Jump to content
This Topic

Microsoft Issues Serious Windows 10 Upgrade Warning

webfact

By webfact
in IT and Computers

 Share

Recommended Posts

  • Popular Post
webfact Grand Master Member

webfact

Posted
  • Popular Post
Posted

https___specials-images.forbesimg.com_imageserve_60e6474e5bb2dafa639bebbe_960x0.jpg

Microsoft has urged Windows users to install an essential update for a damaging new exploit 

SOPA IMAGES/LIGHTROCKET

 

Gordon Kelly

Senior Contributor

 

Windows 10’s one billion users need to be on high alert because Microsoft has issued a serious update warning and everyone needs to take action. 

 

The warning is in response to ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges (the ultimate goal for attacks). Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users. 

 

Full story: https://www.forbes.com/sites/gordonkelly/2021/07/07/microsoft-windows-10-security-warning-printnightmare-fix-patch-free-windows-10-upgrade/

 

forbes.jpg

-- © Copyright Forbes 2021-07-08

  • Like 1
  • Thanks 1
  • Haha 1
  • Replies 35
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

johng
johng

My computers IP address is 192.168.1.5  ???? 

Russell17au
Russell17au

I think you will find that "Bing" is the search platform that is permanently connected to Microsoft Edge. If you want to get rid of "Bing" you may need to change your internet browser from Microsoft E

webfact
webfact

Microsoft has urged Windows users to install an essential update for a damaging new exploit  SOPA IMAGES/LIGHTROCKET   Gordon Kelly Senior Contributor   Windows 10’s one

Posted Images

  • Popular Post
OneMoreFarang Star Member

OneMoreFarang

Posted
  • Popular Post
Posted

Often the only thing the user has to do is restart the computer.

Windows knows that important updates are waiting.

If the user does not restart the computer then Windows will do it at some time automatically.

It's better when the user does that restart manually when it's convenient for the user.

 

  • Like 3
BritManToo Star Member

BritManToo

Posted
Posted

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

  • Like 2
OneMoreFarang Star Member

OneMoreFarang

Posted
Posted
  On 7/8/2021 at 5:25 AM, tgw said:

the vulnerability has been published over a month ago 

so much for zero day

Expand  

The vulnerability was published some time ago.

The fix is new and it's good that information about the fix is published now.

mahtin Platinum Member

mahtin

Posted
Posted
  On 7/8/2021 at 5:27 AM, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

Expand  

search 'disable bing'

  • Like 2
fdsa Gold Member

fdsa

Posted
Posted

> ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges

 

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

  • Popular Post
tgw Platinum Member

tgw

Posted
  • Popular Post
Posted
  On 7/8/2021 at 5:47 AM, fdsa said:

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

Expand  

still, knowing someone's IP address is does not in any way facilitate hacking that computer.

also, your "and voilà" step completely forgets to mention how you propose to introduce the malicious code into the computer.

 

  • Like 3
  • Popular Post
Russell17au Silver Member

Russell17au

Posted
  • Popular Post
Posted
  On 7/8/2021 at 6:27 AM, BritManToo said:

The search bing menu 'right click' sidebar is always there ...... no way to remove it.

search bing.jpg

Expand  

I think you will find that "Bing" is the search platform that is permanently connected to Microsoft Edge. If you want to get rid of "Bing" you may need to change your internet browser from Microsoft Edge to Google Chrome 

  • Like 4
  • Heart-broken 1
mrfill Platinum Member

mrfill

Posted
Posted
  On 7/8/2021 at 5:47 AM, fdsa said:

> ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges

 

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

Expand  

Do a search for 'firewall' and learn.

  • Like 2
KhunBENQ Star Member

KhunBENQ

Posted
Posted

This morning I wanted to start Windows Update.

What I get translates like:

"An error occured. Try again later."
A typical MS joke. Absolutely no hint what is wrong, no number, no nothing.

Fiddled with Update repair instructions.

Brought me to BSOD followed by unsuccessful PC repair.

Finally a restore point brought me back to see above.

Oh no.

mrfill Platinum Member

mrfill

Posted
Posted
  On 7/8/2021 at 5:15 AM, OneMoreFarang said:

Often the only thing the user has to do is restart the computer.

Windows knows that important updates are waiting.

If the user does not restart the computer then Windows will do it at some time automatically.

It's better when the user does that restart manually when it's convenient for the user.

 

Expand  

Well, it will do that but not if a 'smart' user has disabled updates, thinking they are terribly clever. The greatest vulnerability in Windows is the windows user.

 

Anyway, the 'fix' is up to Microsoft's usual impeccable standard.....

https://uknewstoday.co.uk/2021/07/07/microsoft-struggles-to-wake-from-its-printnightmare-latest-print-spooler-patch-can-be-bypassed-researchers-say/

 

Other operating systems are available.....

