I haven’t seen anything in the wild as yet, but there’s new, improved exploit code on GitHub — and it won’t be long. Consolation and advice coming in
[See the full post at: Win7 and Server 2008 R2 users take notice: It’s only a matter of time before Total Meltdown comes a-knockin’]
|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
Win7 and Server 2008 R2 users take notice: It’s only a matter of time before Total Meltdown comes a-knockin’
- This topic has 52 replies, 20 voices, and was last updated 7 years ago.
AuthorViewing 13 reply threadsAuthor-
-
-
I believe the general consensus (and Woody may confirm his assessment here as well) is that Meltdown has no known exploits in the wild, but now that Total Meltdown’s ins and outs have been leaked to everyone in the world, the safer bet is to protect yourself against TM, not Meltdown. TM exploits could come fast and numerous, just like the WannaCry & EternalBlue exploits did last year when those were made public.
You basically have 2 options –
1) Roll back all Cumulative or SecOnly updates released in 2018
2) Install the April Cumulative or SecOnly (possibly with another update thrown in there).If you are uninstalled for this year’s updates and the last Cumul or SecOnly you have is December, you’re not protected against Meltdown, but you ARE protected against TM (since your OS has not been bricked my MS).
If you WANT to further update, staying where you are, NOT rolling back, AND installing the new updates, keep in mind then you’re protected against the exploits, BUT there are issues with the patches overall still (which is why Woody still has his rating at DEFCON 2).
Long story short – ya kinda have to pick your poison.
As for your other questions… from what I understand, Total Meltdown can be exploited by ANY running application, which then gives it total free reign over everything your system has in memory. Total Meltdown is a more fearful exploit IMHO than Meltdown. I believe browsers (Chrome and Firefox at least) have been updated to protect against TM, at least partially. I would assume that TM exploits will come via web content, either SWF (Flash), JavaScript, or possibly maybe someone will even figure out how to store the code in an image somehow and once your browser downloads it, the code is on your PC. (Obviously links and bad downloads as well, though I’d expect most AskWoody users are smart enough to not get caught by that sort of junk.)
6 users thanked author for this post.
-
zero2dash said:
I would assume that TM exploits will come via web content, either SWF (Flash), JavaScript, or possibly maybe someone will even figure out how to store the code in an image somehow and once your browser downloads it, the code is on your PC. (Obviously links and bad downloads as well, though I’d expect most AskWoody users are smart enough to not get caught by that sort of junk.)Total Meltdown (as well as Meltdown-Spectre) exploits may also be possible via the following channels:
- drive-by malware-laced adverts displayed on webpages — no clicking required
- popups/ notices advising unwary users to “update” their “outdated” browser/ Flash/ etc.
- popups/ notices asking users to “clean up” their “infected” PCs
- clicking on a dubious, obfuscated or phishing link on a webpage or email
- opening or even previewing emails with embedded malicious JavaScript or macros
- opening an email attachment from unknown or even known senders (who themselves were hacked)
- downloading & running a legitimate software/ app/ addon that suffered an undiscovered supply-chain compromise (eg. CCleaner)
-
I agree with you. Users have to pick their poison. Note that the Firefox and Chrome web browsers have been updated to protect against Meltdown and not Total Meltdown since the latter doesn’t require precise timing methods. The fix for Meltdown was to reduce the precise timing resolution for Javascript code running in these web browsers.
On the other hand, Total Meltdown can get through any web browser since TM has no timing requirements. TM is just unbelievably pure and simple code which most likely is not presently going to trigger any AV programs. TM can gain access to all computer memory in less than a second, as demonstrated by XPN in his YouTube video.
