Go Back  CorvetteForum - Chevrolet Corvette Forum Discussion > Off Topic > Politics, Religion & Controversy
Reload this Page >

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Politics, Religion & Controversy Politics | Religion | Controversy (Non-Corvette)

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

 
Old 05-16-2019, 08:48 AM
  #1  
69L46
CF Senior Member
Support Corvetteforum!
Thread Starter
 
69L46's Avatar
 
Member Since: Mar 2000
Location: In the heart of Bulldog territory..
Posts: 27,720
Received 53 Likes on 33 Posts
2015 C3 of Year Finalist
St. Jude Donor '15-'16-'17-'18-‘19
Default Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Hopefully by now most users have at least moved away from XP, but there's still a lot of Windows 7 machines out there.


https://krebsonsecurity.com/2019/05/...-windows-2003/
------------------------------------------------------------------------------------------------------------------------------------------------

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

The vulnerability (CVE-2019-0708) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.

Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is trying to head off a serious and imminent threat.

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” wrote Simon Pope, director of incident response for the Microsoft Security Response Center.

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

The WannaCry ransomware threat spread quickly across the world in May 2017 using a vulnerability that was particularly prevalent among systems running Windows XP and older versions of Windows. Microsoft had already released a patch for the flaw, but many older and vulnerable OSes were never updated. Europol estimated at the time that WannaCry spread to some 200,000 computers across 150 countries.

CVE-2019-0708 does not affect Microsoft’s latest operating systems — Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

More information on how to download and deploy the update for CVE-2019-0708 is here.

All told, Microsoft today released 16 updates targeting at least 79 security holes in Windows and related software — nearly a quarter of them earning Microsoft’s most dire “critical” rating. Critical bugs are those that can be exploited by malware or ne’er-do-wells to break into vulnerable systems remotely, without any help from users.

One of those critical updates fixes a zero-day vulnerability — (CVE-2019-0863) in the Windows Error Reporting Service — that’s already been seen in targeted attacks, according to Chris Goettl, director of product management for security vendor Ivanti.

Other Microsoft products receiving patches today including Office and Office365, Sharepoint, .NET Framework and SQL server. Once again — for the fourth time this year — Microsoft is patching yet another critical flaw in the Windows component responsible for assigning Internet addresses to host computers (a.k.a. “Windows DHCP client”).

“Any unauthenticated attacker who can send packets to a DHCP server can exploit this vulnerability,” to deliver a malicious payload, notes Jimmy Graham at Qualys.

Staying up-to-date on Windows patches is good. Updating only after you’ve backed up your important data and files is even better. A good backup means you’re not pulling your hair out if the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.

Note that Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

As per usual, Adobe has released security fixes for Flash Player and Acrobat/Reader. The Flash Player update fixes a single, critical bug in the program. Adobe’s Acrobat/Reader update plugs at least 84 security holes.

Microsoft Update should install the Flash fix by default, along with the rest of this month’s patch bundle. Fortunately, the most popular Web browser by a long shot — Google Chrome — auto-updates Flash but also is now making users explicitly enable Flash every time they want to use it. By the summer of 2019 Google will make Chrome users go into their settings to enable it every time they want to run it.

Firefox also forces users with the Flash add-on installed to click in order to play Flash content; instructions for disabling or removing Flash from Firefox are here. Adobe will stop supporting Flash at the end of 2020.

As always, if you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

69L46 is offline  
Old 05-16-2019, 08:54 AM
  #2  
dpd3672
CF Senior Member
Support Corvetteforum!
 
dpd3672's Avatar
 
Member Since: Aug 2009
Location: Detroit MI
Posts: 10,867
Likes: 0
Received 0 Likes on 0 Posts
Default

I never warmed up to Windows 10, still very happy with 7 on my laptop, I upgraded to 10, then downgraded back to 7.
dpd3672 is offline  
Old 05-16-2019, 09:34 AM
  #3  
blaforce
CF Senior Member
Support Corvetteforum!
 
blaforce's Avatar
 
Member Since: May 2011
Location: Bayou Country LA
Posts: 7,063
Likes: 0
Received 1 Like on 1 Post
St. Jude Donor '11-'12-'13-'14-'15-'16-'17
Default

Some companies have legacy systems running on Windows 2003 that can’t be moved to a newer OS because the software developers won’t update their older software versions to work on Windows 2012 or above. We removed these systems from the network making them standalone until they could be retired. It was a real pain in the *** when your plate is already full.

