{"id":11059,"date":"2018-01-10T10:30:27","date_gmt":"2018-01-10T18:30:27","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/10\/news-4830\/"},"modified":"2018-01-10T10:30:27","modified_gmt":"2018-01-10T18:30:27","slug":"news-4830","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/01\/10\/news-4830\/","title":{"rendered":"A mess of Microsoft patches, warnings about slowdowns \u2014 and antivirus proves crucial"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 10 Jan 2018 09:22:00 -0800<\/strong><\/p>\n

Welcome to another banner Patch Tuesday. Microsoft yesterday released 56 separately identified security patches for every supported version of Windows, Office, .Net, Internet Explorer and Edge. Out of that monstrous pile, only one patch cures a currently exploited problem \u2014 a flaw in Word\u2019s Equation Editor that should have been fixed in November.<\/span><\/p>\n

If you\u2019re a \u201cnormal\u201d user, your first priority shouldn\u2019t be Microsoft\u2019s patches, notwithstanding the fabulous PR job performed on <\/span>Meltdown and Spectre\u2019s behalf<\/span><\/a>. Assuming you don\u2019t open random Word docs with dicey embedded equations, your main concern right now should be getting your antivirus house in order.<\/span><\/p>\n

I say that knowing full well that everybody and his second cousin is champing at the bit to have you get the Meltdown\/Spectre patches installed. Sometimes I feel like a 14th-century rationalist pushing back against <\/span>“known” cures for the plague<\/a>.<\/span><\/p>\n

Your machine <\/span>isn\u2019t going to<\/span><\/a>, uh, melt down. Nobody\u2019s gonna get you with Spectre. Your three-year-old PC isn\u2019t going to turn into a pile of sludge, in spite of <\/span>what Microsoft says<\/span><\/a>. Instead, the facts point to something much more prosaic: Now would be a good time to get your antivirus program caught up. That\u2019s all.<\/span><\/p>\n

To be sure, this month\u2019s Patch Tuesday is formidable. The official (and unusable) <\/span>Security Update Summary<\/span><\/a> lists 93 patches. SANS <\/span>Internet Storm Center<\/span><\/a>\u2019s (much more usable) summary shows 56 patched \u201cCVE\u201d security holes. Martin Brinkmann\u2019s <\/span>Ghacks.net <\/span><\/a>lists all of the patches in human-readable form, with descriptions and links. He has also replicated the <\/span>official patch spreadsheet<\/span><\/a>, which contains 1,073 separately identified patches.<\/span><\/p>\n

The one common factor: Aside from the Equation Editor botched repatch, not one<\/strong> <\/em>of this month\u2019s patches addresses a known exploited security hole.<\/span><\/p>\n

On the Windows side, we\u2019re seeing a re-announcement of all of the <\/span>Meltdown\/Spectre patches<\/span><\/a> that started appearing on Jan. 3. Those patches were all updated on Jan. 4, and many again on Jan. 9. Some of them (including the Win8.1 security-only patch <\/span>KB 4056898<\/span><\/a>) have been released and re-released, without explanation. All of them have a nasty habit of <\/span>bricking <\/span><\/a>AMD Athlon, Sempron, Turion, Opteron, Phenom and some Ryzen computers (detailed list <\/span>on TechArp<\/span><\/a>). <\/span><\/p>\n

The fact is that there are no<\/em><\/strong> known exploits for Meltdown or Spectre in the wild. The hell-bent push to get the Meltdown\/Spectre patches installed resulted in thousands (tens of thousands? hundreds of thousands?) of bricked AMD PCs and untold hours of wasted effort, all to no benefit. Yet almost every news report is parroting the same \u201csky is falling\/patch now\u201d drivel.<\/span><\/p>\n

Over on the Office side, <\/span>Microsoft lists <\/span><\/a>36 security patches and 25 non-security patches, including a big crop of patches for Office 2007. That\u2019s more than a little surprising, because Office 2007 reached the <\/span>end of extended support<\/span><\/a> in April 2017. We also have new versions of Office 2010 Click-to-Run (14.0.7193.5000) and Office 2013 Click-to-Run (15.0.4997.1000). Office 365 version 1711 <\/span>stands at<\/span><\/a>\u00a0Build 8730.2175. <\/span><\/p>\n

We also have three Security Advisories:<\/span><\/p>\n

and the usual <\/span>list of patches<\/span><\/a> being pushed out through Windows Update and WSUS. For those trying to keep their servers going, don\u2019t forget to look at the <\/span>KB 4072698 guidelines<\/span><\/a> to manually get the protections enabled, if you feel so bold. And if you see dozens of repeated Office patches on your WSUS server, you\u2019re looking at a bug (feature?) we\u2019ve seen for months \u2014 per <\/span>@abbodi86 on AskWoody<\/span><\/a>:<\/span><\/p>\n

They release each language in a separate patch, so in WSUS\/Catalog each language will have 2 entries, for 32bit\/64bit. I wonder why they did not bundle all languages in a single update, like they always do with proofing tools update<\/span><\/p>\n

That\u2019s a massive amount of information to absorb, but for most people there are only two takeaways: If you open Word docs with compromised Equation Editor components, you can get pwned. And you need to get your antivirus house in order.<\/span><\/p>\n

Yes, there are examples of Meltdown and Spectre <\/span>exploits on the web<\/span><\/a>, but they\u2019re nowhere near being active ground-level threats for the vast majority of Windows customers. When they are finally weaponized, my guess is that we\u2019ll see the first breaches come through web browsers \u2014 or on high-stakes servers in the banking, military or cryptocurrency industries \u2014 not meltdown programs running on individual machines.<\/span><\/p>\n

If you\u2019re looking at this month\u2019s patches from an admin\u2019s point of view, check out <\/span>Ed Bott\u2019s advice<\/span><\/a>\u00a0on ZDNet:<\/span><\/p>\n

The first order of business is: Don’t panic. The tech press loves to treat security incidents like this one as apocalyptic but the reality is you have time to devise a comprehensive response.<\/span><\/p>\n

Those of you who follow along here may be surprised to see Equation Editor singled out for persecution. After all, Microsoft <\/span>fixed the Equation Editor<\/span><\/a> security hole in November, didn\u2019t it?<\/span><\/p>\n

Well, no. It had thought it had fixed the Equation Editor with the CVE-2017-11882 patch in November, but a new bug appeared shortly after that fix went out. The new security hole is called CVE-2018-0802. The <\/span>0patch blog <\/span><\/a>presents convincing evidence that the CVE-2017-11882 fix was, in fact, a masterful piece of manual hacking. It looks like Microsoft lost the source code for EQNEDT32.EXE.<\/span><\/p>\n

Long and short of it, the CVE-2018-0802 bug is so bad (or perhaps Microsoft gave up on manually hacking the ancient executable) that this month\u2019s patches simply zap the EQNEDT32.EXE file. Omer Gull and Ben Simon, <\/span>on the Checkpoint site<\/span><\/a>, give full details of the old and new exploits. <\/span><\/p>\n

If you still use Equation Editor \u2014 an obscure feature in Word and WordPad that allows you to put equations into documents \u2014 there\u2019s a thread on AskWoody that <\/span>discusses alternatives<\/span><\/a>. Microsoft <\/span>recommends <\/span><\/a>MathType from Wiris Suite.<\/span><\/p>\n

Also note that if you\u2019re concerned about opening Word (or WordPad) docs with rogue equations and don\u2019t want to install this month\u2019s patches just yet, you can manually disable Equation Editor with a simple registry change. Microsoft <\/span>has the details<\/span><\/a>.<\/span><\/p>\n

There are dire warnings all over the web that installing the Meltdown\/Spectre patches will drive your computer into the ground. All of the (hundreds!) of warnings about the Meltdown meltdown point back to a post by Windows head honcho Terry Myerson, <\/span>who said<\/span><\/a>:<\/span><\/p>\n

That sure sounds dire \u2014 if you own a three-year-old computer, your performance is headed into the deep abyss, right?<\/span><\/p>\n

I say bah. Microsoft ran its performance tests, and that\u2019s great. (Obviously it didn\u2019t include any AMD processors or it would\u2019ve discovered the AMD-bricking bug sooner.) The results are waffling in the extreme. And the conclusion serves Microsoft\u2019s purposes. The not-so-subtle subtext is: \u201cWe did the best we could, but you Win7\/8.1 holdouts are gonna have to buy a new computer.\u201d<\/span><\/p>\n

