Jump to content
All visa questions and fresh Immigration updates here ×

Microsoft Issues Serious Windows 10 Upgrade Warning

webfact

By webfact
in IT and Computers

 Share

Recommended Posts

  • Popular Post
webfact Grand Master Member

webfact

Posted
  • Popular Post
Posted

https___specials-images.forbesimg.com_imageserve_60e6474e5bb2dafa639bebbe_960x0.jpg

Microsoft has urged Windows users to install an essential update for a damaging new exploit 

SOPA IMAGES/LIGHTROCKET

 

Gordon Kelly

Senior Contributor

 

Windows 10’s one billion users need to be on high alert because Microsoft has issued a serious update warning and everyone needs to take action. 

 

The warning is in response to ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges (the ultimate goal for attacks). Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users. 

 

Full story: https://www.forbes.com/sites/gordonkelly/2021/07/07/microsoft-windows-10-security-warning-printnightmare-fix-patch-free-windows-10-upgrade/

 

forbes.jpg

-- © Copyright Forbes 2021-07-08

  • Like 1
  • Thanks 1
  • Haha 1
Link to comment
Share on other sites
  • Popular Post
OneMoreFarang Star Member

OneMoreFarang

Posted
  • Popular Post
Posted

Often the only thing the user has to do is restart the computer.

Windows knows that important updates are waiting.

If the user does not restart the computer then Windows will do it at some time automatically.

It's better when the user does that restart manually when it's convenient for the user.

 

  • Like 3
Link to comment
Share on other sites
mahtin Platinum Member

mahtin

Posted
Posted
7 minutes ago, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

search 'disable bing'

  • Like 2
Link to comment
Share on other sites
fdsa Gold Member

fdsa

Posted
Posted

> ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges

 

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

Link to comment
Share on other sites
  • Popular Post
tgw Platinum Member

tgw

Posted
  • Popular Post
Posted
2 minutes ago, fdsa said:

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

still, knowing someone's IP address is does not in any way facilitate hacking that computer.

also, your "and voilà" step completely forgets to mention how you propose to introduce the malicious code into the computer.

 

  • Like 3
Link to comment
Share on other sites
  • Popular Post
Russell17au Silver Member

Russell17au

Posted
  • Popular Post
Posted
1 hour ago, BritManToo said:

The search bing menu 'right click' sidebar is always there ...... no way to remove it.

search bing.jpg

I think you will find that "Bing" is the search platform that is permanently connected to Microsoft Edge. If you want to get rid of "Bing" you may need to change your internet browser from Microsoft Edge to Google Chrome 

  • Like 4
  • Sad 1
Link to comment
Share on other sites
mrfill Platinum Member

mrfill

Posted
Posted
2 hours ago, fdsa said:

> ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges

 

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

Do a search for 'firewall' and learn.

  • Like 2
Link to comment
Share on other sites
KhunBENQ Star Member

KhunBENQ

Posted
Posted

This morning I wanted to start Windows Update.

What I get translates like:

"An error occured. Try again later."
A typical MS joke. Absolutely no hint what is wrong, no number, no nothing.

Fiddled with Update repair instructions.

Brought me to BSOD followed by unsuccessful PC repair.

Finally a restore point brought me back to see above.

Oh no.

Link to comment
Share on other sites
mrfill Platinum Member

mrfill

Posted
Posted
3 hours ago, OneMoreFarang said:

Often the only thing the user has to do is restart the computer.

Windows knows that important updates are waiting.

If the user does not restart the computer then Windows will do it at some time automatically.

It's better when the user does that restart manually when it's convenient for the user.

 

Well, it will do that but not if a 'smart' user has disabled updates, thinking they are terribly clever. The greatest vulnerability in Windows is the windows user.

 

Anyway, the 'fix' is up to Microsoft's usual impeccable standard.....

https://uknewstoday.co.uk/2021/07/07/microsoft-struggles-to-wake-from-its-printnightmare-latest-print-spooler-patch-can-be-bypassed-researchers-say/

 

Other operating systems are available.....

  • Like 1
Link to comment
Share on other sites
KeeTua Silver Member

KeeTua

Posted
Posted
3 hours ago, fdsa said:

this reminds me of the thread where one user claimed "you can't hack a computer by its IP address!".

well - find a Windows computer with a direct IP address or DMZ router setup and voila.

