Newsletter Archives

  • August 2019 Security patches: It’s a biiiiiiiiig month

    Posted on August 13, 2019 at 12:30 CDT by Comment in the Forums

    Looks like we’re getting 90 separate patches for 93 individually reported security holes (CVEs).

    The largest single pain point appears to be Remote Desktop Services. (Tell me if you’ve heard that one before.) According to a post from Simon Pope at the MS Security Response Center:

    Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

    The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

    Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.,,

    At this time, we have no evidence that these vulnerabilities were known to any third party.

    In the process of fixing the BlueKeep security hole, Microsoft found a metric ton of similar problems. At this point, nobody’s figured out a way to worm-out BlueKeep, so I figure you’re safe for now. This applies to almost none of you (if you have an internet-facing RDP server you likely know about it already), but as Dustin Childs says on the Zero Day Initiative page:

    If you must have an internet-facing RDP server, patch immediately (and reconsider your server placement).

    Martin Brinkmann has his usual overview on ghacks.net:

    Windows 7: 39 vulnerabilities
    Windows 8.1: 39 vulnerabilities
    Windows 10 version 1709: 53 vulnerabilities (!)
    Windows 10 version 1803: 61 vulnerabilities
    Windows 10 version 1809: 64 vulnerabilities
    Windows 10 version 1903: 64 vulnerabilities

    The scariest Office vulnerability? CVE-2019-1201. It looks like you can exploit this one by sending someone an email and having it viewed in the Outlook preview pane. I thought that general form of exploit was fixed years ago – but not according to the CVE description:

    Microsoft Outlook Preview Pane is an attack vector for this vulnerability.

    As usual, we’re very interested in hearing of any problems you encounter – particularly if they persist after you roll back the patch.

    UPDATE: There’s an acknowledged problem with the Win7 and Server 2008R2 patches and Symantec Endpoint Protection. It’s more of the SHA-2 blues. Thx, @EP.

    Another update: Security folks are starting to call the new BlueKeep act-alikes “BlueKeep II” and “BlueKeep III.” I’m going to follow Kevin Beaumont’s lead and call them DejaBlue.

    Worth noting: None of the security holes plugged today have known exploits. SANS Internet Storm Center has details.

    Great observation by Brian Krebs:

    At least one of the updates I installed last month totally hosed my Windows 10 machine. I consider myself an equal OS abuser, and maintain multiple computers powered by a variety of operating systems, including Windows, Linux and MacOS.

    Nevertheless, it is frustrating when being diligent about applying patches introduces so many unfixable problems that you’re forced to completely reinstall the OS and all of the programs that ride on top of it.

    We share your pain, Brian.

    Windows Patches/Security , ,

  • More intern shenanigans

    Posted on August 13, 2019 at 11:28 CDT by Comment in the Forums

    Remember how I warned you that:

    Traditionally, August finds Microsoft in a mid-summer lull, with lots of folks on vacation and more than the usual chances of surprising screw-ups from second-string staff. It’s an excellent month to sit on the sidelines

    Not surprisingly, it’s happening. From the patchmanagement list:

    Just got a slew office security updates with a time stamp 8/13/2019 6:29am CST.

    however when you click the “more information” link it goes to a page not found on Microsoft’s site. Even more weird is if you do search on Microsft site for the KB like (KB4475547) it states
    We would like to show you a description here but the site won’t allow us
     
    what in the world is going on?
    What’s going on is people who don’t know what they’re doing, doing it anyway. Hang tight. When the info’s all out, we’ll post it here.
    Windows Patches/Security

  • MS-DEFCON 2: Make sure Windows automatic update is temporarily turned off

    Posted on August 12, 2019 at 10:21 CDT by Comment in the Forums

    Traditionally, August is a slow month, with lots of ‘Softies on vacation, and an unusually large share of beginner’s mistakes.

    It’s time to check your braces and suspenders, and get Auto Update paused or turned off.

    Details in Computerworld Woody on Windows.

    Windows Patches/Security ,
  • Newer Entries »
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.