Microsoft is patching a major Windows 10 flaw discovered by the NSA

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
My question is, how many things like this will there be?:unsure:

Infinity.

These types of vulnerabilities have always been found by multiple US agencies. Some agencies report them, some have a history or not reporting them.

Agencies of the US government detecting and reporting vulnerabilities has occurred since DARPA of the US government created the internet.

The strange thing is it's being discussed publicly... and discussed implying that this is a new thing.

I'll delay the update a few weeks to see if they got it right.
 
F

ForgottenSeer 823865

Infinity.
These types of vulnerabilities have always been found by multiple US agencies. Some agencies report them, some have a history or not reporting them.
Personally if i was a government leader, and one of the country's company became such a tech giant than the OS they created is used worldwide even by my rivals/enemies and the source code is proprietary, i would be stupid not to request/coerce the said company CEO to add a little backdoor for my intel agencies...

This is not paranoia, this is just common sense.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I assume they reported it because they found out that the enemy now knows this vulnerability (which NSA probably have been using for years), so it's national defense to patch it.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
My Windows Enterprise edition, running in VM, didn't get the update. It wasn't even available when I tried to update manually. I needed to download the installer from the MS update catalog.
If this is so critical, why no updates for enterprise?
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
How to quarantine and lock a PC from network?? How to do that?

That's pretty easy.

In an enterprise architecture, a Systems Administrator type would utilize a management console to send a query to all endpoints.

The query in this case would have a simple script checking for a certain update on every computer in the network. If the update is not there, the "if/then" in the simple script would direct the endpoint to be put in a quarantine state. Typically, a quarantined state would make the computer unusable for anybody who does not have an Administrator LOGIN.
 
Last edited:

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
That's pretty easy.

In an enterprise architecture, a Systems Administrator type would utilize a management console to send a query to all endpoints.

The query in this case would have a simple script checking for a certain update on every computer in the network. If the update is not there, the in/then in the simple script would direct the endpoint to be put in a quarantine state. Typically, a quarantined state would make the computer unusable for anybody who does not have an Administrator LOGIN.
Yep, and they gave us about zero notice.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
The NSA itself says: "The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners." I don't quite understand why Ask Woody is still telling people that this isn't a big deal: The morning after — I recommend that you hold off on installing this month’s patches @ AskWoody
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The NSA itself says: "The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners." I don't quite understand why Ask Woody is still telling people that this isn't a big deal: The morning after — I recommend that you hold off on installing this month’s patches @ AskWoody
There are people who reported issues with this cumulative update, and we haven't heard yet about any exploits in the wild. So I can understand Ask Woody's position. I have Windows 10 Enterprise running in a VM, and the update was not even available this morning, although I checked manually for updates. But it was automatically installed on my regular Windows 10 Pro installation.
The fact that the patch was pushed so aggressively makes it unattractive for malcoders to try and target it, because most systems will be patched before the malware gets out there.
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
There are people who reported issues with this cumulative update, and we haven't heard yet about any exploits in the wild. So I can understand Ask Woody's position. I have Windows 10 Enterprise running in a VM, and the update was not even available this morning, although I checked manually for updates. But it was automatically installed on my regular Windows 10 Pro installation.
The fact that the patch was pushed so aggressively makes it unattractive for malcoders to try and target it, because most systems will be patched before the malware gets out there.
He always recommends that and almost always finds issues reported (because someone inevitably will always have a problem). I don’t bother reading his articles anymore, but he can share good info sometimes.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
He always recommends that and almost always finds issues reported (because someone inevitably will always have a problem). I don’t bother reading his articles anymore, but he can share good info sometimes.
Yes, his attitude toward Microsoft updates is always quite cynical, but this time I believe it because @harlan4096 reported an issue on one of his machines.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
This is currently on the New York City news.
MS update catalog.
If this is so critical, why no updates for enterprise?

Yes, this is baffling. The five o'clock news lady was urging everyone to update their devices last night. Yet, my Insider build 19541.1000 got nothing yesterday and zero today thus far. A lotta Defender definitions, and no, no patch was hiding in there either. Hmmm. :unsure:
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
The NSA itself says: "The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners." I don't quite understand why Ask Woody is still telling people that this isn't a big deal: The morning after — I recommend that you hold off on installing this month’s patches @ AskWoody
Yeah I strongly disagree here. It would be really easy to turn this into an exploit kit that can force Windows Update to find completely bogus signed updates and hence code execution as SYSTEM. It's basically only a matter of time until someone packages this exploit in a way that's easy to run. It's IMO irresponsible to treat this as a boring Patch Tuesday or Windows feature release.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
This is currently on the New York City news.


Yes, this is baffling. The five o'clock news lady was urging everyone to update their devices last night. Yet, my Insider build 19541.1000 got nothing yesterday and zero today thus far. A lotta Defender definitions, and no, no patch was hiding in there either. Hmmm. :unsure:
It was probably pushed out hastily, due to concerns of national security. Most IT admins will probably download and install it manually, due to the big scare campaign, even if the update isn't offered on Enterprise, so that they won't be blamed for a disaster. And if the patch causes mishaps, M$ can't be blamed for downtime, since they didn't offer it through the usual update channel.
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
It was probably pushed out hastily, due to concerns of national security. Most IT admins will probably download and install it manually, due to the big scare campaign, even if the update isn't offered on Enterprise, so that they won't be blamed for a disaster. And if the patch causes mishaps, M$ can't be blamed for downtime, since they didn't offer it through the usual update channel.
My agency got the update pushed through our software management tool, not windows update. The problem is everyone was supposed to get it, and I’m one of the only ones who did. And I had to manually install it. No one else in my group of 8 or so got it. Trying to push out to thousands of endpoints in one day was ambitious. Not sure how many people got quarantined.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
My agency got the update pushed through our software management tool, not windows update. The problem is everyone was supposed to get it, and I’m one of the only ones who did. And I had to manually install it. No one else in my group of 8 or so got it. Trying to push out to thousands of endpoints in one day was ambitious. Not sure how many people got quarantined.
Ask around tomorrow, I bet no one actually got quarantined. :)
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Ask around tomorrow, I bet no one actually got quarantined. :)
As far as I can tell no one in my group did. I asked different people what build numbers they had. Some were as far back as 1803 builds. I think they weren’t even close to prepared for this.
 
  • Like
Reactions: shmu26

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, a security researcher has demonstrated how attackers can exploit it to cryptographically impersonate any website or server on the Internet.
Readers who haven't patched yet should do so immediately.
 
Last edited:

yuanyasmine

Level 1
Jan 4, 2020
25
The updates were live on January 14, which include security fixes for Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cryptography, Windows Storage and Filesystems, the Microsoft Scripting Engine, and Windows Server. And I’ve updated to the latest version yesterday.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top