Microsoft Issues Serious Windows 10 Upgrade Warning

[webfact]

Microsoft has urged Windows users to install an essential update for a damaging new exploit 

SOPA IMAGES/LIGHTROCKET

 

Gordon Kelly

Senior Contributor

 

Windows 10’s one billion users need to be on high alert because Microsoft has issued a serious update warning and everyone needs to take action. 

 

The warning is in response to ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges (the ultimate goal for attacks). Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users. 

 

Full story: https://www.forbes.com/sites/gordonkelly/2021/07/07/microsoft-windows-10-security-warning-printnightmare-fix-patch-free-windows-10-upgrade/

 

-- © Copyright Forbes 2021-07-08

[OneMoreFarang]

Often the only thing the user has to do is restart the computer.

Windows knows that important updates are waiting.

If the user does not restart the computer then Windows will do it at some time automatically.

It's better when the user does that restart manually when it's convenient for the user.

 

[tgw]

the vulnerability has been published over a month ago 

so much for zero day

[BritManToo]

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

[OneMoreFarang]

6 minutes ago, tgw said:

the vulnerability has been published over a month ago 

so much for zero day

The vulnerability was published some time ago.

The fix is new and it's good that information about the fix is published now.

[mahtin]

7 minutes ago, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

search 'disable bing'

[fdsa]

> ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges

 

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

[BritManToo]

53 minutes ago, mahtin said:

search 'disable bing'

The search bing menu 'right click' sidebar is always there ...... no way to remove it.

Edited July 8, 2021 by BritManToo

[tgw]

2 minutes ago, fdsa said:

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

still, knowing someone's IP address is does not in any way facilitate hacking that computer.

also, your "and voilà" step completely forgets to mention how you propose to introduce the malicious code into the computer.

 

[Russell17au]

1 hour ago, BritManToo said:

The search bing menu 'right click' sidebar is always there ...... no way to remove it.

I think you will find that "Bing" is the search platform that is permanently connected to Microsoft Edge. If you want to get rid of "Bing" you may need to change your internet browser from Microsoft Edge to Google Chrome 

[tgw]

all posts about Bing in this thread are off topic

[johng]

2 hours ago, fdsa said:

"you can't hack a computer by its IP address!".

My computers IP address is 192.168.1.5  ???? 

[ukrules]

2 hours ago, BritManToo said:

The search bing menu 'right click' sidebar is always there ...... no way to remove it.

 

It's not on mine and I didn't remove it either.

 

[mrfill]

2 hours ago, fdsa said:

> ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges

 

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

Do a search for 'firewall' and learn.

[KhunBENQ]

22 minutes ago, johng said:

My computers IP address is 192.168.1.5  ???? 

Mine is 192.168.1.7

We must be very close :>)

[tgw]

4 minutes ago, KhunBENQ said:

Mine is 192.168.1.7

We must be very close :>)

cartoon for IT nerds:

 

check out https://xkcd.com

for often brilliant cartoons.

[KhunBENQ]

This morning I wanted to start Windows Update.

What I get translates like:

"An error occured. Try again later."
A typical MS joke. Absolutely no hint what is wrong, no number, no nothing.

Fiddled with Update repair instructions.

Brought me to BSOD followed by unsuccessful PC repair.

Finally a restore point brought me back to see above.

Oh no.

[mrfill]

3 hours ago, OneMoreFarang said:

Often the only thing the user has to do is restart the computer.

Windows knows that important updates are waiting.

If the user does not restart the computer then Windows will do it at some time automatically.

It's better when the user does that restart manually when it's convenient for the user.

 

Well, it will do that but not if a 'smart' user has disabled updates, thinking they are terribly clever. The greatest vulnerability in Windows is the windows user.

 

Anyway, the 'fix' is up to Microsoft's usual impeccable standard.....

https://uknewstoday.co.uk/2021/07/07/microsoft-struggles-to-wake-from-its-printnightmare-latest-print-spooler-patch-can-be-bypassed-researchers-say/

 

Other operating systems are available.....

