Archive for the ‘Windows’ Category

Another reason to hurry with Windows server patches: A new RDP vulnerability

January 16th, 2020
A crafted request is like a skeleton key for gaining access to unpatched Windows Remote Desktop servers.

Enlarge / A crafted request is like a skeleton key for gaining access to unpatched Windows Remote Desktop servers. (credit: Anadolu Agency / Getty Images)

While much of the attention around Microsoft's latest Windows security patch has been focused on a flaw in Windows 10 and Windows Server that could be used to spoof a certificate for secure Web sessions or signing code, there were 48 other vulnerabilities that were fixed in the latest update package. Five were related to Microsoft's Remote Desktop Protocol (RDP)-based service, which is used by thousands of organizations for remote access to computers within their networks. And two of them are flaws in the Windows Remote Desktop Gateway that could allow attackers to gain access to networks without having to provide a login.

These two separate bugs, identified as CVE-2020-0609 and CVE-2020-0610, are rated as more dangerous than the crypto bug by Microsoft because, while they're not yet exploited, they could be used to remotely execute code on targeted RDP servers before the gateway even attempts to authenticate them.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the Microsoft Security Response Center summary of both vulnerabilities warned. And there is no way to work around the vulnerability without applying a software update. Both attacks rely on specially crafted requests to the Remote Desktop Gateway using the RDP protocol.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, CVE-2019-0709, CVE-2020-0609, CVE-2020-0610, Remote Desktop Gateway, Remote Desktop Protocol, Windows | Comments (0)

Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash

November 11th, 2019
Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash

Enlarge (credit: hdaniel)

Recent in-the-wild attacks on the critical Bluekeep vulnerability in many versions of Windows aren’t just affecting unpatched machines. It turns out the exploits—which repurpose the September release from the Metasploit framework—are also causing many patched machines to crash.

Late last week, Windows users learned why: a separate patch Microsoft released 20 months ago for the Meltdown vulnerability in Intel CPUs. Word of the crashes first emerged five days ago, when researcher Kevin Beaumont discovered a malicious, in-the-wild Bluekeep exploit caused one of his honeypots to crash four times overnight. Metasploit developer Sean Dillon initially blamed the crashes on “mystical reptilian forces that control everything.” Then he read a Twitter post from researcher Worawit Wang:

In a post published on Thursday, Dillon wrote:

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, Blue Screen of Death, bluekeep, crash, exploits, vulnerabilities, Windows | Comments (0)

Exploit for wormable BlueKeep Windows bug released into the wild

September 6th, 2019
Exploit for wormable BlueKeep Windows bug released into the wild

Enlarge (credit: Aurich Lawson)

For months, security practitioners have worried about the public release of attack code exploiting BlueKeep, the critical vulnerability in older versions of Microsoft Windows that’s “wormable,” meaning it can spread from computer to computer the way the WannaCry worm did two years ago. On Friday, that dreaded day arrived when the Metasploit framework—an open source tool used by white hat and black hat hackers alike—released just such an exploit into the wild.

The module, which was published as a work in progress on Github, doesn’t yet have the polish and reliability of the EternalBlue exploit that was developed by the NSA and later used in WannaCry. For instance, if the people using the new module specify the wrong version of Windows they want to attack, they’ll likely wind up with a blue-screen crash. Getting the exploit to work on server machines also requires a change to default settings in the form of a registry modification that turns on audio sharing.

By contrast, the wormable EternalBlue exploit—which a still-unidentified group calling itself the Shadow Brokers released into the wild in April 2017—worked seamlessly against a wide range of Windows versions in their default settings. A month after the leak, EternalBlue was folded into the Wannacry ransomware worm that shut down computers worldwide. A month later, another EternalBlue-driven attack called NotPetya created still more worldwide destruction.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, bluekeep, exploits, microsoft, vulnerabilities, Windows, Worms | Comments (0)

Microsoft warns of more “wormable” bugs, this time in new versions of Windows

August 13th, 2019
The word

Enlarge (credit: Frank Lindecke / Flickr)

Microsoft is warning of a four new Windows vulnerabilities that are “wormable,” meaning they can be exploited to spread malware from one vulnerable computer to another without any user action in much the way the self-replicating WannaCry and NotPetya outbreaks did in 2017.