Windows 2012 end of live is Oct 2023. I’m sure my last employer will still have many of those Servers in operation. Hopefully they were able to add more staff after my retirement. We tried to install as many new systems on Windows 2016 as we could, but some software wasn’t compatible at that time. Some department managers had enough clout to override the IT departments objections to new systems developed by smaller companies.
blaforce is offline  
Old 05-16-2019, 09:50 AM
  #4  
Dueysan
CF Senior Member
 
Member Since: Dec 2005
Posts: 9,761
Likes: 0
Received 5 Likes on 3 Posts
Default

I don’t believe half the propaganda put out by the tech giants. Most of their hype is to get you to buy newer versions of their products. It is a well known fact that Windows 10 has a built in backdoor and sends telemetry data to Microsoft, so of course they want you to upgrade to their “newer, more secure” version of Windows.
Dueysan is offline  
Old 05-16-2019, 10:06 AM
  #5  
X-ZZ4
CF Senior Member
Support Corvetteforum!
 
X-ZZ4's Avatar
 
Member Since: Feb 2001
Location: The Great State of Oregon
Posts: 57,424
Received 9 Likes on 7 Posts
Cruise-In II Veteran
St. Jude Donor '03-'04-'05-'06-'07-'08-'09-'10-'11-'12-'13-'14-'15-'16-'17-'18-'19

Default

Originally Posted by Dueysan View Post
I don’t believe half the propaganda put out by the tech giants. Most of their hype is to get you to buy newer versions of their products. It is a well known fact that Windows 10 has a built in backdoor and sends telemetry data to Microsoft, so of course they want you to upgrade to their “newer, more secure” version of Windows.
Fine. Stick with XP then.

They all have "back doors". That's what Windows Update is. That's what Remote Access is. Back doors MUST be built in to modern operating systems. The question is...is there adequate security built in around them?

Sounds like in the case of older OS's....that answer is no. But most of us knew that already.

And telemetry data? Sounds scary. Most of it is crash and app data you can view yourself in Event Viewer. But you can turn that off if you don't like it. But if you do....it's kinda like not voting. If you don't vote, don't complain. If you don't give M$FT this data....don't complain about their "shitty" OS (that no one can still beat after all these years). In software, no matter how good it is, there is no test data that is as good as real world data. That's all this is.

Last edited by X-ZZ4; 05-16-2019 at 10:18 AM.
X-ZZ4 is online now  
Old 05-16-2019, 10:12 AM
  #6  
eboggs_jkvl
Tech Contributor
 
eboggs_jkvl's Avatar
 
Member Since: Jun 2001
Location: Jacksonville Florida
Posts: 10,514
Received 1,071 Likes on 601 Posts
2015 C7 of the Year Finalist
Default

W10 user. No issues with getting updates. Just had one 2 days ago. If you use XP, sucks to be you. IF a 75 year old man can keep current, surely you young studs can handle it.

Elmer
eboggs_jkvl is online now  
Old 05-16-2019, 10:28 AM
  #7  
GhostTX
CF Senior Member
 
GhostTX's Avatar
 
Member Since: Apr 2002
Location: Great State of Texas
Posts: 8,363
Received 0 Likes on 0 Posts
Default

Looks like I'm screwed. Windows 10 refused to upgrade my Win 7 back in the days it was free, and now my Win 7 has a bug that won't let it update anymore.
GhostTX is offline  
Old 05-16-2019, 10:33 AM
  #8  
KenHorse
AOC = All Out Communist
Support Corvetteforum!
 