[KeeTua]

3 hours ago, fdsa said:

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

From my very brief reading domain controllers are mainly vulnerable to this exploit. It still requires an authenticated domain user account to use this exploit to gain control of the domain controller typically authenticated users have access to the print spooler on the domain controller. The big worry is there are domain user account credentials available for sale on the Internet.

 

At home as long as your Window's firewall setting recognizes the network you are using as public, as opposed to a home network, then your computer would not be vulnerable to this exploit even if you invited a hacker to your network to try it.

 

You would probably need to enable printer sharing on your home computer to expose the necessary ports to be attacked and then if you're behind a router which you haven't enabled port forwarding on the attack could only happen from someone on your home network.

[OneMoreFarang]

17 minutes ago, KeeTua said:

The big worry is there are domain user account credentials available for sale on the Internet.

Maybe you should improve your knowledge about domain user accounts.

As far as I am concerned hackers can buy millions of those account credentials. It's won't help them to access my domain. Every admin is responsible for his domain(s). 

 

[JimmyJ]

38 minutes ago, mrfill said:

Well, it will do that but not if a 'smart' user has disabled updates, thinking they are terribly clever. The greatest vulnerability in Windows is the windows user.

 

Anyway, the 'fix' is up to Microsoft's usual impeccable standard.....

https://uknewstoday.co.uk/2021/07/07/microsoft-struggles-to-wake-from-its-printnightmare-latest-print-spooler-patch-can-be-bypassed-researchers-say/

 

Other operating systems are available.....

Good luck in disabling updates.

 

I wish it was possible.

[ukrules]

36 minutes ago, KeeTua said:

if you're behind a router which you haven't enabled port forwarding on the attack could only happen from someone on your home network.

 

That's the way I read about this problem too, for nearly all home users it's a non event and will never be a problem.

 

If you're a large corporate on the other hand then this will be a nightmare.

 

I've read accounts of hospitals / labs where the label printers have all stopped working after they applied the patch - this is not good for medical diagnostics, without labels the samples can't be processed.

 

[ukrules]

2 minutes ago, JimmyJ said:

Good luck in disabling updates.

 

I wish it was possible.

It is if you have Win 10 Pro.

[JimmyJ]

3 minutes ago, ukrules said:

It is if you have Win 10 Pro.

Yes, and for my next pooter I'm going to buy Pro only for that reason.

[ThaiFelix]

Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users. 

 

Isnt that just typical. 

[KeeTua]

35 minutes ago, OneMoreFarang said:

Maybe you should improve your knowledge about domain user accounts.

As far as I am concerned hackers can buy millions of those account credentials. It's won't help them to access my domain. Every admin is responsible for his domain(s). 

 

But if you're allowing remote access to a domain, a very typical scenario, the users will need to authenticate to the domain controller for network access. If you have 100s of users allowed to authenticate that's a lot of potential for unauthorized access.

 

A user is working from home and walks away from his computer for 5 minutes without locking the session that is still logged into the domain and his teenage son runs a script and takes control of the domain controller via the spooler service. How do your protect your domain from that scenario? The scenarios are countless. But usually no major harm would come to the network if a standard user account were to be compromised, the wayward son's script would fail, until an exploit like this comes along.

[Bangkok Barry]

4 hours ago, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

Set your preferred search site to Google (which I assume you have done already and Edge ignores you) and type your search directly into the address window (where this site address is now but in a new tab). That works.

I have recently changed Edge to Brave though, after Edge kept giving me nonsense prices for things I looked up on Lazada. Edge and Lazada no longer appear to be compatible.

[connda]

5 hours ago, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

Install Linux Mint.  It will solve your problem.  <laughs>

[BritManToo]

32 minutes ago, Bangkok Barry said:

Set your preferred search site to Google (which I assume you have done already and Edge ignores you) and type your search directly into the address window (where this site address is now but in a new tab). That works.

I have recently changed Edge to Brave though, after Edge kept giving me nonsense prices for things I looked up on Lazada. Edge and Lazada no longer appear to be compatible.

It's gone from my startup edge window now.

It's just the highlight text and right-click menu I can't get rid from.

[ukrules]

1 hour ago, connda said:

Install Linux Mint.  It will solve your problem.  <laughs>

I'm going to 'bing' that a little later to see what it is ????