TriniTuner.com | Latest Event:
Moderator: 3ne2nr Mods
THIS WEEK, MICROSOFT issued patches for 79 flaws across its platforms and products. One of them merits particular attention: a bug so bad that Microsoft released a fix for it on Windows XP, an operating system it officially abandoned five years ago.
There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe. This week’s vulnerability has similarly devastating implications. In fact, Microsoft itself has drawn a direct parallel.
“Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Simon Pope, director of incident response for the Microsoft Security Response Center, wrote in a statement announcing the patch Tuesday. “It is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
Microsoft is understandably withholding specifics about the bug, noting only that it hadn’t seen an attack in action yet, and that the flaw relates to Remote Desktop Services, a feature that lets administrators take control of another computer that’s on the same network.
That small parcel of information, though, still gives potential attackers plenty enough to go on. “Even mention that the area of interest is Remote Desktop Protocol is sufficient to uncover the vulnerability,” says Jean Taggart, senior security researcher at security firm Malwarebytes.
Expect that to happen quickly. “This will be fully automated in the next 24 to 48 hours and exploited by a worm,” says Pieter Danhieux, CEO of secure coding platform Secure Code Warrior, referring to the class of malware that can propagate across a network without any human interaction, such as clicking the wrong link or opening the wrong attachment. Like the Blob, it just spreads.
Once that worm gives hackers access to those devices, the possibilities are fairly limitless. Danhieux sees ransomware as a likely path; Taggart ticks off spam campaigns, DDoS, and data harvesting as possibilities. “Take your pick,” he adds. “Suffice to say, a lot.”
The saving grace for all of this is that computers running Windows 8 and up aren’t affected. But it’s important not to underestimate the danger that Windows XP computers can still pose. Estimates vary, but analytics company Net Marketshare says that 3.57 percent of all desktops and laptops still run Windows XP, which was first released in 2001. Conservatively, that's still tens of millions of devices on Windows XP—more than are running on the most recent version of MacOS. Moreover, you can assume with some confidence that almost none of those computers are ready for what’s coming.
"When you’re dealing with patching, it’s a balancing act."
RICHARD FORD, FORCEPOINT
Yes, plenty of Windows XP users are just folks who haven’t dusted off their Dell Dimension tower since the last Bush administration. It seems unlikely that they'll ever get around to installing this latest patch, especially given that you need to seek it out, and download and install it yourself. It’s hard enough to get people to update modern systems with their incessant nagging popups; one imagines that those still on Windows XP are in no rush to visit the Microsoft Update Catalog.
More troubling, though, are the countless businesses and infrastructure concerns that still rely on Windows XP. As recently as 2016, even nuclear submarines had it on board. For the most sensitive use cases—like, say, nukes—companies and governments pay Microsoft for continued security support. But the bulk of hospitals, businesses, and industrial plants that have Windows XP in their systems don’t. And for many of those, upgrading—or even installing a patch—is more difficult than it might seem.
“Patching computers in industrial control networks is challenging because they often operate 24/7, controlling large-scale physical processes like oil refining and electricity generation,” says Phil Neray, vice president of industrial cybersecurity at CyberX, an IoT and ICS-focused security firm. Recent CyberX research indicates that more than half of industrial sites run unsupported Windows machines, making them potentially vulnerable. There’s not much opportunity to test the impact of a patch on those types of systems, much less to interrupt operations to install them.
That applies to health care systems, too, where the process of updating critical software could interrupt patient care. Other businesses run specialized software that’s incompatible with more recent Windows releases; practically speaking, they’re trapped on XP. And while the best way to protect yourself from this latest vulnerability—and the countless others that now plague unsupported operating systems—is to upgrade to the latest version of Windows, cash-strapped businesses tend to prioritize other needs.
With any luck, Microsoft’s extraordinary step of pushing a patch will spur many of them to action. It’s hard to imagine a louder siren. “When you’re dealing with patching, it’s a balancing act between the costs of patching and the costs of leaving it alone, or just asking users to upgrade,” says Richard Ford, chief scientist at cybersecurity firm Forcepoint. “They would have a grasp of both the security risk—and the reputational risk—of not going after this vulnerability aggressively. Put those all together, and when the stars align it makes a lot of sense to provide the patch, quickly, safely, and even for operating systems that are out of support.”
The coming weeks and months should show, though, just how wide a gap exists between providing a patch and getting people to install it. An attack on Windows XP is at this point inevitable. And the fallout might be worse than you’d have guessed.
#WANNACRY#MICROSOFT#WINDOWS XP#RANSOMWARE
Soul Collector wrote:Why did you mention Win7 though? I don't think I saw anything in the article about it, just XP. Good info, I only came off XP a few years ago and still running 7.
skylinechild wrote:Soul Collector wrote:Why did you mention Win7 though? I don't think I saw anything in the article about it, just XP. Good info, I only came off XP a few years ago and still running 7.
say good bye to windows 7 - end of life is next year January
Soul Collector wrote:Why did you mention Win7 though? I don't think I saw anything in the article about it, just XP. Good info, I only came off XP a few years ago and still running 7.
The saving grace for all of this is that computers running Windows 8 and up aren’t affected. But it’s important not to underestimate the danger that Windows XP computers can still pose. Estimates vary, but analytics company Net Marketshare says that 3.57 percent of all desktops and laptops still run Windows XP, which was first released in 2001. Conservatively, that's still tens of millions of devices on Windows XP—more than are running on the most recent version of MacOS. Moreover, you can assume with some confidence that almost none of those computers are ready for what’s coming.
Soul Collector wrote:Ahhh, I read that line but it totally flew over my head! I don't use the auto update feature on this bootleg win7 ultimate version that I have though. I'll just let this rig run its course is all I can say lol
88sins wrote:lol @ "urgent" patch.
this is old news. wannacry been around infecting machines over 2 years now. no need for their patch really, as long as certain precautions are taken.
88sins wrote:lol @ "urgent" patch.
this is old news. wannacry been around infecting machines over 2 years now. no need for their patch really, as long as certain precautions are taken.
A Reminder to Update Your Systems to Prevent a Worm
★★★★★★★★★★★★★★★
On May 14, Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. In our previous blog post on this topic we warned that the vulnerability is ‘wormable’, and that future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.
It's been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we’re out of the woods. If we look at the events leading up to the start of the WannaCry attacks, they serve to inform the risks of not applying fixes for this vulnerability in a timely manner.
Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible.
It is possible that we won’t see this vulnerability incorporated into malware.
But that’s not the way to bet.
EternalBlue Timeline
Almost two months passed between the release of fixes for the EternalBlue vulnerability and when ransomware attacks began. Despite having nearly 60 days to patch their systems, many customers had not.
A significant number of these customers were infected by the ransomware.
March 14, 2017: Microsoft releases security bulletin MS17-010 which includes fixes for a set of SMBv1 vulnerabilities.
April 14 2017: ShadowBrokers publicly releases a set of exploits, including a wormable exploit known as 'EternalBlue' that leverage these SMBv1 vulnerabilities.
May 12, 2017: The EternalBlue exploit is used in ransomware attacks known as WannaCry. Hundreds of thousands of vulnerable computers across the globe are infected.
Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Links to downloads for Windows Vista, Windows 2003 and Windows XP https://support.microsoft.com/help/4500705
Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC)
Return to “Ole talk and more Ole talk”
Users browsing this forum: Chimera, foreignused, matr1x, Mmoney607, shake d livin wake d dead, The_Honourable and 146 guests