Similar to the so-called BlueKeep vulnerability Microsoft patched in May, the four bugs the company patched on Tuesday reside in Remote Desktop Services, which allow a user to take control of a remote computer or virtual machine over a network connection. The bugs—indexed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226—make it possible to for unauthenticated attackers to execute malicious code by sending a specially crafted message when a protection known as Network Level Authentication is turned off, as many administrators in large organizations often do.

In such networks, it’s possible for exploits to ricochet from computer to computer. Leaving NLA on makes it harder for attacks to spread, since attackers must first have network credentials. The growing use of hacking tools such as Mimikatz, however, often enables attackers to surreptitiously obtain the needed credentials.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, exploits, microsoft, Remote Desktop Services, Update Tuesday, vulnerabilities, Windows | Comments (0)

Chances of destructive BlueKeep exploit rise with new explainer posted online

July 22nd, 2019
Chances of destructive BlueKeep exploit rise with new explainer posted online

Enlarge (credit: One of the slides posted to Github)

A security researcher has published a detailed guide that shows how to execute malicious code on Windows computers still vulnerable to the critical BlueKeep vulnerability. The move significantly lowers the bar for writing exploits that wreak the kinds of destructive attacks not seen since the WannaCry and NotPetya attacks of 2017, researchers said.

As of three weeks ago, more than 800,000 computers exposed to the Internet were vulnerable to the exploit, researchers from security firm BitSight said last week. Microsoft and a chorus of security professionals have warned of the potential for exploits to sow worldwide disruptions. The risk of the bug, found in Microsoft's implementation of the remote desktop protocol, stems from the ability for attacks to spread from one vulnerable computer to another with no interaction required of end users.

“A pretty big deal”

One of the only things standing in the way of real-world attacks is the expertise required to write exploits that remotely execute code without crashing the computer first. Several highly skilled whitehat hackers have done so with varying levels of success, but they have kept the techniques that make this possible secret. Much of that changed overnight, when a security researcher published this slide deck to Github.

Read 13 remaining paragraphs | Comments

Posted in Biz & IT, bluekeep, exploits, vulnerabilities, Windows, Worms | Comments (0)

Apple’s iCloud has been a poor experience in Windows, but a new update seeks to fix that

June 12th, 2019

Apple has released a new version of iCloud for Windows 10 in the Microsoft Store, according to a recent blog post by Microsoft and a handful of Apple customer support documents. The new version claims to be a major improvement, with more robust features and more reliable syncing—the latter of those has been a common complaint for users of Apple's previous version.

Features listed by Microsoft include:

  • Access your iCloud Drive files directly from File Explorer without using up space on your PC
  • Choose the files and folders you want to keep on your PC
  • Safely store all your files in iCloud Drive and access them from your iOS device, Mac, and on iCloud.com
  • Share any file right from File Explorer and easily collaborate with others—edits will be synced across your devices

Interestingly, Microsoft says the new iCloud app is "powered by the same Windows technology that also powers OneDrive's Files On-Demand feature"—an unexpected technical and corporate partnership. But it shouldn't be too surprising at this point; despite the storied history and rivalries of the 1980s and '90s (as well as competition in areas like, yes, cloud services), Microsoft and Apple have largely played together nicely in recent years.

Read 2 remaining paragraphs | Comments

Posted in apple, File Explorer, icloud, iCloud Drive, Microsoft Store, Tech, Windows, Windows 10 | Comments (0)

Warnings of world-wide worm attacks are the real deal, new exploit shows

June 5th, 2019
Warnings of world-wide worm attacks are the real deal, new exploit shows

(credit: flattop341)

For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal.

It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.