I am not sure if TM can read all computer memory, beyond any sandboxed memory in the web browser, yet my money is that TM can. Why do I say this? Because yesterday I specifically asked XPN, in a comment I posted for his YouTube video demonstration of his POC code, if his POC code accessed all computer memory and not just the virtual machine’s assigned memory. I have yet to receive a reply. And I figure that his POC code did indeed access all of his computer’s memory since his POC code reported having gained access to approximately 31 GB of memory. I figure that the other 1 GB of memory was RAM assigned to his motherboard’s on-board video chip.
1 user thanked author for this post.
-
-
-
-
-
It’s my understanding — and I’m no expert — that Total Meltdown is completely different from Meltdown. They have nothing to do with each other.
Except for the name, of course.
2 users thanked author for this post.
-
My understanding is that Total Meltdown vulnerability was introduced in the process of trying to patch Meltdown and Spectre and as such they are related in the sense of the Windows components which are affected. Without the January/February and/or the original buggy March 2018 patches installed, the systems wouldn’t be vulnerable to Total Meltdown.
My inquiry is to be seen in this context.
To clarify:
– no Meltdown/Spectre patches = no Total Meltdown vulnerability
– Meltdown/Spectre installed patches can have the functionality disabled in the registry, which is default on servers to mitigate performance hit and allow administrators to decide. What happens if the registry key which disables Meltdown/Spectre patches is set? Would this have the same effect with not installing the patches for the purpose of protecting against the Total Meltdown vulnerability?It is a practical question, as it may offer an easy way out of the Total Meltdown vulnerability if in exchange Meltdown/Spectre vulnerability is acceptable, as there are no known attacks in the wild, at least not yet.
3 users thanked author for this post.
-
That’s a very good question, ch100. Good on you for thinking it through. Bad on Microsoft for not pre-answering this very question.
I probably should test again with the current patches, as I did this a few months ago, but I found that (on a Win 7 test system), throwing the switches to “disable” the Meltdown/Spectre mitigations didn’t actually return all the performance. At least some of the things they did to the kernel are not disabled by the registry tweak and still eat performance, so it’s possible the vulnerability is still there.
Is that proof of concept vulnerability code that was published capable of simply indicating whether the vulnerability is there? If so it would be easy to test.
-Noel
3 users thanked author for this post.
-
Short answer: I don’t know, but I’d be very surprised if disabling the Meltdown-blocking registry entries would have any effect at all on Total Meltdown.
1 user thanked author for this post.
-
-
-
-
I have Kb 4100480 installed, I’m in no hurry for the April updates.
Windows 7 Home x64 Group A
Windows 11 Pro
Version 23H2
OS build 22631.51891 user thanked author for this post.
-
-
Same here. I have Jan/Feb 2018 and KB 4100480.
W7 x64 Pro Grp. A
Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
-
-
You need to be running untrusted software for this to be an issue, right? And you need to be running it at a reduced security level, such that it is supposed to be blocked from accessing your critical / important data, for Total Meltdown to even matter.
With acknowledgement that you can never really trust anything you didn’t author yourself fully, there is a difference between software you have chosen to run after testing and have gotten to know and trust, and software that is likely to compromise your system.
If you are running such untrustworthy software, and are concerned that Total Meltdown is going to make you vulnerable, you REALLY should re-think about why you are running such software in the first place.
What I’m saying is that if your only line of defense against malware (that you’re actually running!) is that it’s non-privileged, I suggest that you’re likely to become infected with or WITHOUT the Total Meltdown vulnerability.
There are those of us who have always run all software fully privileged (anyone who runs Windows without UAC enabled does this). If you assume that ANY software you run, privileged or not, could be dangerous, you’re starting down the road to thinking and practices that will keep you safe.
It’s not a given that you NEED the latest patches to protect you, and that all will be lost if you don’t keep your system fully up to date. Just the plain, simple fact that we’re discussing a recently ADDED vulnerability here is testament to the need to think carefully about this stuff. It’s not all one-sided.
Food for thought: Just some ways you might run software containing malware:
- Downloading and running executable software from shady sites.
