sparty411 Posted May 14, 2019 Posted May 14, 2019 (edited) I think I discovered why we have received a new update. https://www.theverge.com/platform/amp/2019/5/14/18623708/zombieload-attack-intel-processors-speculative-execution EDIT - I was wrong This is why https://www.zdnet.com/article/microsoft-patches-windows-xp-server-2003-to-try-to-head-off-wormable-flaw/ Edited May 15, 2019 by sparty411 misinfo 2
wyxchari Posted May 15, 2019 Posted May 15, 2019 (edited) 12 hours ago, glnz said: So this new XP update. There are two flavors - Security Update for Windows XP SP3 (KB4500331) - Windows XP and 2019-05 Security Update for WES09 and POSReady 2009 for x86-based Systems (KB4500331) - Windows XP Embedded Which one am I now? Through Nov 2014 I was XP. Since then I've been a cash register. What's your guidance? Since 2014 when we made the windows hack to continue receiving updates, always Microsoft update or Windows update have offered Posready updates. Never XPe updates. Check your update history. 3 versions: Posready, plain XP and XPe. Edited May 15, 2019 by wyxchari
Mcinwwl Posted May 15, 2019 Posted May 15, 2019 Wannacry update was offered for regular XP SP3, and now, we also have new update for XP https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 I'm a bit surprised, but happy afterall. Thought I will be the disciple of a good news, but you wee faster, guys. 3
w2k4eva Posted May 15, 2019 Posted May 15, 2019 9 hours ago, Dave-H said: 9 hours ago, glnz said: So this new XP update. There are two flavors - Security Update for Windows XP SP3 (KB4500331) - Windows XP and 2019-05 Security Update for WES09 and POSReady 2009 for x86-based Systems (KB4500331) - Windows XP Embedded Which one am I now? Through Nov 2014 I was XP. Since then I've been a cash register. What's your guidance? I suspect they're the same thing, I downloaded the two files, and they are only 4 bytes different in size! The "payload" stuff is indeed the same. What is different is the catalog file, because it is signing the files branches.inf and update_SP3QFE.inf. These inf files contain slightly different timestamps between the versions. The other interesting difference is that the update_SP3QFE.inf file for the plain-XP version does not have the Prerequisite section that is present in the posready version; that section is what restricts the update from being applied to plain XP. Since that section is missing from the plain version, wouldn't those who did the reghack be able to use either version without modifications? 1
wyxchari Posted May 15, 2019 Posted May 15, 2019 (edited) They do not work but by the year 2005 approximately they worked: http://v4.windowsupdate.microsoft.com/en/default.asp?corporate=true http://corporate.windowsupdate.microsoft.com Edited May 15, 2019 by wyxchari
Mathwiz Posted May 15, 2019 Posted May 15, 2019 23 hours ago, sparty411 said: I think I discovered why we have received a new update. https://www.theverge.com/platform/amp/2019/5/14/18623708/zombieload-attack-intel-processors-speculative-execution EDIT - I was wrong This is why https://www.zdnet.com/article/microsoft-patches-windows-xp-server-2003-to-try-to-head-off-wormable-flaw/ Hmm - article mentions XP, Server 2003, Server 2008, Win 7, and Server 2008 R2 - what about Vista? 1
sparty411 Posted May 15, 2019 Posted May 15, 2019 9 minutes ago, Mathwiz said: Hmm - article mentions XP, Server 2003, Server 2008, Win 7, and Server 2008 R2 - what about Vista? Perhaps Vista wasn't vulnerable?
Dave-H Posted May 15, 2019 Posted May 15, 2019 I'd be surprised if it wasn't. Although the article doesn't specifically mention Vista, it does say that only 8.1 and 10 aren't affected.
FranceBB Posted May 15, 2019 Posted May 15, 2019 18 minutes ago, Dave-H said: I'd be surprised if it wasn't. Although the article doesn't specifically mention Vista, it does say that only 8.1 and 10 aren't affected. It says that "The vulnerability doesn't affect Windows 8.1 or 10 (or Server variants starting with 2012), but it does affect Windows 7, Windows Server 2008 and 2008 R2". Windows Server 2008 R2 is based on Windows 7, but the 2008 version is based on Vista, so I'm pretty sure that Vista is also affected. 5
wyxchari Posted May 16, 2019 Posted May 16, 2019 7 hours ago, sparty411 said: Perhaps Vista wasn't vulnerable? https://borncity.com/win/2019/05/15/critical-update-for-windows-xp-up-to-windows-7-may-2019/ "Users of Windows Vista can download the updates (Monthly Rollup or Security Online) of Windows Server 2008 from the Update Catalog and install them manually." 3
Wunderbar98 Posted May 16, 2019 Posted May 16, 2019 New patch includes XP, came across today, source: https://www.wired.com/story/microsoft-windows-xp-patch-very-bad-sign/ Don't forget to disable remote desktop, all my WindowsXP systems are already offline. Quote THIS WEEK, MICROSOFT issued patches for 79 flaws across its platforms and products. One of them merits particular attention: a bug so bad that Microsoft released a fix for it on Windows XP, an operating system it officially abandoned five years ago. There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe. This week’s vulnerability has similarly devastating implications. In fact, Microsoft itself has drawn a direct parallel. “Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Simon Pope, director of incident response for the Microsoft Security Response Center, wrote in a statement announcing the patch Tuesday. “It is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.” Microsoft is understandably withholding specifics about the bug, noting only that it hadn’t seen an attack in action yet, and that the flaw relates to Remote Desktop Services, a feature that lets administrators take control of another computer that’s on the same network. That small parcel of information, though, still gives potential attackers plenty enough to go on. “Even mention that the area of interest is Remote Desktop Protocol is sufficient to uncover the vulnerability,” says Jean Taggart, senior security researcher at security firm Malwarebytes. Expect that to happen quickly. “This will be fully