KenHorse's Avatar
 
Member Since: Aug 2007
Location: Aurora, OR by way of Maui, HI. I have the heart of a Progressive - I keep it in a jar on my desk
Posts: 104,431
Received 1,003 Likes on 666 Posts
St. Jude Donor '11-'12-'13, '16-'17-'18
Default

Originally Posted by dpd3672 View Post
I never warmed up to Windows 10, still very happy with 7 on my laptop, I upgraded to 10, then downgraded back to 7.
I'm quite happy with 10 but only after I replaced the crappy Start system with ClassicShell.
KenHorse is online now  
Old 05-16-2019, 10:53 AM
  #9  
blaforce
CF Senior Member
Support Corvetteforum!
 
blaforce's Avatar
 
Member Since: May 2011
Location: Bayou Country LA
Posts: 7,063
Likes: 0
Received 1 Like on 1 Post
St. Jude Donor '11-'12-'13-'14-'15-'16-'17
Default

Originally Posted by GhostTX View Post
Looks like I'm screwed. Windows 10 refused to upgrade my Win 7 back in the days it was free, and now my Win 7 has a bug that won't let it update anymore.
I updated my older media laptop to windows 10 during the free upgrade. It took some effort to tweak the settings and get it installed correctly. It don't come easy!
blaforce is offline  
Old 05-16-2019, 11:30 AM
  #10  
Turbodude
CF Senior Member
 
Turbodude's Avatar
 
Member Since: Dec 2006
Location: Santa Fe, NM
Posts: 18,521
Likes: 0
Received 0 Likes on 0 Posts
St. Jude Donor '08
Default

I still run Windows XP and Windows 7 on my Macbook Pro from time to time, as virtual machines. XP is not connected to the web. Saves me a bundle by not needing to upgrade $$$ engineering software, and they're easy to use.

I'm surprised MS is going all the way back to XP for the update. Thought they pretty much wrote XP off.
Turbodude is offline  
Old 05-16-2019, 11:33 AM
  #11  
X-ZZ4
CF Senior Member
Support Corvetteforum!
 
X-ZZ4's Avatar
 
Member Since: Feb 2001
Location: The Great State of Oregon
Posts: 57,424
Received 9 Likes on 7 Posts
Cruise-In II Veteran
St. Jude Donor '03-'04-'05-'06-'07-'08-'09-'10-'11-'12-'13-'14-'15-'16-'17-'18-'19

Default

Originally Posted by Turbodude View Post
I still run Windows XP and Windows 7 on my Macbook Pro from time to time, as virtual machines. XP is not connected to the web. Saves me a bundle by not needing to upgrade $$$ engineering software, and they're easy to use.

I'm surprised MS is going all the way back to XP for the update. Thought they pretty much wrote XP off.
I didn't read the article.....but must be a pretty bad vulnerability if they are doing this. Surprised it took this long to find if it's that serious.
X-ZZ4 is online now  
Old 05-16-2019, 11:36 AM
  #12  
Frankie the Fink
CF Senior Member
Support Corvetteforum!
 
Frankie the Fink's Avatar
 
Member Since: Aug 2007
Location: Orlando Metro Area Florida
Posts: 48,767
Received 3,667 Likes on 2,872 Posts
Default

Originally Posted by GhostTX View Post
Looks like I'm screwed. Windows 10 refused to upgrade my Win 7 back in the days it was free, and now my Win 7 has a bug that won't let it update anymore.
OS or email upgrades in an enterprise environment are not that trivial..
The WORST was migrating from Groupwise to MS-Outlook IMO..I did it for several Federal agencies...

You can lock down Win-10 as much as any OS but its a lot of effort - particularly their "advertising ID" which I despise.
Frankie the Fink is online now  
Old 05-16-2019, 11:41 AM
  #13  
3D-Aircrew
CF Senior Member
 
3D-Aircrew's Avatar
 
Member Since: Nov 2007
Location: Gainesville FL
Posts: 1,692
Received 70 Likes on 68 Posts
Default

Now I know why one of my workstations was rebooted today after updates. I lost a little bit of work because of that.
3D-Aircrew is offline  
Old 05-16-2019, 12:05 PM
  #14  
danziger
CF Senior Member
 
danziger's Avatar
 
Member Since: Nov 2001
Location: Pensacola FL
Posts: 27,618
Received 32 Likes on 30 Posts
Default

I like Win 7. Used Win 10 for a while, but went back to 7 for my home machines.
danziger is offline  
Old 05-16-2019, 01:11 PM
  #15  
MagRedConv
CF Senior Member
 
Member Since: Sep 2007
Location: Miami Beach FL
Posts: 12,489
Received 38 Likes on 19 Posts
Default

Originally Posted by eboggs_jkvl View Post
W10 user. No issues with getting updates. Just had one 2 days ago. If you use XP, sucks to be you. IF a 75 year old man can keep current, surely you young studs can handle it.

