Posted on

Windows 10 Systems Still Vulnerable To A Three-Month-Old Critical Security Flaw From Microsoft

Windows 10 Critical Exploit Now Confirmed, Months After Microsoft’s Emergency Update. Veteran technology reporter Dave Windey for Forbes and PC Computing reports U.S. Government cybersecurity agency warns malicious cyber actors are targeting Windows 10 systems still vulnerable to a three-month-old critical security flaw.

Cast your mind back to March 10 when the monthly Windows Patch Tuesday security updates were released by Microsoft. That same day, one critical Windows 10 vulnerability was disclosed by mistake; disclosed before a fix had been made available.

CVE-2020-0796, better known today as SMBGhost, was thought so dangerous were it to be weaponized that it merited that rarest of common vulnerability scoring system (CVSS) ratings: a “perfect” 10. Microsoft was quick to act. It issued an emergency out of band fix within days.

That’s where the good news ends.

SMBGhost is a fully wormable vulnerability that could enable remote and arbitrary code execution and, ultimately, control of the targeted system if a successful attack was launched. The vulnerability, in Microsoft’s Server Message Block 3.1.1, allows for a maliciously constructed data packet sent to the server to kick off the arbitrary code execution.

Such an attack would require both an unpatched and vulnerable Windows 10 or Windows Server Core machine and, crucially, working and available exploit code. The former should have been sorted by the emergency update being applied automatically, but that assumes every device at risk would have automatic updates enabled.

This is not the case, for a myriad of reasons, and leaves systems and data exposed.

Especially seeing as the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has just confirmed that it is aware of “publicly available and functional” proof of concept (PoC) exploit code.

What’s more, the CISA posting warns, “malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports.”

The CISA has said that it “strongly recommends using a firewall to block SMB ports from the internet,” and that the application of patches and updates for such critical vulnerabilities should be applied as soon as possible.

Microsoft’s security updates addressing SMBGhost in Windows 10 version 1909 and 1903 and Server Core for the same versions, can be found here.

I have reached out to Microsoft for a statement regarding the availability of exploit code and further advice for users and will update this article when I have that. In the meantime, get patching and get blocking.

Posted on

Running Windows 10? Critical update for Windows 10, version 1903, May 2019 release

Hope you’re having a good day. Not to be a downer, but if running Windows 10, you would have realized that Microsoft has been having a battle with updating Windows 10 for sometime. For a tested update that works to improve system performance and extend Windows 10 support to 2020 and up to 2025, follow the link to the Microsoft update. Although technical, failure to run this important update would mean that support for your computer would end Nov 2019. On the update page, there is an easy to follow BLUE ‘check for updates’ activator button for you to get going. Requirements for the update? Internet EXPLORER (the blue E icon) and NOT Google Chrome. When applying the update BE PATIENT with the part running the reinstall. It takes 20 minutes give or take. Although automatic, it is a complete operating system reinstall and without the risk of data loss. That said, it is always better to backup before running.* Our tests however, proved backup was not a must. Good luck and looking forward to your feedback!

Microsoft Windows 10, version 1903 Critical Update: https://support.microsoft.com/en-my/help/4028685/windows-10-get-the-update

*If your system reports the captioned update is already installed, then please ignore this advice.

Posted on

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

Facebook exposed private photos from up to 6.8 million users to apps that weren’t supposed to see them, the company said today. These apps were authorized to see a limited set of users’ photos, but a bug allowed them to see pictures they weren’t granted access to. These included photos from people’s stories as well as photos that people uploaded but never posted (because Facebook saved a copy anyway).

“Darktrace’s machine learning approach means that our days of battling cyber-threats at the border are over,” commented Paul Martinello, Vice President of Information Technology, Energy+. “Before deploying Darktrace, we had no way of detecting emerging threats, and we had a reactive approach to cyber defense. The Enterprise Immune System protects our network from the inside out, allowing us to catch even the subtlest and most advanced forms of threat at their earliest stages.”

24/7 Cybersecurity

The exposure occurred between September 12th and September 25th. Facebook toldTechCrunch that it discovered the breach on the 25th; it isn’t clear why the company waited until now to disclose it. (Perhaps it’s because the company was dealing with a separate and substantially larger breach that it also discovered on September 25th.)

Affected users will receive a notificationalerting them that their photos may have been exposed. Facebook also says it’ll be working with developers to delete copies of photos they weren’t supposed to access. In total, up to 1,500 apps from 876 different developers may have inappropriately accessed people’s pictures.

Image: Facebook

Facebook said the bug had to do with an error related to Facebook Login and its photos API, which allows developers to access Facebook photos within their own apps. All of the impacted users had logged into a third-party app using their Facebook accounts and granted them some degree of access to view their photos.

“We’re sorry this happened,” writes Tomer Bar, engineering director at Facebook. The disclosure comes exactly one day after Facebook opened a pop-up installation in New York to show people how “you can manage your privacy” on the site.

Facebook has been in hot water again and again this year over data breaches and exposures, most notably with Cambridge Analytica. In many cases, the problems haven’t been caused by hackers, but they have stemmed from issues within Facebook itself. The Cambridge Analytica breach happened because of Facebook’s lax oversight of developers and data sharing; today’s issue happened because of another breakdown in communication between Facebook and developers.

Google has already pledged to shut down Google+ over similar issues. Twice this year, the service exposed information inappropriately to developers.

Source:  The Verge Jacob Kastrenakes on 

 

Hackers Data Breach Equifax For 76 Days Before Being Discovered

Marriott faces backlash over data breach impacting 500 million guests

Solutions

Meet Penny, an AI tool that can predict wealth from space

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

Quora Website Data Breach Hits 100 Million Users

The 21 biggest data breaches of 2018

5 Key Benefits of Computer-Integrated Manufacturing

About Us