The video shows a module Dillon wrote for the Metasploit exploit framework remotely connecting to a Windows Server 2008 R2 computer that has yet to install a patch Microsoft released in mid May. At about 14 seconds, a Metasploit payload called Meterpreter uses the getuid command to prove that the connection has highly privileged System privileges. In the remaining six seconds, the hacker uses the open source Mimikatz application to obtain the cryptographic hashes of passwords belonging to other computers on the same network the hacked machine is connected to.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, bluekeep, exploits, microsoft, vulnerabilities, Windows | Comments (0)

Answers to some of your iTunes questions: Old libraries, Windows, and more

June 3rd, 2019

SAN JOSE, Calif.—After much speculation and fanfare in the press, Apple confirmed today that it will sunset iTunes in the next version of macOS and spin its functionality into three new apps—Apple Music, Apple Podcasts, and Apple TV. As we noted earlier, this marks the end of an era of sorts on the Mac—but there were plenty of unanswered questions. What features will Music retain from iTunes? And what happens to Windows users who are dependent on iTunes?

While some details are still fuzzy and will remain that way until we start digging into the beta releases, we got some broad answers from Apple on those top-level questions.

Old iTunes libraries and files

Apple Music in macOS Catalina will import users' existing music libraries from iTunes in their entirety, Apple says. That includes not just music purchased on iTunes, but rips from CDs, MP3s, and the like added from other sources.

Read 8 remaining paragraphs | Comments

Posted in apple, apple music, iTunes, MP3, Tech, Windows, WWDC, WWDC 2019 | Comments (0)

Microsoft practically begs Windows users to fix wormable BlueKeep flaw

May 31st, 2019
Microsoft practically begs Windows users to fix wormable BlueKeep flaw

Enlarge (credit: Aurich Lawson)

Microsoft security officials say they are confident an exploit exists for BlueKeep, the recently patched vulnerability that has the potential to trigger self-replicating attacks as destructive as the 2017 WannaCry attack that shut down computers all over the world.

In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft issued two weeks ago patching against the so-called BlueKeep vulnerability, which is formally tracked as CVE-2019-0708. The exploits can reliably execute malicious code with no interaction on the part of an end user. The severity prompted Microsoft to take the unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and two years, respectively.

Thursday’s post warned, once again, that the inaction could trigger another worm of the magnitude of WannaCry, which caused hospitals to turn away patients and paralyzed banks, shipping docks, and transportation hubs around the world. In Thursday’s post MSRC officials wrote:

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, exploits, microsoft, vulnerabilities, Windows, Worms | Comments (0)

Xbox Game Pass is coming to Windows 10, but many questions remain

May 30th, 2019
Well, there you have it.

Enlarge / Well, there you have it.

In one of the less-detailed announcements of the pre-E3 season, Microsoft this morning officially confirmed it is bringing its "all-you-can-play" Game Pass subscription service to the PC. The new expansion of the Xbox Game Pass (which launched just over two years ago) "will give players unlimited access to a curated library of over 100 high-quality PC games on Windows 10, from well-known PC game developers and publishers such as Bethesda, Deep Silver, Devolver Digital, Paradox Interactive, SEGA and more," according to an announcement from Microsoft.

Games from Microsoft's own studios, including recent acquisitions Obsidian and inXile, will be available on Xbox Game Pass for PC on the day they're released, just as they are on Xbox One. Game Pass members will also receive discounts of up to 20% on Windows Store games and up to 10% off of DLC and add-on purchases.

Aside from that, though, Microsoft's announcement leaves a lot of major holes. While the "Xbox Game Pass for PC" shares a name with the company's "original" gaming subscription plan, it's not clear if PC subscriptions will be considered separate, or available as a bundle with the console plan, or included in Microsoft's upcoming "Game Pass Ultimate," or some combination of all of the above. Microsoft also didn't discuss any pricing details, launch timing for the service, any specific included games, or whether or not Game Pass on PC downloads would be limited to Microsoft's own Windows Store. Microsoft has promised to reveal more at its June 9 E3 press conference.

Read 3 remaining paragraphs | Comments

Posted in gaming, Gaming & Culture, microsoft, Windows, xbox game pass | Comments (0)