  • Like 1
KeeTua Silver Member

KeeTua

Posted
Posted
  On 7/8/2021 at 5:47 AM, fdsa said:

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

Expand  

From my very brief reading domain controllers are mainly vulnerable to this exploit. It still requires an authenticated domain user account to use this exploit to gain control of the domain controller typically authenticated users have access to the print spooler on the domain controller. The big worry is there are domain user account credentials available for sale on the Internet.

 

At home as long as your Window's firewall setting recognizes the network you are using as public, as opposed to a home network, then your computer would not be vulnerable to this exploit even if you invited a hacker to your network to try it.

 

You would probably need to enable printer sharing on your home computer to expose the necessary ports to be attacked and then if you're behind a router which you haven't enabled port forwarding on the attack could only happen from someone on your home network.

  • Like 1
OneMoreFarang Star Member

OneMoreFarang

Posted
Posted
  On 7/8/2021 at 9:02 AM, KeeTua said:

The big worry is there are domain user account credentials available for sale on the Internet.

Expand  

Maybe you should improve your knowledge about domain user accounts.

As far as I am concerned hackers can buy millions of those account credentials. It's won't help them to access my domain. Every admin is responsible for his domain(s). 

 

JimmyJ Gold Member

JimmyJ

Posted
Posted
  On 7/8/2021 at 8:59 AM, mrfill said:

Well, it will do that but not if a 'smart' user has disabled updates, thinking they are terribly clever. The greatest vulnerability in Windows is the windows user.

 

Anyway, the 'fix' is up to Microsoft's usual impeccable standard.....

https://uknewstoday.co.uk/2021/07/07/microsoft-struggles-to-wake-from-its-printnightmare-latest-print-spooler-patch-can-be-bypassed-researchers-say/

 

Other operating systems are available.....

Expand  

Good luck in disabling updates.

 

I wish it was possible.

ukrules Star Member

ukrules

Posted
Posted
  On 7/8/2021 at 9:02 AM, KeeTua said:

if you're behind a router which you haven't enabled port forwarding on the attack could only happen from someone on your home network.

Expand  

 

That's the way I read about this problem too, for nearly all home users it's a non event and will never be a problem.

 

If you're a large corporate on the other hand then this will be a nightmare.

 

I've read accounts of hospitals / labs where the label printers have all stopped working after they applied the patch - this is not good for medical diagnostics, without labels the samples can't be processed.

 

  • Like 1
KeeTua Silver Member

KeeTua

Posted
Posted
  On 7/8/2021 at 9:22 AM, OneMoreFarang said:

Maybe you should improve your knowledge about domain user accounts.

As far as I am concerned hackers can buy millions of those account credentials. It's won't help them to access my domain. Every admin is responsible for his domain(s). 

 

Expand  

But if you're allowing remote access to a domain, a very typical scenario, the users will need to authenticate to the domain controller for network access. If you have 100s of users allowed to authenticate that's a lot of potential for unauthorized access.

 

A user is working from home and walks away from his computer for 5 minutes without locking the session that is still logged into the domain and his teenage son runs a script and takes control of the domain controller via the spooler service. How do your protect your domain from that scenario? The scenarios are countless. But usually no major harm would come to the network if a standard user account were to be compromised, the wayward son's script would fail, until an exploit like this comes along.

Bangkok Barry Diamond Member

Bangkok Barry

Posted
Posted
  On 7/8/2021 at 5:27 AM, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

Expand  

Set your preferred search site to Google (which I assume you have done already and Edge ignores you) and type your search directly into the address window (where this site address is now but in a new tab). That works.

I have recently changed Edge to Brave though, after Edge kept giving me nonsense prices for things I looked up on Lazada. Edge and Lazada no longer appear to be compatible.

connda Star Member

connda

Posted
Posted
  On 7/8/2021 at 5:27 AM, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

Expand  

Install Linux Mint.  It will solve your problem.  <laughs>

  • Like 1
  • Haha 1
BritManToo Star Member

BritManToo

Posted
Posted
  On 7/8/2021 at 10:20 AM, Bangkok Barry said:

Set your preferred search site to Google (which I assume you have done already and Edge ignores you) and type your search directly into the address window (where this site address is now but in a new tab). That works.

I have recently changed Edge to Brave though, after Edge kept giving me nonsense prices for things I looked up on Lazada. Edge and Lazada no longer appear to be compatible.

Expand  

It's gone from my startup edge window now.

It's just the highlight text and right-click menu I can't get rid from.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
support@aseannow.com

×
×
  • Create New...