Miscellaneous Tech News
-
Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
Game-over code-execution attacks are still possible even after fix is installed.
An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said. The threat, colloquially known as PrintNightmare, stems from bugs in the Windows print spooler, which provides printing functionality inside local networks. Proof-of-concept exploit code was publicly released and then pulled back, but not before others had copied it. Researchers track the vulnerability as CVE-2021-34527. -
The Windows 11 insider build is surprisingly unpolished and unfinished
Windows 11 looks to be a decent upgrade, but not one to lose sleep over missing.
Microsoft made early Windows 11 builds available via its Windows Insider program the week after its first major announcement, and we've spent quite a few hours kicking the tires. When Windows 11 publicly releases, it's likely to be a fine operating system—but right now, it's an unpolished, unfinished mess. Of course, this isn't a surprise—Windows 11 is still only available in the Dev channel of the Insider program. The three Insider channels are Release Preview, Beta, and Dev; Dev roughly corresponds to a software alpha, and Microsoft itself describes it as "the newest code," with "rough edges and some instability." -
@mlnews said in Miscellaneous Tech News:
The Windows 11 insider build is surprisingly unpolished and unfinished
Windows 11 looks to be a decent upgrade, but not one to lose sleep over missing.
Microsoft made early Windows 11 builds available via its Windows Insider program the week after its first major announcement, and we've spent quite a few hours kicking the tires. When Windows 11 publicly releases, it's likely to be a fine operating system—but right now, it's an unpolished, unfinished mess. Of course, this isn't a surprise—Windows 11 is still only available in the Dev channel of the Insider program. The three Insider channels are Release Preview, Beta, and Dev; Dev roughly corresponds to a software alpha, and Microsoft itself describes it as "the newest code," with "rough edges and some instability."How can that possibly be surprising. It has "Windows" right in the name. Windows 10 has been out for years and is totally unpolished and unfinished. Updates STILL don't work, at all. It's buggy as hell as if no one at MS has ever tried to use it themselves (actually, they probably don't.)
The title should read "Totally As Expected, Windows 11 Insider Build is Unpolished and Unfinished"
-
@scottalanmiller said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
The Windows 11 insider build is surprisingly unpolished and unfinished
Windows 11 looks to be a decent upgrade, but not one to lose sleep over missing.
Microsoft made early Windows 11 builds available via its Windows Insider program the week after its first major announcement, and we've spent quite a few hours kicking the tires. When Windows 11 publicly releases, it's likely to be a fine operating system—but right now, it's an unpolished, unfinished mess. Of course, this isn't a surprise—Windows 11 is still only available in the Dev channel of the Insider program. The three Insider channels are Release Preview, Beta, and Dev; Dev roughly corresponds to a software alpha, and Microsoft itself describes it as "the newest code," with "rough edges and some instability."How can that possibly be surprising. It has "Windows" right in the name. Windows 10 has been out for years and is totally unpolished and unfinished. Updates STILL don't work, at all. It's buggy as hell as if no one at MS has ever tried to use it themselves (actually, they probably don't.)
The title should read "Totally As Expected, Windows 11 Insider Build is Unpolished and Unfinished"
In my testing, I did not experience any of the issues in that article. Other than that, title is just for clicks.
-
@dbeato said in Miscellaneous Tech News:
@dafyre But they have said it doesn't fix it
https://arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/I guess we'll be doing this again next week then...again. lol.
-
@dafyre said in Miscellaneous Tech News:
@dbeato said in Miscellaneous Tech News:
@dafyre But they have said it doesn't fix it
https://arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/I guess we'll be doing this again next week then...again. lol.
That's what I told the boss this morning!
-
Microsoft discovers critical SolarWinds zero-day under active attack
Flaws allow attackers to run malicious code on machines hosting Serv-U products.
SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line. Microsoft discovered the exploits and privately reported them to SolarWinds, the latter company said in an advisory published on Friday. SolarWinds said the attacks are entirely unrelated to the supply chain attack discovered in December. -
@mlnews Yeah, not the first from Serv-U won't be the last lol
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
That was back in February 3rd, 2021. -
@mlnews said in Miscellaneous Tech News:
Microsoft discovers critical SolarWinds zero-day under active attack
Flaws allow attackers to run malicious code on machines hosting Serv-U products.
SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line. Microsoft discovered the exploits and privately reported them to SolarWinds, the latter company said in an advisory published on Friday. SolarWinds said the attacks are entirely unrelated to the supply chain attack discovered in December.What idiot still has SolarWinds deployed? Anyone breached now was asking for it.
-
Microsoft announces Windows 365, a subscription cloud PC
Microsoft has announced a new "cloud PC" product where users can stream a Windows device from anywhere.
Windows 365 will work similarly to game streaming - where the computing is done in a data centre somewhere remotely and streamed to a device. That means all sorts of devices - including tablets or Apple Macs - can stream a full Windows desktop PC. It is being sold to businesses to begin with, as many firms move to a mix of office and remote working. Microsoft is marketing the new way of using a PC as "hybrid Windows for a hybrid world". The company says that every user's apps and settings will boot instantly from any device - allowing personalised Windows PCs to be accessed from anywhere. -
SonicWall releases urgent notice about 'imminent' ransomware targeting firmware
Networking device maker SonicWall sent out an urgent notice to its customers about "an imminent ransomware campaign using stolen credentials" that is targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
In addition to the notice posted to its website, SonicWall sent an email to anyone using SMA and SRA devices, urging some to disconnect their devices immediately. They worked with Mandiant and other security companies on the issue, according to the release.
-
Clippy returns - as an emoji
Microsoft's much-maligned mascot Clippy is coming back from the dead - but only as an emoji.
Clippy the paperclip was a simplistic virtual assistant who offered tips and advice to Microsoft Office users, from 1997 and until the mid-2000s. Its constant pop-ups to suggest "help" with the simplest of tasks - such as writing a letter - annoyed many. But Microsoft says it is now bringing back the design, for its modern Office products. Clippy would replace the existing paperclip emoji in its Microsoft 365 products, including its cloud services and the modern, online version of Microsoft Office, the technology giant tweeted, but only it that tweet received 20,000 "likes" - and within hours, it had surpassed 100,000. -
@mlnews said in Miscellaneous Tech News:
Clippy returns - as an emoji
Microsoft's much-maligned mascot Clippy is coming back from the dead - but only as an emoji.
Clippy the paperclip was a simplistic virtual assistant who offered tips and advice to Microsoft Office users, from 1997 and until the mid-2000s. Its constant pop-ups to suggest "help" with the simplest of tasks - such as writing a letter - annoyed many. But Microsoft says it is now bringing back the design, for its modern Office products. Clippy would replace the existing paperclip emoji in its Microsoft 365 products, including its cloud services and the modern, online version of Microsoft Office, the technology giant tweeted, but only it that tweet received 20,000 "likes" - and within hours, it had surpassed 100,000.Links the Cat > Clippy
-
-
@scottalanmiller said in Miscellaneous Tech News:
https://securityaffairs.co/wordpress/120158/cyber-crime/hellokitty-ransomware-linux-variant.html
I'm assuming they must have harvested credentials to use the esxicli in the first place, I assume this because there's no mention of how they gain access to that service in the article.
-
Disable the Windows print spooler to prevent hacks, Microsoft tells customers
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations. -
Apple Watch lead Kevin Lynch shifts focus to car development
Evan Doll will take over some responsibilities leading health product strategy.
Another executive shuffle is underway at Apple, according to Insider. Kevin Lynch, a key Apple VP overseeing health and the Apple Watch, is moving into a new role working on Project Titan, Apple's car project. Lynch has been one of the most visible Apple leaders at WWDC and the company's various product unveiling events. He is one of the faces of Apple's health initiatives and the Apple Watch. The report doesn't go into much detail about what Lynch will be doing on the car project. Recently, Apple's automotive product development has been led by the company's AI chief, John Giannandrea. -
@mlnews said in Miscellaneous Tech News:
Disable the Windows print spooler to prevent hacks, Microsoft tells customers
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working
-
@stuartjordan said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
Disable the Windows print spooler to prevent hacks, Microsoft tells customers
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working
What is going on with companies that would intentionally continue to deploy this crap in a "business"?
-
@scottalanmiller said in Miscellaneous Tech News:
@stuartjordan said in Miscellaneous Tech News:
@mlnews said in Miscellaneous Tech News:
Disable the Windows print spooler to prevent hacks, Microsoft tells customers
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working
What is going on with companies that would intentionally continue to deploy this crap in a "business"?
Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/