SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Microsoft regularly issues security updates, but it added a little something extra on Tuesday: it's letting all customers, even those using older versions of Windows, update their software.
This move is an attempt to avoid another ransomware outbreak like WannaCry, also called WannaCrypt, which rocked the web last month.
"The WannaCrypt ransomware served as an all too real example of the danger of cyber attacks to individuals and businesses globally," Adrienne Hall, general manager of Microsoft's Cyber Defense Operations Center, wrote in a blog post. "In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations."
Microsoft said it made the decision to apply this assortment of updates to provide further protection against potential attacks with similar characteristics as WannaCrypt. The security updates will be delivered automatically through Windows Update to devices running Windows 10, Windows 8.1 and Windows 7.
Source: CNET
Also at Ars Technica
(Score: 0) by Anonymous Coward on Wednesday June 14 2017, @02:15PM (10 children)
Microsoft, how about you let people see the destination of links in emails when using outlook again? Right now its like playing russian roulette.
(Score: 2) by kaszz on Wednesday June 14 2017, @02:30PM (9 children)
Is this link substitution something the Outlook client program that runs locally does? or is it the online version web-mail that does it? Or even some Microsoft-MTA?
Ie where in the mail chain do these links gets substituted?
(Score: 0) by Anonymous Coward on Wednesday June 14 2017, @02:49PM (8 children)
I only know the webmail does it.
(Score: 2) by kaszz on Wednesday June 14 2017, @02:55PM (5 children)
Good, then anyone caught using that shit for email will be told to shift email setup or be left in the cold. Users of Windows-10 maybe should have the same treatment as that environment can't be trusted in any way.
(Score: 0) by Anonymous Coward on Wednesday June 14 2017, @02:57PM (4 children)
This is for a large university.
(Score: 2) by kaszz on Wednesday June 14 2017, @03:00PM (2 children)
Well that just shows there's some serious corruption behind the scenes. But it won't hinder anyone from flat telling Outlook addicts to get a real email setup or be left out of the loop.
(Score: 0) by Anonymous Coward on Thursday June 15 2017, @12:49AM (1 child)
What do you recommend for email?
(Score: 0) by Anonymous Coward on Thursday June 15 2017, @12:32PM
A free software client and some small time provider, preferably one that seems focused on privacy instead of the usual (lawyer required, marketing suggested) "we care so much about your privacy" tired line buried somewhere on their homepage.
(Score: 2) by AndyTheAbsurd on Wednesday June 14 2017, @03:13PM
It's pretty much guaranteed that you can access those accounts over IMAP somehow. Probably just a matter of finding the appropriate server name. This [office.com] is for business but might work for universities, too. You'll still need either Outlook itself or to log in to the web version if you use a calendar on Outlook/Exchange, though.
Please note my username before responding. You may have been trolled.
(Score: 2) by zocalo on Wednesday June 14 2017, @03:09PM (1 child)
UNIX? They're not even circumcised! Savages!
(Score: 2) by jdccdevel on Wednesday June 14 2017, @06:10PM
I noticed a while back that links in certain SPAM email had that OWA specific mangling done at the source. (I wouldn't touch OWA with a 50ft pole, but incoming email already had the links mangled.)
I suspect spammers were exploiting some loophole preventing proper scanning of OWA enabled links by A/V software for people using it. (or maybe some sort of email verification via outlook url pre-fetching, who knows.)
I spent an hour or so that afternoon working out what was going on and setting up a rule to block email with the OWA style links entirely.
I haven't seen one since so I'm not sure if that sort of SPAM is still a thing.
The only possible use I can think of for such url mangling is running a proxy on the email server. I bet it's so if you're running a local copy on a PC with filtered web access, you can still get remote content (pictures and such) in the email.
If that's what's going on, I bet someone is already exploiting it to bypass web filters... wouldn't that be a security nightmare!
But that's all speculation on my part. Regardless it seems like one more potential exploit waiting to happen.