From my very brief reading domain controllers are mainly vulnerable to this exploit. It still requires an authenticated domain user account to use this exploit to gain control of the domain controller typically authenticated users have access to the print spooler on the domain controller. The big worry is there are domain user account credentials available for sale on the Internet.

 

At home as long as your Window's firewall setting recognizes the network you are using as public, as opposed to a home network, then your computer would not be vulnerable to this exploit even if you invited a hacker to your network to try it.

 

You would probably need to enable printer sharing on your home computer to expose the necessary ports to be attacked and then if you're behind a router which you haven't enabled port forwarding on the attack could only happen from someone on your home network.

  • Like 1
Link to comment
Share on other sites
OneMoreFarang Star Member

OneMoreFarang

Posted
Posted
17 minutes ago, KeeTua said:

The big worry is there are domain user account credentials available for sale on the Internet.

Maybe you should improve your knowledge about domain user accounts.

As far as I am concerned hackers can buy millions of those account credentials. It's won't help them to access my domain. Every admin is responsible for his domain(s). 

 

Link to comment
Share on other sites
JimmyJ Gold Member

JimmyJ

Posted
Posted
38 minutes ago, mrfill said:

Well, it will do that but not if a 'smart' user has disabled updates, thinking they are terribly clever. The greatest vulnerability in Windows is the windows user.

 

Anyway, the 'fix' is up to Microsoft's usual impeccable standard.....

https://uknewstoday.co.uk/2021/07/07/microsoft-struggles-to-wake-from-its-printnightmare-latest-print-spooler-patch-can-be-bypassed-researchers-say/

 

Other operating systems are available.....

Good luck in disabling updates.

 

I wish it was possible.

  • Confused 1
Link to comment
Share on other sites
ukrules Star Member

ukrules

Posted
Posted
36 minutes ago, KeeTua said:

if you're behind a router which you haven't enabled port forwarding on the attack could only happen from someone on your home network.

 

That's the way I read about this problem too, for nearly all home users it's a non event and will never be a problem.

 

If you're a large corporate on the other hand then this will be a nightmare.

 

I've read accounts of hospitals / labs where the label printers have all stopped working after they applied the patch - this is not good for medical diagnostics, without labels the samples can't be processed.

 

  • Like 1
Link to comment
Share on other sites
KeeTua Silver Member

KeeTua

Posted
Posted
35 minutes ago, OneMoreFarang said:

Maybe you should improve your knowledge about domain user accounts.

As far as I am concerned hackers can buy millions of those account credentials. It's won't help them to access my domain. Every admin is responsible for his domain(s). 

 

But if you're allowing remote access to a domain, a very typical scenario, the users will need to authenticate to the domain controller for network access. If you have 100s of users allowed to authenticate that's a lot of potential for unauthorized access.

 

A user is working from home and walks away from his computer for 5 minutes without locking the session that is still logged into the domain and his teenage son runs a script and takes control of the domain controller via the spooler service. How do your protect your domain from that scenario? The scenarios are countless. But usually no major harm would come to the network if a standard user account were to be compromised, the wayward son's script would fail, until an exploit like this comes along.

Link to comment
Share on other sites
Bangkok Barry Diamond Member

Bangkok Barry

Posted
Posted
4 hours ago, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

Set your preferred search site to Google (which I assume you have done already and Edge ignores you) and type your search directly into the address window (where this site address is now but in a new tab). That works.

I have recently changed Edge to Brave though, after Edge kept giving me nonsense prices for things I looked up on Lazada. Edge and Lazada no longer appear to be compatible.

Link to comment
Share on other sites
connda Star Member

connda

Posted
Posted
5 hours ago, BritManToo said:

I'd be happy if I could just get Bing out of my windows 10.

It's still there on 'right-click' menu, and on the start-up Edge search window.

No matter what I do.

Install Linux Mint.  It will solve your problem.  <laughs>

  • Like 1
  • Haha 1
Link to comment
Share on other sites
BritManToo Star Member

BritManToo

Posted
Posted
32 minutes ago, Bangkok Barry said:

Set your preferred search site to Google (which I assume you have done already and Edge ignores you) and type your search directly into the address window (where this site address is now but in a new tab). That works.

I have recently changed Edge to Brave though, after Edge kept giving me nonsense prices for things I looked up on Lazada. Edge and Lazada no longer appear to be compatible.

It's gone from my startup edge window now.

It's just the highlight text and right-click menu I can't get rid from.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.







×
×
  • Create New...