Microsoft’s “latest and greatest” isn’t even able to get a larger share than the acknowledged failure that is Vista. I’ve been telling clients that Windows 7 is a worthy replacement for XP. Nice to see some independent data to back up my thoughts.
Category: Windows 7
this is inside a component that is on nearly every Microsoft machine worldwide. this includes all versions of xp, vista, 7 and the server versions. There is no Windows Update yet. Please use the fixit for me link for a hotfix. This is a patch for this issue but it may cause issues since it’s not been fully validated. However this problem allows remote system takeover via IE AND Office.
The link to the fixit is here.
I can’t copy and paste anything but it explains how the latest intel “Security” addons aren’t secure at all….they make it trivially easy for your system to be hardware rooted..making it impossible for you to regain control of your system.
Intel Small Business Advantage is a security nightmare | SemiAccurate.
Update your machines now. If you are running a server with rdp exposed first firewall it off the internet then use another actual secure vpn to get to that server and update. I would then never allow rdp direct access to the net again.
Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazons EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.”This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine,” Amol Sarwate, director of Qualys vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a “big concern” because it is so widely used in large organizations and business settings.The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said theres no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change.”Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Suha Can and Jonathan Ness, of Microsoft Security Response Center Engineering, wrote in an advisory published Tuesday.
via Critical Windows bug could make worm meat of millions of high-value machines.
Watch this folks. I talk about this over and over. a/v isn’t enough..it is only a start. Please start with these basics. Please contact ECC on how to minimize your exposure.
As the software landscape changes and so does technology so does my recommendations for clients. The biggest one right now is do you buy windows 7/server 2008 now or wait? ECC is saying to wait unless you absolutely MUST upgrade now. Why? 2012-2013 Windows 8, Server 2012, and Office 2012/2013 are going to be coming out. I would not buy anything srver 2008 related right now(that includes the latest versions of SBS as they are based on 2008 R2). We are three years into the primary support cycles of 2k8 vintage product that means you have two years of primary support for most things 2k8 based. If you are going to go through the expense of a major upgrade then I would wait. If you only are using 2k8 for simple AD and file resource sharing 2k8 is most likely going to be a great bet if you have to upgrade now. If you have further questions feel free to use the contact form at eccmd.com/http://www.emmanuelcomputerconsulting.com/contact-us or call me.
There are increasing reports of issues with this service pack. Despite it not supposedly making any major changes to either OS it seems that may not be the case. if you are an ECC client or just a user watching the ECC feeds i advise NOT installing this update right now.
For those who like to wait for SP1 of anything…MS is about to release Service Pack 1 for Server 2008 R2 and Windows 7.
Your Money or Your Business — Krebs on Security.
Just read this individuals blog. There’s entry upon entry of businesses getting malware tuned to logging their keystrokes for the purpose of accessing their online bank accounts. Just do a few things and you’ll be ok.
Microsoft has released the fix for the LNK issue. this coming Tuesday is going to be a monster patch day with a total of 37 issues fixed in 14 patches.