New processors are now blocked from receiving updates on old Windows
The promised update block is now in effect. Continue reading New processors are now blocked from receiving updates on old Windows
Category Archives: Updates
new Microsoft word 0 day exploit.
The internet is buzzing with yet another 0 day exploit for Microsoft Word. Yes this one is serious and can infect you with no action on your part., if you open one of these malicious Word Documents. But lets just step back, take a deep breath and in the immortal words … Continue reading → Continue reading new Microsoft word 0 day exploit.
Microsoft Tweaks Simplified Servicing Packages for Older Versions of Windows
Microsoft has made a change to the new streamlined update process for older versions of Windows.
read more Continue reading Microsoft Tweaks Simplified Servicing Packages for Older Versions of Windows
Microsoft Tweaks Simplified Servicing Packages for Older Versions of Windows
Microsoft has made a change to the new streamlined update process for older versions of Windows.
read more Continue reading Microsoft Tweaks Simplified Servicing Packages for Older Versions of Windows
How likely is it that the Hot Potato vulnerability can be exploited on a up-to-date Windows 2012 machine?
I recently found an article about the Hot Potato vulnerability and it seemed quite interesting.
Using this technique, we can elevate our privilege on a Windows workstation from the lowest levels to “NT AUTHORITY\SYSTEM” – the highest level of privilege available on a Windows machine.
The exploit basically consists of three aspects:
- Local NBNS Spoofer
- Fake WPAD Proxy Server
- HTTP -> SMB NTLM Relay
I’m specifically interested in this vulnerability on Windows Server 2012 (R2). The exploit makes use of an automatic update mechanism that downloads certificate trust lists (CTLs) on a daily basis.
The researchers said that using SMB (Server Message Block) signing may theoretically block the attack. Other method to stop the NTNL relay attack is by enabling “Extended Protection for Authentication” in Windows.
My question, are one of the two mitigations as suggested by the researchers automatically used as a patch/fix through Windows Update, since the initial vulnerability was released? I think somewhere in the beginning of 2016.
Note: It’s ironic that the introduction of a daily update of CTLs that are meant to improve security, introduce a massive Privilege Escalation vulnerability.
Windows updates to become more reliable and predictable, with fewer surprise reboots
It’ll be easier to stop Windows from rebooting in the middle of something important. Continue reading Windows updates to become more reliable and predictable, with fewer surprise reboots
Windows updates to become more reliable and predictable, with fewer surprise reboots
It’ll be easier to stop Windows from rebooting in the middle of something important. Continue reading Windows updates to become more reliable and predictable, with fewer surprise reboots
State of Text
Fuck. It is so incredibly frustrating that having that single word in a document will cause many to be offended and to not want to… Continue reading State of Text
Google will use Gmail to nudge you into updating your browser
If you’re clinging to an older version of Chrome, now is the time to update as Google is ending support for older versions Continue reading Google will use Gmail to nudge you into updating your browser
Anniversary Update with Bitlocker Reboot without Encryption Key
I have Windows 10 Professional installed and have avoided the Anniversary Update until yesterday. The computer installed the update despite my best efforts to stop it. But that is a different problem.
I have Bitlocker conf… Continue reading Anniversary Update with Bitlocker Reboot without Encryption Key