Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sampei.Nihira

End of POSReady 2009 Patches: What to Do?

Recommended Posts


6 hours ago, Mathwiz said:

 

why would malware want to open a folder window, and what possible security exposure would that pose if it did?

Because it can place an executable in the autorun folder in which resides links to programs that are gonna be opened at boot-time, then wait 'till you'll reboot and boom.

Anyway, I'm still running my browser normally, but I think I'm gonna use the Avast Sandbox in the future.

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
15 hours ago, FranceBB said:

Because it can place an executable in the autorun folder in which resides links to programs that are gonna be opened at boot-time, then wait 'till you'll reboot and boom.

Anyway, I'm still running my browser normally, but I think I'm gonna use the Avast Sandbox in the future.

That's no good.

The effectiveness of the sandbox is directly proportional to the kernel that hosts it.

If the OS is unpatched in the future, the effectiveness of the sandbox may be affected.

Furthermore, the effectiveness of sandboxes depends on other factors, which reduce their protection in OS like XP.

For example, the protection of Chrome's sandbox is less effective in Windows XP:

 

https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md

Quote

 

.....Sandbox restrictions

At its core, the sandbox relies on the protection provided by four Windows mechanisms:

A restricted token

The Windows job object

The Windows desktop object

Windows Vista and above: The integrity levels

_____________________________________________________________________________

....By design, the sandbox token cannot protect the following non-securable resources:

Mounted FAT or FAT32 volumes: The security descriptor on them is effectively null. Malware running in the target can read and write to these volumes as long it can guess or deduce their paths.

TCP/IP: The security of TCP/IP sockets in Windows 2000 and Windows XP (but not in Vista) is effectively null. It might be possible for malicious code in the target to send and receive network packets to any host.

 

 

https://threatpost.com/using-kernel-exploits-bypass-sandboxes-fun-and-profit-031813/77638/

 

Quote

....We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges.....

 

Edited by Sampei.Nihira
  • Like 1

Share this post


Link to post
Share on other sites
On 5/17/2019 at 4:27 PM, FranceBB said:

Because it can place an executable in the autorun folder in which resides links to programs that are gonna be opened at boot-time, then wait 'till you'll reboot and boom.

It wouldn't have to open a window to do that! It could just slip the .exe into your Startup folder invisibly, and be done with it. In fact, opening a window would be counterproductive from the malware's point of view: you might notice the rogue .exe in there and delete it. At the very least, having an Explorer window open up unbidden would be a tip-off that something was amiss.

I mean, security I dig, but you guys are taking it to an extreme if you think it's a risk to let your browser ever open an Explorer window!

But, whatever. As I thought I made clear, it's not that big of a deal, especially since running your browser with limited privileges has other benefits. I just thought I'd point out that side-effect in case someone else tries this trick, then later notices they can't open their download folder from the browser any more. Just trying to save some time troubleshooting why that was happening; didn't realize pointing it out would become so, um, controversial....

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

Found this interesting statement from my old friends(before i reached Sysopt):
https://www.techrepublic.com/article/windows-xp-dies-final-death-as-embedded-posready-2009-reaches-end-of-life/

Will now execute the Posready Hack on actual drive, like done on others.
UPDATE:
That was a bad idea.
Result was explorer-crashing. i am now on a different drive with other problems.
Have the very same explorer-crash on a third drive, same SSE-PC.
Have not found a solution, tried everything incl. repairinstallation with endless amount of troubles since it was falling back to SP2. dont have a SP3-installation yet here. a) couldnt install SP3(finally found a workaround) b) couldnt run winxp updatepacks from winfuture dot de. found a solution.

(NB:Other than written by me elsewhere in this forum-if not deleted by the administration- only english versions of Win7(NOT WINXP like i stated) will accept these updatepacks.

Edited by 3dreal
NEWS

Share this post


Link to post
Share on other sites

LOL:

Quote

Windows XP dies final death as Embedded POSReady 2009 reaches end of life

IOW, we already claimed XP was dead five years ago, and we're just now admitting we were wrong. But we're right this time!

Well, maybe ... but there are still folks using Win2K, and there are more XP users than 2K users....

Share this post


Link to post
Share on other sites

Now, if you have a need to access your PC via Remote Desktop, that's another matter; you can't just block the port without losing that functionality. (Obvious example: Windows XP mode under Win 7 requires that port be open to work - but it's not accessible to the "outside" anyhow.)

But I bet most users here at MSFN have already installed the fix for this vulnerability on all their PCs anyhow.

Share this post


Link to post
Share on other sites

Can't we change the port RDP uses for communication?

Share this post


Link to post
Share on other sites
1 hour ago, Mcinwwl said:

Can't we change the port RDP uses for communication?

Yes but i would assume that still leaves the new port vulnerable, albeit it's better-than-nothin' as most bots looking for this vulnerability are probably only interested in the default port.
YMMV

Share this post


Link to post
Share on other sites

Sure. You can put better door lock, or concrete it and enter your house from a helicopter or secret underground tunel. just need to mind your risks, needs and possibilities ;)

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

A big fat thank you, Microsoft! So you do love us, after all.

Why am I thanking Microsoft?

Well, it's because contrary to what they said in 2018 and reiterated in 2019, they have released the new Microsoft C++ Redistributable 2019 x86 and guess what? They are XP-Compatible.

This is a very good news as it means that programmes compiled with Visual Studio 2019 will be able to run on XP without targeting the old deprecated v141_xp but using the new one.

Thank you, Microsoft, thank you!! :D

https://support.microsoft.com/en-gb/help/2977003/the-latest-supported-visual-c-downloads

IQFZbCa.png

Edited by FranceBB
  • Like 3

Share this post


Link to post
Share on other sites

Umm, those are cumulative 2015/2017/2019 redistributables, they don't mean new programs will work under XP. Invoking non existing API's in other DLLs is still a thing...

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...