- Downloading and running software as a result of clicking something in an eMail. Nowadays you usually have to acknowledge at least one “are you sure?” prompt.
- Allowing software to set itself up to auto-update, then having it download updates containing malware.
- Running executable Add-ons and ActiveX in your web browser*.
- To some extent, running scripting in your web browser*, though the chance of getting malware is more limited than with executables.
* It’s been my experience that deconfiguring a browser to allow less than the default capabilities is a VERY effective way to keep yourself away from malware. For example, you want to disallow ActiveX; you want to minimize or eliminate browser add-ons; a few add-ons you DO want to consider using include those that help protect you, such as uBlock, NoScript, etc; and blocking all ads can net you a HUGE improvement in security.
Understand that you can actually browse the web with few to no add-ons. It’s preferable to do so.
Always know what’s running on your computer. Get used to looking over the list of running processes, and research any new ones that show up. Watch for things you don’t want running being enabled by updates. Watch for “handy features” being added as services or scheduled tasks by application software. Use tools like AutoRuns by SysInternals and ShellExView by NirSoft to help manage what’s running.
The more you understand and control what’s running, the less vulnerable you will be.
-Noel
- Downloading and running executable software from shady sites.
-
Normally I would say “absolutely, you’re spot on” – but after the CCleaner hack/infected installer debacle last year, I think this also goes beyond safe vs. unsafe software. CCleaner is well known and widely used, and even they’ve had a similar issue now. I used to put CCleaner on anything and everything, and recommended it to everyone. Well, we can’t do that anymore.
Technically yes, you’re right, but times have changed unfortunately for all of us.
-
I never trusted CCleaner, to be honest. “Cleaner” software in general is always suspect in my book – but I take your point.
That being said, no patch could prevent an exploit in software that requests your permission to run privileged on purpose. However, blocking the automatic self-update prevented the download of infected versions of CCleaner for some folks.
Always be and remain skeptical of everything you run and make good backups to minimize your risk.
-Noel
-
The only auto updates I allow are for MSE definitions. Other than browsers, I try to wait about a month or so to update my ‘installed’ software but got caught up in the CCleaner supply side hack when I updated it a few days before the news broke. SMH
Anyway, for now, I will keep using CCleaner because I have it configured to clean “Custom files and folders” in Chrome Dev and Waterfox. That said, for the foreseeable future, I will be sticking with v5.40, which I updated to a couple days ago, the newest version is 5.42. There are reports of people seeing increased outbound connections and Avast cookies automagically being added into the “CookiesToSave” section of the settings. Maybe the portable version is the one to use now, I’ve downloaded it but haven’t used it yet.
https://www.wilderssecurity.com/threads/ccleaner-v5.370654/page-36#post-2744010
-
-
-
-
-
-
Wait?
My small Win 7 system that runs 24/7 on my LAN in a small business server role is at the December 2017 patch level, plus subsequent Internet Explorer updates. Lo and behold, it runs without logging so much as a warning, performance is great, reliability is perfect…
-Noel
1 user thanked author for this post.
-
-
-
It depends on your use case as to whether a Chromebook is a suitable replacement for a Windows machine. If you don’t have a need for a specific program that only runs on Windows and your main use is internet-based, then Chrome OS is a good fit. (My household has a Win7 and Win10 machine and a Chromebook.)
I’m not in school, but I study math & chemistry topics in my spare (retired) time. I’ve found a lot of functionality just on websites, such as various 3-D graphing utilities and specialized scientific calculators. Google Drive works perfectly for me as storage space for notes on the ever-growing list of topics. Their word and spreadsheet programs(Google Docs and Sheets) are good enough for my work. (They do not have the myriad features of MS Word and Excel though.)
If you have a need to print, that could be a challenge with a Chromebook. They have taken steps to make it easier to print, but it could still be tricky. The easiest way to do so would be to have a wireless printer that Google recognizes.