Elmer
Alright Elmer!

Originally Posted by Turbodude View Post
I still run Windows XP and Windows 7 on my Macbook Pro from time to time, as virtual machines. XP is not connected to the web. Saves me a bundle by not needing to upgrade $$$ engineering software, and they're easy to use.

I'm surprised MS is going all the way back to XP for the update. Thought they pretty much wrote XP off.
Ditto
MagRedConv is offline  
Old 05-16-2019, 03:45 PM
  #16  
VETTRLZ
CF Senior Member
 
VETTRLZ's Avatar
 
Member Since: May 2007
Location: San Diego Ca
Posts: 35,176
Received 3 Likes on 3 Posts
Default

Originally Posted by X-ZZ4 View Post
In software, no matter how good it is, there is no test data that is as good as real world data. That's all this is.


True for hardware also. It always has been. There is no reliability laboratory with the scope and budget to properly reproduce every possible use case and failure opportunity. We try to approximate it and find the low hanging fruit, but he real world is the only test that really matters.
VETTRLZ is offline  
Old 05-16-2019, 03:52 PM
  #17  
KenHorse
AOC = All Out Communist
Support Corvetteforum!
 
KenHorse's Avatar
 
Member Since: Aug 2007
Location: Aurora, OR by way of Maui, HI. I have the heart of a Progressive - I keep it in a jar on my desk
Posts: 104,431
Received 1,003 Likes on 666 Posts
St. Jude Donor '11-'12-'13, '16-'17-'18
Default

So what's the biggest bitch about 10 that causes you to revert back to 7?
KenHorse is online now  
Old 05-16-2019, 04:04 PM
  #18  
GhostTX
CF Senior Member
 
GhostTX's Avatar
 
Member Since: Apr 2002
Location: Great State of Texas
Posts: 8,363
Received 0 Likes on 0 Posts
Default

Originally Posted by KenHorse View Post
So what's the biggest bitch about 10 that causes you to revert back to 7?
I like Win 10. Use it at work. When I tried upgrading my home Win 7 box, I got some cryptic error and it refused to update. When I contacted Microsoft about it, they didn't know what the error meant and didn't know what to do. So I was like, well, that's that.
GhostTX is offline  
Old 05-16-2019, 09:00 PM
  #19  
KenHorse
AOC = All Out Communist
Support Corvetteforum!
 
KenHorse's Avatar
 
Member Since: Aug 2007
Location: Aurora, OR by way of Maui, HI. I have the heart of a Progressive - I keep it in a jar on my desk
Posts: 104,431
Received 1,003 Likes on 666 Posts
St. Jude Donor '11-'12-'13, '16-'17-'18
Default

Originally Posted by GhostTX View Post
I like Win 10. Use it at work. When I tried upgrading my home Win 7 box, I got some cryptic error and it refused to update. When I contacted Microsoft about it, they didn't know what the error meant and didn't know what to do. So I was like, well, that's that.
I develop under 10 and as I said, aside from the crappy start menu (ClassicShell is a G-dsend), it works great on a several different machines I run.
KenHorse is online now  
Old 05-16-2019, 09:15 PM
  #20  
dmaxx3500
CF Senior Member
 
dmaxx3500's Avatar
 
Member Since: Jan 2008
Location: chicago
Posts: 24,962
Received 515 Likes on 393 Posts
Default

everybody I build a computer for want win 7 pro

I tried win 10,and im sticking with win7 pro

win11-12 should just go back to win 7
dmaxx3500 is offline  

Thread Tools
Search this Thread
Quick Reply: Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003


Sponsored Ads
Vendor Directory

Contact Us - About Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

© 2019 MH Sub I, LLC dba Internet Brands

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
 
  • Ask a Question
    Get answers from community experts
Question Title:
Description:
Your question will be posted in: