{"id":15320,"date":"2019-05-15T06:30:02","date_gmt":"2019-05-15T14:30:02","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/05\/15\/news-9069\/"},"modified":"2019-05-15T06:30:02","modified_gmt":"2019-05-15T14:30:02","slug":"news-9069","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/05\/15\/news-9069\/","title":{"rendered":"If you\u2019re running Windows XP, 7 or associated Servers, patch them"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 15 May 2019 07:13:00 -0700<\/strong><\/p>\n

As of very early Wednesday morning, I don\u2019t hear any loud screams of pain from the May Patch Tuesday bumper crop of patches. There\u2019s still much we don\u2019t know about the \u201cWannaCry-like\u201d security hole in pre-Win8 versions of Windows \u2014 more about that in a moment \u2014 but all indications at this point lead me to believe that it\u2019s smarter to patch now and figure out how to fix any damage later.<\/span><\/p>\n

The cause is a bug in Microsoft\u2019s Remote Desktop Services that can allow an attacker to take over your earlier-generation Windows PC if it\u2019s connected to the internet. Not all machines are vulnerable. But the number of exposed machines \u2014 the size of the honey jar \u2014 makes it likely that somebody will come up with a worm shortly.<\/span><\/p>\n

In short, if you have a PC that runs any of these:<\/span><\/p>\n

You need to get patched now. Tell your friends.<\/span><\/p>\n

You can read about the nature of the security hole in the <\/span>original announcement<\/span><\/a> from Simon Pope, the Microsoft Security Response Center director of incident response. There\u2019s a <\/span>detailed analysis<\/span><\/a> about what little we know from Dan Goodin at Ars Technica. Most of the reports online rehash the same story, but it\u2019s worth noting that Microsoft credits discovery of the vulnerability to the National Cyber Security Center, which is the \u201c<\/span>public-facing arm of the UK\u2019s spy agency, GCHQ<\/span><\/a>.\u201d Shades of WannaCry, which originated with the NSA.<\/span><\/p>\n

The problem, as always, doesn\u2019t lie with the good intentions of the patchers. The devil lies in the implementation details. As of this moment, it looks like the patches aren\u2019t causing more problems than they fix.<\/span><\/p>\n

That\u2019s particularly remarkable because in the case of the Win7 cluster patches, they include a fix for a completely different security hole, the so-called \u201cMicroarchitectural Data Sampling (MDS)\u201d vulnerability<\/a>, which has much in common with Meltdown and Spectre. (Catalin Cimpanu has the <\/span>details on ZDNet<\/span><\/a> with a good <\/span>short synopsis<\/span><\/a> by @AceOfAces on AskWoody.) You may recall that patching Meltdown and Spectre has provided much wailing and gnashing of teeth for thousands of would-be patchers, yet there\u2019s never been an infection spotted in the wild.<\/span><\/p>\n

With Microsoft\u2019s patch-bundling propensities, you <\/span>can\u2019t fix one without dragging in the other.<\/span><\/a> For the Windows 7 and Windows Server patches, you can\u2019t fix the immediate problem \u2014 this wormable RDS security hole \u2014 without also installing a fix for a problem that won\u2019t appear any time soon and, indeed, may not even exist in the real world (see <\/span>Andy Greenberg\u2019s article in Wired<\/span><\/a>).<\/span><\/p>\n

I think it\u2019s fair to say that we don\u2019t know much at all about the “wormable” RDS vulnerability or the fix. For example:<\/span><\/p>\n

More interesting \u2014 if Window XP gets fixed, what can we infer about the long-term viability of Windows 7? Windows XP was taken off life support five years ago. If a future bug is bad enough, will Microsoft fix Win7?\u00a0<\/span><\/p>\n

Before you make any changes, run a full system image backup. With less than 24 hours of experience with these patches under our belts, making a full backup is even more important than usual.<\/span><\/p>\n

If you\u2019re running Windows XP or Server 2003 (more accurately, Windows XP SP3, Windows Server 2003 SP2, Windows XP Professional x64 Edition SP2, Windows XP Embedded SP3, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009 \u2014 which, yes, probably includes your aging cash register), you need to manually download and install the patch. The patch you want is called <\/span>KB 4500331<\/span><\/a>.<\/span><\/p>\n

If you\u2019re running Windows 7, Server 2008 SP2, or Server 2008 R2, you should install the May Monthly Rollup. If you have an antivirus product from Sophos, Avira, Avast, AVG or McAfee, make sure it\u2019s up to date. Then follow<\/span> AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups<\/span><\/a>. If you see<\/span> KB 4493132<\/span><\/a>, the \u201cGet Windows 10\u201d nag patch, make sure it\u2019s unchecked. DON’T CHECK any unchecked patches. \u00a0<\/span><\/p>\n

Those of you who insist on manually installing the Security-only patches should <\/span>proceed as usual<\/span><\/a>.<\/span><\/p>\n

If you\u2019re still running Windows Vista, bless yer heart; drop by the <\/span>AskWoody Lounge<\/span><\/a>, and we\u2019ll step you through it.<\/span><\/p>\n

Thx T, PKCano, abbodi86, Cavalary, Cybertooth, AceOfAces, many others<\/span><\/i><\/p>\n

Stay up on the latest on the <\/span><\/i>AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 15 May 2019 07:13:00 -0700<\/strong><\/p>\n

\n
\n

As of very early Wednesday morning, I don\u2019t hear any loud screams of pain from the May Patch Tuesday bumper crop of patches. There\u2019s still much we don\u2019t know about the \u201cWannaCry-like\u201d security hole in pre-Win8 versions of Windows \u2014 more about that in a moment \u2014 but all indications at this point lead me to believe that it\u2019s smarter to patch now and figure out how to fix any damage later.<\/span><\/p>\n

The cause is a bug in Microsoft\u2019s Remote Desktop Services that can allow an attacker to take over your earlier-generation Windows PC if it\u2019s connected to the internet. Not all machines are vulnerable. But the number of exposed machines \u2014 the size of the honey jar \u2014 makes it likely that somebody will come up with a worm shortly.<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,714,10525],"class_list":["post-15320","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15320"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15320\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}