Updates are a non-issue with Chromebooks. They come through around once a month it seems. They download in the background and a little notification button to restart appears in the login area. Click that and it takes a minute or less before the machine is ready to go again. Painless.
It’s the inability to install/run most software that is both the Chrome OS’ strength and its limitation. The only things you can install are extensions and apps from the Chrome Web Store, and, if your Chromebook supports it, the Google Play Store.
Our Chromebook recently got support for Play Store, but I found it useless, for several reasons. The apps take up physical drive space, which is already very limited on most Chromebooks. The apps generally also contain advertising and they are also seemingly always updating in the background. Added to that, the ones I tried were designed for phones and I couldn’t resize the windows, etc. I just didn’t find any worthwhile functionality with Play Store (Android) apps.
Our Chromebook is a fast ‘go to’ machine well suited for internet-based activities. It’s really a pleasure to use due to the hassle-free operation.
(Windows still has a place here because I have music software for that platform, and, well, it has the ability to run software other than that found in a walled garden. By the way, I personally have not found Windows 10 to be the bete noire I was expecting, but that’s not saying I agree 100% with what MS is doing.)
4 users thanked author for this post.
-
-
I found that (on a Win 7 test system), throwing the switches to “disable” the Meltdown/Spectre mitigations didn’t actually return all the performance.
Win7 Pro x64 Group B. I had used “InSpectre” to disable the Meltdown patch and always felt that all of the performance was not returned on my Haswell Core i5 desktop. I had updated with the Jan and Feb security-only patches but have since rolled back to December. Thanks, at least now I’m not totally convinced I was imagining things.
-
-
InSpectre does have the ability to change some registry keys.
In my case it seemed like the performance was not 100% of what it was prior to using the Jan and Feb security-only patches after I used InSpectre to “Disable Meltdown Protection” but it did seem to be an improvement. I never bothered to do any benchmarks, I’m just going by my perception.
Screenshot:
https://s17.postimg.cc/r2w4ao43j/Enable_or_Disable_Meltdown_Spectre_Protection.png1 user thanked author for this post.
-
-
My rational for installing the January and February Security-only updates and then using InSpectre to disable the Meltdown protection, is to get the other fixes and disabling the Meltdown protection “reduces” the performance loss, especially on older Haswell Core i5’s,
KB4056897 (January Security-only) — Security updates to Microsoft Graphics Component, Windows Graphics, Windows Kernel, and Windows SMB Server.
KB4074587 (Febuary Security-only) — Security updates to Windows Graphics, Windows Kernel, Common Log File System driver, Microsoft Windows Search component, and Windows storage and file systems.
I’m assuming that the kernel is what was updated/modified for Meltdown and the other fixes would still be used if Meltdown protection was disabled with the InSpectre program. Because March and April patches look to be a mess I decided to take Susan Bradley’s advice and roll back to December. Because I use uBlock Origin (with advanced settings) and No-Script Suite Lite, I’m not too worried about Meltdown/Specter at this point and… I got rid of the Total Meltdown gift I received from MS. I’ll just wait for the manure dust from Redmond to settle. If it ever does for Win7 users.
1 user thanked author for this post.
-
My rational for installing the January and February Security-only updates and then using InSpectre to disable the Meltdown protection, is to get the other fixes and disabling the Meltdown protection “reduces” the performance loss, especially on older Haswell Core i5’s,
Sorry Microfix, I feel the need to intervene here, because Richard is among those few users here who is doing the right thing and does not need opinion style of advice (moving over to Linux, Microsoft is bad etc.) to have his computer in best shape.
Richard, I am suggesting you to go ahead and download manually KB4099950 msu variety and run it.
Next, install from Windows Update only KB4093118 and get into the regular schedule of installing only the Monthly Rollup patches from now on. This include the .NET Monthly Rollups, but excludes any update named as Preview.Or alternatively follow Susan’s advice, who is likely to say that the manual step provided earlier in relation to installing KB4099950 msu is no longer required. I would say that it adds a layer of extra reliability, but it may indeed no longer be required.