automated in the next 24 to 48 hours and exploited by a worm,” says Pieter Danhieux, CEO of secure coding platform Secure Code Warrior, referring to the class of malware that can propagate across a network without any human interaction, such as clicking the wrong link or opening the wrong attachment. Like the Blob, it just spreads. Once that worm gives hackers access to those devices, the possibilities are fairly limitless. Danhieux sees ransomware as a likely path; Taggart ticks off spam campaigns, DDoS, and data harvesting as possibilities. “Take your pick,” he adds. “Suffice to say, a lot.” The saving grace for all of this is that computers running Windows 8 and up aren’t affected. But it’s important not to underestimate the danger that Windows XP computers can still pose. Estimates vary, but analytics company Net Marketshare says that 3.57 percent of all desktops and laptops still run Windows XP, which was first released in 2001. Conservatively, that's still tens of millions of devices on Windows XP—more than are running on the most recent version of MacOS. Moreover, you can assume with some confidence that almost none of those computers are ready for what’s coming. "When you’re dealing with patching, it’s a balancing act." RICHARD FORD, FORCEPOINT Yes, plenty of Windows XP users are just folks who haven’t dusted off their Dell Dimension tower since the last Bush administration. It seems unlikely that they'll ever get around to installing this latest patch, especially given that you need to seek it out, and download and install it yourself. It’s hard enough to get people to update modern systems with their incessant nagging popups; one imagines that those still on Windows XP are in no rush to visit the Microsoft Update Catalog. More troubling, though, are the countless businesses and infrastructure concerns that still rely on Windows XP. As recently as 2016, even nuclear submarines had it on board. For the most sensitive use cases—like, say, nukes—companies and governments pay Microsoft for continued security support. But the bulk of hospitals, businesses, and industrial plants that have Windows XP in their systems don’t. And for many of those, upgrading—or even installing a patch—is more difficult than it might seem. “Patching computers in industrial control networks is challenging because they often operate 24/7, controlling large-scale physical processes like oil refining and electricity generation,” says Phil Neray, vice president of industrial cybersecurity at CyberX, an IoT and ICS-focused security firm. Recent CyberX research indicates that more than half of industrial sites run unsupported Windows machines, making them potentially vulnerable. There’s not much opportunity to test the impact of a patch on those types of systems, much less to interrupt operations to install them. That applies to health care systems, too, where the process of updating critical software could interrupt patient care. Other businesses run specialized software that’s incompatible with more recent Windows releases; practically speaking, they’re trapped on XP. And while the best way to protect yourself from this latest vulnerability—and the countless others that now plague unsupported operating systems—is to upgrade to the latest version of Windows, cash-strapped businesses tend to prioritize other needs. With any luck, Microsoft’s extraordinary step of pushing a patch will spur many of them to action. It’s hard to imagine a louder siren. “When you’re dealing with patching, it’s a balancing act between the costs of patching and the costs of leaving it alone, or just asking users to upgrade,” says Richard Ford, chief scientist at cybersecurity firm Forcepoint. “They would have a grasp of both the security risk—and the reputational risk—of not going after this vulnerability aggressively. Put those all together, and when the stars align it makes a lot of sense to provide the patch, quickly, safely, and even for operating systems that are out of support.” The coming weeks and months should show, though, just how wide a gap exists between providing a patch and getting people to install it. An attack on Windows XP is at this point inevitable. And the fallout might be worse than you’d have guessed.
sparty411 Posted May 16, 2019 Posted May 16, 2019 So, if this update is so crucial, why exactly aren't they pushing these updates automatically? Last I checked, Windows update service still works on Windows XP. 4
Mathwiz Posted May 16, 2019 Posted May 16, 2019 (edited) 14 hours ago, wyxchari said: https://borncity.com/win/2019/05/15/critical-update-for-windows-xp-up-to-windows-7-may-2019/ "Users of Windows Vista can download the updates (Monthly Rollup or Security Online) of Windows Server 2008 from the Update Catalog and install them manually." Vista/Server 2008 can download and install KB4499180 to patch this vulnerability. Unfortunately, Server 2008 uses the same cumulative update model as IE, Win 7, etc., making it difficult to determine exactly what's included in each month's single update. But AFAICS this was the only new security issue patched this month, and we got it on XP too. So luckily, we're current for one more month. Edit: That was wrong; there was also an elevation of privilege vulnerability and an information disclosure vulnerability patched in Server 2008 this month. Of course there's no way to know whether those issues affect Windows XP, but it seems likely. We've started to fall behind a bit.... Edited May 16, 2019 by Mathwiz 1
bluebolt Posted May 16, 2019 Posted May 16, 2019 I don't think we're falling behind at all. Does the vulnerability even exist if Remote Desktop is disabled in services (not to mention that it is now patched)? If this is such a "very bad sign" (as the wired.com article says), with "similarly devastating implications" to WannaCry (as it also says), I would simply remind that WannaCry turned out to be ineffective against Windows XP, contrary to early reports. https://www.theverge.com/2017/5/30/15712542/windows-xp-wannacry-protect-ransomware-blue-screen 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now