Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




998 posts

Ultimate Geek
+1 received by user: 652

Trusted

# 213855 15-Apr-2017 17:08
One person supports this post
Send private message

It looks like the not so secret 'secret' that the NSA was holding back unreleased 0-Day exploits has been proven true.


A stack of alleged NSA exploits for all Windows OS's older than 8.1 & Server 2012 R2 have been released into the wild.


More info: https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/


List of exploits:



  • ETERNALROMANCE — Remote privilege escalation (SYSTEM) exploit (Windows XP to Windows 2008 over TCP port 445)

  • ENTERNALCHAMPION, ETERNALSYSTEM — Remote exploit up to Windows 8 and 2012

  • ETERNALBLUE — Remote Exploit via SMB & NBT (Windows XP to Windows 2012)

  • EXPLODINGCAN — Remote IIS 6.0 exploit for Windows 2003

  • EWORKFRENZY — Lotus Domino 6.5.4 and 7.0.2 exploit

  • ETERNALSYNERGY — Windows 8 and Windows Server 2012

  • FUZZBUNCH — Exploit Framework (Similar to Metasploit) for the exploits.


 


 


It will be interesting to see how quickly Microsoft respond considering we're only 3 days into this patch month. 



Edit: update from Microsoft is that you're not at risk if fully patched. https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

Create new topic

gzt

10822 posts

Uber Geek
+1 received by user: 1815


  # 1764771 15-Apr-2017 17:41
Send private message

svr2012 Microsoft will care about. svr2008 is near end of support life.

5133 posts

Uber Geek
+1 received by user: 1435

Trusted
Microsoft

  # 1764843 16-Apr-2017 07:00
Send private message

Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products.


https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

 
 
 
 


1508 posts

Uber Geek
+1 received by user: 213


  # 1766516 18-Apr-2017 08:59
Send private message

https://threatpost.com/shadowbrokers-windows-zero-days-already-patched/125009/

 

I think MS response to this has been great, from reveal on Friday to notice of fixes and patches yesterday and through the weekend. Lots of staff put in some long hours over Easter to sort this. 

 

Also, just to re-iterate Jeffery Snover, Ned Pyle and others have been saying for months - if you are still using smb1, disable it and get rid of it. There is no good reason to be using it. 

 

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

 

 





Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


1474 posts

Uber Geek
+1 received by user: 400


# 1766831 18-Apr-2017 15:59
Send private message

I'm really annoyed Windows 8 support got dropped like a hot rock.

 

 

 

I've got a machine I purchased windows 8 for, I like it (8), its suitable for what its used for, and its incompatible with Windows 8.1 (crashes after install every time).

 

Now its a huge target for these kinds of hacks, even Windows 7 is more secure.

 

 

 

Hugely disappointed in Microsoft, support your products dammit.




998 posts

Ultimate Geek
+1 received by user: 652

Trusted

  # 1766881 18-Apr-2017 16:53
Send private message

Dairyxox:

 

I'm really annoyed Windows 8 support got dropped like a hot rock.

 

 

 

I've got a machine I purchased windows 8 for, I like it (8), its suitable for what its used for, and its incompatible with Windows 8.1 (crashes after install every time).

 

Now its a huge target for these kinds of hacks, even Windows 7 is more secure.

 

 

 

Hugely disappointed in Microsoft, support your products dammit.

 

 

 

 

This is off topic, But 8.1 is essentially just a service pack to 8, They dropped support for Win 7 pretty quickly after SP1 was released. I'd personally look at moving it to Win 10.

 

 


5133 posts

Uber Geek
+1 received by user: 1435

Trusted
Microsoft

  # 1766963 18-Apr-2017 19:36
Send private message

Dairyxox:

I'm really annoyed Windows 8 support got dropped like a hot rock.


 


I've got a machine I purchased windows 8 for, I like it (8), its suitable for what its used for, and its incompatible with Windows 8.1 (crashes after install every time).


Now its a huge target for these kinds of hacks, even Windows 7 is more secure.


 


Hugely disappointed in Microsoft, support your products dammit.



Was support not able to help you get it upgraded or figure out why it crashes on upgrade?

1474 posts

Uber Geek
+1 received by user: 400


  # 1767012 18-Apr-2017 21:40
Send private message

No. It was a frustrating experience, and felt like Microsoft tried to pass the blame onto the motherboard manufacturer.

 

I've tried clean installs, in-place upgrades, media creation tools, resetting bios defaults, stripping back the build (back to onboard graphics), memtests etc. It was a waste of days of effort.

 

Personally I suspect an intel chipset issue. But 8.0 works fine. Patch the OS I paid for please.

 

TBH (getting off topic now) this is the straw thats broken my patience, as 8.0 has been dropped from '3rd party' support way too early as well - for reasons I don't understand.


 
 
 
 


1373 posts

Uber Geek
+1 received by user: 326


  # 1767017 18-Apr-2017 22:09
Send private message

Andib:

But 8.1 is essentially just a service pack to 8,

 

Not really there were some pretty big driver changes from Windows 8 to 8.1.

 

 

I think display, networking drivers were some.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Huawei's scholarship programme showcases international business to Kiwi undergrads
Posted 22-Jul-2019 17:53


Spark Sport launches across a range of new devices
Posted 22-Jul-2019 13:19


Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.