1 user thanked author for this post.
-
Thanks for the reply Richard.
@ch100 Granted that Richard’s PC is right by the direction HE chooses to go and by weighing up the options can only be good for everyone.does not need opinion style of advice (moving over to Linux, Microsoft is bad etc.)
Where in this thread/ discussion have I mentioned any of the above?
Windows - commercial by definition and now function...3 users thanked author for this post.
-
The way I look at it is when we say what we think, right or wrong, it can create an oppoutunity for clarification, which can possibly, also help others. It’s all good!
5 users thanked author for this post.
-
I agree with your approach, Richard. I’d love to stay on group A with the performance for this one issue restored via the switch. I might even accept “mostly restored” if the hit isn’t too big.
I do plan to test again, with all the latest vs. the machine with December-level patches, and with some sophisticated test suites. I just haven’t found the time yet.
We really shouldn’t have to do this much work in order to determine whether the upsides are worth the downsides. But they just don’t document what they’re doing any more, and the alternative to testing to get real, hard data is to take whatever they’re pushing – and their agenda might no longer fit our agendas.
-Noel
-
OK, I found time to do some very well-controlled tests on my Haswell-equipped small Windows 7 system. It’s a Dell PowerEdge T20 with Pentium G3220 dual core processor.
I once again proved that the Spectre/Meltdown mitigations cut HEAVILY into machine performance. I measured more than a 50% loss in some categories of display and disk performance after installing the Dell BIOS update with microcode AND the latest Windows Updates!
Disabling the two mitigations – by pressing the buttons along the bottom of the GRC InSpectre tool and rebooting – got back most but not quite all of that performance.
After disabling the mitigations, the fully patched system ran most of its benchmarks as well as before patching, though I was only able to see a maximum disk throughput of a bit higher than 90% of the pre-patch level with a “workstation” disk access simulation.
As before, a Windows 7 system at the December patch level appears to run a bit faster than a current system.
Since the worst of the disk speed loss is only about 10% I’ll need to think hard about whether I want to return it to pre-January patch level.
Some screen grabs from the benchmarks attached.
Edit: Real work follow-up… A compute and disk intensive job that runs on schedule every day at 7:05am completed this morning in 20 minutes, 48 seconds, taking about a minute and a half longer (108% of the time) than it had been taking before. This is consistent with the degradation measured above via the “workstation” disk access measurement.
DNSListCompiler.bat finished on Sunday, April 22, 2018, 07:24:06. DNSListCompiler.bat finished on Monday, April 23, 2018, 07:24:31. DNSListCompiler.bat finished on Tuesday, April 24, 2018, 07:24:12. DNSListCompiler.bat finished on Wednesday, April 25, 2018, 07:24:11. DNSListCompiler.bat finished on Thursday, April 26, 2018, 07:25:48.
My conclusion: An 8% loss in system performance can be attributed to Windows 7 updates since December 2017 when Spectre and Meltdown mitigations are disabled.
-Noel
7 users thanked author for this post.
-
@Noel, Thanks for your tests and conclusions.
Your tests would make a great reference article on it’s own rather than getting lost over time.
Windows - commercial by definition and now function...1 user thanked author for this post.
-
Advice taken. See:
https://www.askwoody.com/forums/topic/windows-updates-since-december-2017-performance-loss
-Noel
1 user thanked author for this post.
-
-
-
-
-
-
In view of the fact that KB 4099950 was issued to fix a problem in a KB that I have not and do not intend to install i. e. KB 4088875, is it really necessary to uninstall KB 4099950?
You may not install KB 4088875 (as such) ever. But the Monthly Rollup patches are CUMULATIVE. That means each one contains all the changes the earlier ones made. To make that statement, you would have to stop patching Windows.
1 user thanked author for this post.
-
PKcano wrote:
You may not install KB 4088875 (as such) ever. But the Monthly Rollup patches are CUMULATIVE. That means each one contains all the changes the earlier ones made. To make that statement, you would have to stop patching Windows.
Yes, monthly rollups are cumulative. But the April monthly rollup KB 4093118 states that it:
Addresses an issue where a new Ethernet Network Interface Card (NIC) that has default settings may replace the previously existing NIC, causing network issues
Addresses an issue where static IP address settings can be lost
These two issues were the issues that KB 4099950 addressed that were initially introduced by the March monthly rollup KB 4088875.
Also, KB 4093118 does not indicate that the pre-April 17th version of KB 4099950 should be uninstalled and reinstalled before installing KB 4093118.
So, I guess I still have the same question. Is it really necessary before installing the April monthly rollup to uninstall and reinstall KB 4099950 if it was installed prior to April 17?
Edit to remove HTML. Please use the “text” tab in the entry box when you copy/paste.
1 user thanked author for this post.
-
-
-
-
I found that (on a Win 7 test system), throwing the switches to “disable” the Meltdown/Spectre mitigations didn’t actually return all the performance.
Win7 Pro x64 Group B. I had used “InSpectre” to disable the Meltdown patch and always felt that all of the performance was not returned on my Haswell Core i5 desktop. I had updated with the Jan and Feb security-only patches but have since rolled back to December. Thanks, at least now I’m not totally convinced I was imagining things.
That probably is because the kernel was also updated in order to make kernel code itself not vulnerable to being exploited by Meltdown/Spectre. Throwing the registry switch doesn’t restore the original kernel speed since parts of the kernel were replaced.
1 user thanked author for this post.
-
-
The proof of concept (POC) code for Total Meltdown is amazingly brief and simple in its function. The POC code is also amazingly fast at locating all computer memory in less than a second. The POC code does take a few to several seconds to escalate the memory privilege to root so that the POC code could then read all computer memory or do anything else with the memory contents. The POC code does not attempt to read the computer memory since the POC code is just that — POC code to show how to gain access and assign root privilege to all computer memory.
The really scary thing is what could be done with the POC code by malware authors. It is one thing to read all computer memory in order to simply steal information. It is another thing to contemplate what other things could be done, now that a malware author has access to all computer memory and can modify the contents of all computer memory.
The upshot is that virtually anything could be done, and the only solution could end up being having to restore from an offline backup. Even that might not work since the Holy Grail of all really bad malware authors and state actors is hardware. Do you all recall the fairly recently disclosed CPU vulnerability in which new code could be permanently written into a CPU? How about your computer’s BIOS? How about the firmware in your computer’s hard drives?
The upshot is that Microsoft’s blunder unwittingly opened the door in a way that, in my opinion, is unprecedented.
As I see it, users have one of only two reasonable choices: Roll back Windows Security Updates to December 2017, or get the buggy March and/or April Security Updates installed. Supposedly the March updates resolved this issue, yet I am not entirely sure. Given the issues with the March and April Security Updates, I chose to roll back my computers to the December 2017 Security Updates. Yet it is up to you to pick your poison in terms of which way to proceed.
This POC code is public and it can so easily be weaponized for a variety of purposes, when combined with other exploits. This POC code can make it incredibly easy to install other exploits on a victim’s computer. Again, the scary thing is what else can be done with this POC code as a starting point.
9 users thanked author for this post.
-
-
Woody already gave the installation of the April Rollup for Win7 as one of the options on his blog article.
-
-
-
-
I will go along with ch100 a bit here. Maybe I missed some information trying to read everything here, but I still can’t really for sure make up my mind clearly about Total Meltdown. Oh I would love MrBrian to chime in now.
I didn’t investigate Total Meltdown outside of this site, but I am not convinced by what I have read here that many really knows what it is about.