What I\u2019d like to see is independent, third-party confirmation of the results. Performance stats are hard. You really have to clock something specific \u2014 or rely on benchmarks that may or may not reflect what you do, day in and day out. In my experience, a variance of 20% or more in \u201cnormal\u201d user speed isn\u2019t really noticeable. <\/span><\/p>\n

I think the big performance question for most folks is in the browser \u2014 and we don\u2019t have any numbers there yet. Google won\u2019t even update Chrome until <\/span>around Jan. 23<\/span><\/a>. Remember that Google (and several others) <\/span>discovered Meltdown and Spectre<\/span><\/a>. Their slow response should tell you how much they fear an imminent attack.<\/span><\/p>\n

Gregg Keizer has a full explanation of the antivirus chicken-and-egg problem in his Computerworld\u00a0<\/em><\/span>column earlier today<\/span><\/a>. In essence, you need to make sure your antivirus enables this month\u2019s \u2014\u00a0<\/span>and all future<\/i><\/strong>\u00a0\u2014 updates, before you try to install the January patches. <\/span><\/p>\n

If your antivirus isn\u2019t up to the task \u2014 see Kevin Beaumont\u2019s <\/span>excellent explainer<\/span><\/a> and companion <\/span>shame list<\/a> \u2014\u00a0or you don\u2019t want to pay for more antivirus \u201cprotection,\u201d you can always uninstall your antivirus and go with <\/span>Windows Defender or Microsoft Security Essentials<\/span><\/a>.<\/span><\/p>\n

I repeat \u2014 forgive me if you\u2019ve heard this before \u2014 but there are no known<\/em><\/strong> Meltdown or Spectre exploits in the wild. Folks who run servers with sensitive data \u2014 banks, brokerage houses, military contractors, cryptocurrency exchanges \u2014 need to be concerned about Meltdown and Spectre in the near term, realizing that the data can only be snooped if you allow an unauthorized program to run on your server.<\/span><\/p>\n

For everybody else, the first attacks (if there ever are any) are likely to come through web browsers. You need to harden your browser as soon as the update is available: Firefox is <\/span>already partially protected<\/span><\/a>, and the new Chrome is <\/span>due Jan. 23<\/span><\/a>. <\/span><\/p>\n

You need to update your BIOS or UEFI, but those fixes are only starting to roll out, and I don’t expect to see any garden-variety hacking of an older BIOS or UEFI in the near term. For starters, the snooping program has to be actively running on your computer.<\/span><\/p>\n

And if you\u2019re worried about the Equation Editor security hole, just <\/span>change the registry entries<\/span><\/a> recommended by Microsoft.<\/span><\/p>\n

What you\u2019re witnessing is a colossal \u201csky is falling\u201d routine, aided and abetted by folks who are going to make money from the havoc. Don\u2019t fall for the hype, the PR, and those cute logos. Get the facts, get your antivirus house in order, change the Equation Editor entries if you\u2019re very concerned, and you\u2019re good to go. For now.<\/span><\/p>\n

Wait and watch for more AMD-caliber problems on the <\/span><\/i>AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 10 Jan 2018 09:22:00 -0800<\/strong><\/p>\n

\n
\n

Welcome to another banner Patch Tuesday. Microsoft yesterday released 56 separately identified security patches for every supported version of Windows, Office, .Net, Internet Explorer and Edge. Out of that monstrous pile, only one patch cures a currently exploited problem \u2014 a flaw in Word\u2019s Equation Editor that should have been fixed in November.<\/span><\/p>\n

If you\u2019re a \u201cnormal\u201d user, your first priority shouldn\u2019t be Microsoft\u2019s patches, notwithstanding the fabulous PR job performed on <\/span>Meltdown and Spectre\u2019s behalf<\/span><\/a>. Assuming you don\u2019t open random Word docs with dicey embedded equations, your main concern right now should be getting your antivirus house in order.<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10761],"class_list":["post-11059","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows-10"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11059"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11059\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11059"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}