• Should we panic?

    Posted on March 25, 2022 at 11:15 CDT by Comment in the Forums

    Gordon Kelly is out with a headline regarding to Quit Windows. Once again he has overblown the problem and overestimated the impact.

    First regarding side effects regarding DNS or domain name services, first off it only impacts Server 2019 and then only servers running the DNS server role.  We’re talking a narrow amount of impacted servers here, not BILLIONS.  I am running a Windows 2019 server with the DNS server role and not noting any issues, I use DNS forwarders and I have not seen anyone complain about this widely.  Microsoft has acknowledged the issue and Gordon is using Microsoft’s own transparency about an issue seen by a small subset to beat them up.

    Next the concerns over the local privilege escalation bug.  Unless how this is able to be attacked has changed,  CVE-2021-34484, isn’t easily exploited.  Per an October write up of the bug

    “While this is a critical vulnerability, exploitation would require threat actors to know the username and password of two different users, making an attack very difficult in the wild.”

    Excuse me?

    “Subsequently, vulnerability analysis specialist Will Dormann tested the flaw and found that the attack could not always be successfully completed.”

    Do we need to overinflate patching issues?  Absolutely not.

    Do we need to beat them up over quality of updates, yes.  But that’s true for all vendors including Apple.

    Edit:  As Carl points out in the comments you want to update your Browser today. THAT’S what you should be really worried about. Chrome is fixing a zero day that was under attack, Edge does not (as far as I can tell) have the fix yet.

    Edit 2:  Edge/Brave have the fix for the Chrome zero day as of 3/26/2022.  Make sure you update your browser.

    Windows 10
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.