Microsoft Patches Critical Malware Protection Engine Vulnerability

[RV_]

I posted this over in Connecting on the road. This is pretty critical and was patched as such immediately so in addition to normal performance and security updates you want this fixed too, just click on this link and read the article:

http://www.tomshardware.com/news/microsoft-windows-malware-protection-vulnerability,34364.html

 

[RV_]

More:

https://threatpost.com/microsoft-plugs-three-zero-day-holes-as-part-of-may-patch-tuesday/125544/

[RV_]

More:

Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies

http://www.pcworld.com/article/3195809/security/microsoft-fixes-55-vulnerabilities-3-exploited-by-russian-cyberspies.html

[Pieere]

Actually wondering when Microsoft will improve Windows Defender so it can catch the majority of spam, malware and other malicious software!

 

[RV_]

PIeere,

This is not aimed at you, but just a refresher for my friends here.

There is no anti-malware program today that can detect zero day threats that are not already downloaded and in the program's signature file. While there are many who claim to be able to protect against unknown threats, in reality the first to come up with that will be bought out immediately by Microsoft, Apple, Google, or another.

However, today, all of the OS' are hardened to the point that unless you find a new vulnerability, that they do not know about or have a signature ready, or have a patch ready, running any known malware just can't get through directly. If your system is patched on time, which is the day of release because you can bet the criminals are first in line to reverse-engineer it and get as many as possible before it is caught, identified, and is signature file is added to the anti-malware programs.

I post a lot about targeted attacks that succeed at pwn2own where all the major OS' are defeated. Major = more than 5% market share.

The strongest, and most reliable anti-malware device is between your ears. Most malware today gets in by fooling the users, called "Social Engineering," and some through already known and patched bugs that individuals have not updated yet. I still see folks getting infected by five year old already patched bugs.When Microsoft makes it almost impossible to neglect updates then there is a public outcry. Regardless of the reason for not updating when available, those breaches are all on the user. No matter what anti-malware program or programs you run, free or paid, when you are asked if you want to allow the program to make changes to your computer and you click OK, well let's just say if it was not a program you knew well, then you're asking for it. Most infections, 99% today that regular folks like us get, not targeted corporations or government, are socially engineered to get us to approve a bogus program by overriding our own defenses, some malware even says that if a warning pops up disregard it.

Folks who believe any pop up saying they need to update, run the popup scanner because they are infected - whatever, and did not do a manual check for it also are going to get infected. By manual check for it I mean going to the program's legitimate website to see if indeed, a new updated version is actually available.

Theft of services and IP. I can't count the number of times I have encountered folks who download free pirated programs knowing they are stolen, and movies or music. Needless to say if the website owners are cool with stealing from the copyright or IP owners, why would anyone in their right mind not believe that they would think nothing of stealing from you? Like what? Like your email to sell your email address, your banking information, your social security number,

Windows Defender is as good as any for active defense of most malware, then I use paid for Malwarebytes Premium on all my desktops and tablets/hybrids. Yesterday I stopped by a friend's car lot to chat and he said he was having pop up problems. I ran Defender, and nothing was found, then downloaded Malwarebytes free and 22 PUPs and malvertising were found. Knowing it disabled Defender or slipped by on initial infection I decided to download Norton's Power Eraser and it found a bunch of deeper rooted malware which it removed. Whatever they were took forever, and two restarts to clean out, and now all is well. I don't snoop on friend's computers I help out for nothing so I don't know what shady websites he visits or not. But Malwarebytes, and Defender both did not catch the big ones, they were caught with Power Eraser only, that checks for malware and rootkits that load before Windows by starting with a restart. When Malwarebytes and Defender both can't catch or clean, I have never found any other from Norton A/V to ESET that can do better.

[Pieere]

Thank You! it is just so irritating that we have unscrupulous people and businesses out there trying to make a fast buck! I know they work as hard as we do devising means to get free monies! Kind of reminds me of the song "Money for Nothing!"

Thanks for keeping us up to date with all the garbage with useful knowledge!

[Kirk W]

Windows 10 Hack: 3 Ways To Stop Forced Updates

[RV_]

6 hours ago, Kirk Wood said:

Windows 10 Hack: 3 Ways To Stop Forced Updates

Kirk, An article from August 2015 Wow! I would suggest anyone running a current system read the link on managing updates in each version I will have below

I have no idea what you are trying to do with an article from 2015. Windows 10 has gone through two major upgrades since that article, and has changed how updates can be received, and which versions are allowed to defer updates and not, and for how long versions of Windows, Pro/Enterprise or Windows Home, can defer updates, if at all.

Windows 10 was launched for consumer PCs and tablets on July 29th, 2015.

On August 2016 the first all new version of Windows, the Anniversary Edition was released. (One year anniversary of 10's release.)

March/April 2017 the newest version, The Creator's Update was released that dramatically changed the way Windows handles updates and also gives much more control over the data you allow Windows telemetry to send home. I allow a medium amount because any glitches I encounter I want reported automatically which can speed up fixes for all.

This coming September we will get another all new version roll out.

I am, and always will do, the Windows updates as soon as they are released, normally Noon in each time zone on the second Tuesday of each month.

I update more than a few computers at once, two high end all in ones, my i7 and Lynn's i5, as well as A Surface Pro 3 128/4gb, a New ASUS T100 top line 128/4GB with full HD screen and when detached from the keyboard the thinnest, lightest full featured 10.1" Windows tablets out there, the oldest a Venue 11 Pro, Atom 3770 and 2GB Ram full HD and full size USB 3, and lastly a Voyo cheapo Mini PC that was not supposed to be able to operate with newer versions of Windows than it shipped with. It dual boots to either Android 4.4 and Windows 8. It has made it to 8.1/10/Anniversary edition, and now Creator's update.

I do them all immediately and check out if any bad effects and usually post here because, let's face it, if all those different processors and hardware configurations work fine with each month's updates, odds are most of yours will too.

However some have issues because their systems are already infected/corrupted or system files changed. Easily fixed in Creator's update and Anniversary before it, with a complete refresh of Windows 10 which can save all your data and some apps, but will require reloading all your programs.

The article below is from April 2017 and includes the screen shots and instructions for the Creator's Update (current) too.

How to Pause and Defer Updates on Windows 10

https://www.howtogeek.com/286658/how-to-change-how-long-updates-are-deferred-in-windows-10/

[RV_]

Pieeere,

YW Bud,

I like that the cyber-security folks are now going after the ones that attack us too. There is more info in the link I just posted too. I generally post tech articles from ZDNET, ThreatPost, and How-To Geek which was recommended by one of our members here. (Sorry, I forget who!)

[RV_]

This is the article that covers the XP and Vista massive infections in Europe, India, Russia. If you have done your Windows updates you were patched for this in March.

Excerpt:

“One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible,” MalwareTech wrote in a blog published Saturday.

He and others were correct. In short order, other variants emerged, some with a second killswitch. Researcher Matt Suiche registered one such domain, ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com, preventing 10,000 machines, most in Russia, from spreading WannaCry further. Kaspersky Lab also found a second variant spreading Sunday that lacked a killswitch and contained a corrupted ransomware archive, rendering the payload benign.

“Copycat attackers have now figured out they you can simply hex-edit new Bitcoin addresses (for payment) and the self-destruct mechanism,” Dillon said. Some of the variants Dillon analyzed, however, are using the same payment system as the original attack but with new Bitcoin addresses. Since payments made through the attackers’ infrastructure are manually verified, it’s unlikely victims would receive the key to unlock their decrypted files since the payment went somewhere else.

It’s crucial that organizations apply the Microsoft patch from March (MS17-010) that fixes the vulnerability in SMBv1 that is being exploited by the weaponized NSA attacks. Late Friday night, Microsoft also released an update for unsupported versions of Windows, extending the sphere of protection to organizations still running legacy systems."

Source ThreatPost:

https://threatpost.com/wannacry-variants-pick-up-where-original-left-off/125681/?utm_source=newsletter&utm_medium=Email&utm_campaign=tp daily digest