One thing that isn’t clear to me at all is if Total Meltdown can be run from Javascript or not. Remember this doesn’t exploit anything comparable to Spectre that used timing to cleverly not write into memory but indirectly deduct what was the content of the memory. No wonder Spectre was so scary as it made something like Javascript much more dangerous due to an unforeseen side-effect that made it possible to read any memory (not write), even across VMs. I doubt something very different would have as much power. Does Javascript have capabilities that would make flipping the privilege access of memory even possible?
I also don’t understand when we talk about downloading some tainted flash thing. Does Flash compile code on the fly now? If not, then unless there is another vulnerability not patched that is exploited to inject code on the local machine, I don’t see how Total Meltdown would be exploited. Maybe we are mixing apples and oranges here.
So, right now, based on my understanding, I wonder if Total Meltdown is not just not much more dangerous than any other privilege escalation mean in that you need to get bad code running locally first to have an issue and Javascript might not fit that description that well as I am not sure you can directly transfer anything in Javascript to machine code.
Unless someone explains clearly why Total Meltdown can exploit Javascript, to me, this would be much less dangerous than an SMB vulnerability or something like Spectre that can be triggered just by browsing casually without any intervention, just by the fact that it would be much harder to distribute. When you think about it, any privilege escalation vulnerability has terrible consequences, but getting it in is not necessarily easy, especially if you use mitigation tools like EMET…
3 users thanked author for this post.
-
-
I tried to quickly look at it and the proof of concept is not in Javascript. It looks like C++ or similar language with include files. This might be nothing like Spectre and might require a proximity to low level programming that Javascript doesn’t offer. In that case, total meltwodwn might just be one privilege escalation vulnerability like any other except maybe more easy to program but still not that easy to get running on the quite well patched computer of a careful user.
1 user thanked author for this post.
-
-
Viewing 13 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Notice on termination of services of LG Mobile Phone Software Updates
by 2 hours, 53 minutes ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 5 hours, 6 minutes ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 5 hours, 18 minutes ago
-
Return of the brain dead FF sidebar
by 1 hour, 52 minutes ago
-
windows settings managed by your organization
by 1 minute ago
-
Securing Laptop for Trustee Administrattor
by 13 minutes ago
-
The local account tax
by 8 hours, 34 minutes ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 11 hours, 55 minutes ago
-
Digital TV Antenna Recommendation
by 4 hours, 27 minutes ago
-
Server 2019 Domain Controllers broken by updates
by 23 hours, 47 minutes ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 1 day, 1 hour ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 1 day, 4 hours ago
-
Outlook (NEW) Getting really Pushy
by 7 hours, 4 minutes ago
-
Steps to take before updating to 24H2
by 1 hour, 38 minutes ago
-
Which Web browser is the most secure for 2025?
by 11 hours, 30 minutes ago
-
Replacing Skype
by 4 minutes ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 22 hours, 30 minutes ago
-
Excel Macro — ask for filename to be saved
by 1 day, 6 hours ago
-
Trying to backup Win 10 computer to iCloud
by 9 hours, 55 minutes ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 3 days, 4 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 3 days, 6 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 3 days, 6 hours ago
-
No April cumulative update for Win 11 23H2?
by 1 day, 18 hours ago
-
AugLoop.All (TEST Augmentation Loop MSIT)
by 3 days, 6 hours ago
-
Boot Sequence for Dell Optiplex 7070 Tower
by 3 days, 21 hours ago
-
OTT Upgrade Windows 11 to 24H2 on Unsupported Hardware
by 4 days, 1 hour ago
-
Inetpub can be tricked
by 2 days, 9 hours ago
-
How merge Outlook 2016 .pst file w/into newly created Outlook 2024 install .pst?
by 2 days, 19 hours ago
-
FBI 2024 Internet Crime Report
by 4 days, 5 hours ago
-
Perplexity CEO says its browser will track everything users do online
by 1 day, 14 hours ago
Remembering Woody
