct government intervention against Microsoft. As far as security software getting involved with this, it is frankly out of the scope of what they were designed for. The assumption here is whatever Microsoft is doing telemetry wise is per se legit activity. At least whatever they are doing isn't malicious in intent.

Whereas it is possible to "harness" Win 10 telemetry manually, the easiest and safest was to do so is by using third party software designed for this purpose. I use O&O Shutup10: https://www.oo-software.com/en/shutup10 and run it using the default recommended settings. These will block most of the objectionable telemetry activities and leave it place the telemetry activities Win 10 needs to function properly. Assumed is some of these allowed telemetry activities do have purposes other than just legit system activities. Remember that Microsoft provided the Home version for free. In the real world, there is no such thing as a "free lunch."

Share this post


Link to post
Share on other sites
18 hours ago, itman said:

As far as security software getting involved with this, it is frankly out of the scope of what they were designed for.

I mentioned this as I saw spybot search and destroy now offer protection against it 

Share this post


Link to post
Share on other sites
41 minutes ago, peteyt said:

I mentioned this as I saw spybot search and destroy now offer protection against it 

Have no desire to spend $$$ for this. Has anyone tested how effective it is against all Win 10 telemetry?

Quote

Our anti-telemetry tool Anti-Beacon Plus is available to all users of the Spybot Professional and the commercial editions.

 

Share this post


Link to post
Share on other sites
2 hours ago, itman said:

Have no desire to spend $$$ for this. Has anyone tested how effective it is against all Win 10 telemetry?

 

It looks like there is a trial https://www.safer-networking.org/products/spybot-anti-beacon/ but as someone who doesn't know about telemetry I wouldn't be the best to test it

Share this post


Link to post
Share on other sites
Posted (edited)
2 hours ago, peteyt said:

It looks like there is a trial https://www.safer-networking.org/products/spybot-anti-beacon/ but as someone who doesn't know about telemetry I wouldn't be the best to test it

Here's an article from a reliable source that basically recommends no third party software be used to try harness Win 10 telemetry: https://www.howtogeek.com/273513/why-you-shouldnt-use-anti-spying-tools-for-windows-10/ 

Again, I have had no issues using O&O ShutUp10 at default settings. Also, O&O is an authorize Microsoft VAR; translation - they are first not going to disable any necessary telemetry activities and second, it can be assumed some telemetry activities of the non-necessary type are allowed. Additionally, O&O does allow you to shut down all telemetry if you wish which is definitely not recommended.

Edited by itman

Share this post


Link to post
Share on other sites
16 hours ago, itman said:

Eset now has a security blog article on this vulnerability: https://www.welivesecurity.com/2019/05/22/patch-now-bluekeep-vulnerability/ . Of note is Microsoft issued no patch to Vista for this.

I notice they state Vista has no patch. Noticed this previously and wondered why considering xp is older than Vista. Is this down to usage e.g. many older businesses still using xp?  

Share this post


Link to post
Share on other sites
Posted (edited)
2 hours ago, peteyt said:

I notice they state Vista has no patch. Noticed this previously and wondered why considering xp is older than Vista. Is this down to usage e.g. many older businesses still using xp?  

I am not sure what Eset published is 100% correct.

Dell has a good article on OS downgrading rights here:  https://www.dell.com/support/article/us/en/04/sln294589/an-understanding-of-both-your-microsoft-windows-downgrade-rights-and-downgrading-from-windows-8-8-1-and-10?lang=en . The "gotcha" is only non-Home versions were offered downgrading rights which would have extended their end-of-support date to the like date from the product they downgraded from.

This means that the Vista business versions, if they were downgraded from a like Win 7 version, are  still supported until the Win 7 end-of-life date in Jan., 2020. This would imply that the patch was also offered to these Vista versions.

Edited by itman

Share this post


Link to post
Share on other sites

It's crazy that people still use Vista and XP :mellow: , I could understand people using Windows 7 but those other 2 are obsolete at the moment.

Share this post


Link to post
Share on other sites
4 hours ago, Rami said:

It's crazy that people still use Vista and XP :mellow: , I could understand people using Windows 7 but those other 2 are obsolete at the moment.

Yeah its like I said I get why people don't like windows 10 but its far more secure and you can customise it and even make it look like previous versions.

I've always compared using XP like a prison with a fence but a massive hole in it. You can have all the security and extras but it doesn't change the fact that theres a big hole in the fence and until its fixed theres always a risk. 

Share this post


Link to post
Share on other sites
Posted (edited)

One Million Devices Open to Wormable Microsoft BlueKeep Flaw

Quote

One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released.

The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this month. System administrators were urged to immediately deploy fixes as the flaw could pave the way for a similar rapidly-propogating attack on the scale of WannaCry.

Despite that, researchers on Tuesday warned that one million devices linked to the public internet are still vulnerable to the bug. Making matters worse, a spike in scans for vulnerable systems was spotted over the weekend – potentially indicating that bad actors are looking to sniff out the activity.

Errata Security’s Graham conducted a scan using his Masscan Internet-scale port scanner (which searches for open ports) to look for the port (3389) used by Remote Desktop. This pinpointed all open ports – from there, in order to discover whether or not they were vulnerable, Graham used a Remote Desktop Protocol scanning project developed by the Shadowserver Foundation. From there, he found that almost one million devices both reliably talk to the Remote Desktop protocol and are vulnerable to BlueKeep.

“The upshot is that these tests confirm that roughly 950,000 machines are on the public Internet that are vulnerable to this bug,” said Graham. “Hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines.”

In the meantime, vendors are coming out with their own advisories for vulnerable devices.

Several impacted devices include Siemens devices used in the medical space – including radiation oncology products, laboratory diagnostics products, Radiography and Mobile X-ray products and point of care diagnostics products.

https://threatpost.com/one-million-devices-open-to-wormable-microsoft-bluekeep-flaw/145113/

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...