Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday May 25 2019, @07:10AM   Printer-friendly
from the maybe-we-*should*-be-worried dept.

It has been nine days since Microsoft patched the high-severity vulnerability known as BlueKeep, and yet the dire advisories about its potential to sow worldwide disruptions keep coming.

Until recently, there was little independent corroboration that exploits could spread virally from computer to computer in a way not seen since the WannaCry and NotPetya worms shut down computers worldwide in 2017. Some researchers felt Microsoft has been unusually tight-lipped with partners about this vulnerability, possibly out of concern that any details, despite everyone's best efforts, might hasten the spread of working exploit code.

Until recently, researchers had to take Microsoft's word the vulnerability was severe. Then five researchers from security firm McAfee reported last Tuesday that they were able to exploit the vulnerability and gain remote code execution without any end-user interaction. The post affirmed that CVE-2019-0708, as the vulnerability is indexed, is every bit as critical as Microsoft said it was.

"There is a gray area to responsible disclosure," the researchers wrote. "With our investigation we can confirm that the exploit is working and that it is possible to remotely execute code on a vulnerable system without authentication."

Story:
https://arstechnica.com/information-technology/2019/05/why-a-windows-flaw-patched-nine-days-ago-is-still-spooking-the-internet/

Further Reading:
https://arstechnica.com/information-technology/2019/05/microsoft-warns-wormable-windows-bug-could-lead-to-another-wannacry/

Entry in the "Common Vulnerabilities and Exposures" database: CVE-2019-0708.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by RS3 on Saturday May 25 2019, @04:21PM (4 children)

    by RS3 (6367) on Saturday May 25 2019, @04:21PM (#847639)

    Windows 7 (which is basically EOL, people, wake up)

    Which begs the question: is it okay (and even legal) for a company to be almost a monopoly, no strike that, just that a company charges for a horribly defective product, does some patching but NEVER fixes all of the bugs, and then tells you, in a patronizing way, that you have to buy a new one? Only to continue the cycle? I'd rather make them finish an OS before starting a new one. The only reason they're getting away with it is that Bill Gates made that original brilliant deal with IBM, and the courts didn't strike it down.

    And why are you defending them?

    Are you aware that this was a problem with the car companies long ago? And there were many brands to choose from- no monopoly. The US Govt. had to mandate that ALL car manufacturers had to provide parts and service for 10 years. And then later came the "lemon laws". How about "lemon laws" for OSes?

    Let's face it- each new Windows was supposed to be completely different, right? I'm waiting for "completely different". MacOS and Linux are completely different. Each Windows version has been some slight (and annoying) changes, with different icons, colors, buttons, just to fool the masses. Nope, no dirty market manipulation there.

    I think it's been said many times: as more and more applications are ported to a browser UI, the OS will be less and less relevant.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by ledow on Saturday May 25 2019, @04:29PM (3 children)

    by ledow (5567) on Saturday May 25 2019, @04:29PM (#847647) Homepage

    Windows 7 is ten years old.

    • (Score: 3, Insightful) by RS3 on Saturday May 25 2019, @05:00PM (2 children)

      by RS3 (6367) on Saturday May 25 2019, @05:00PM (#847658)

      Are you sure? I'm still getting updates, telling me it's an unfinished product. Do we start a product's lifetime at conception? Or Alpha? Or Beta? Or pre-release?

      And why should 10 years be a thing for software? Cars wear out. Software does not.

      Again, why are you defending this?

      And Linux is almost 28.

      • (Score: 2) by Reziac on Sunday May 26 2019, @02:49AM (1 child)

        by Reziac (2489) on Sunday May 26 2019, @02:49AM (#847783) Homepage

        And my linux install gets multiple updates every week. Clearly it is an unfinished product.

        --
        And there is no Alkibiades to come back and save us from ourselves.
        • (Score: 2) by RS3 on Sunday May 26 2019, @04:46AM

          by RS3 (6367) on Sunday May 26 2019, @04:46AM (#847819)

          Features!

          But seriously, you're not making a fair comparison. Linux is FREE. I paid my M$ tax and got swiss cheese. My free Linux is much more stable, and the community generally (GENERALLY) fixes bugs much faster than MS.

          Do you own MS stock, or work for MS?

          Look, truth be told, I understand the whole situation. An OS is enormously complex, and it's difficult to know all of the possible interactions with the very wide range of software out there. MS has done a truly stellar job of supporting older applications running on newer OS. They do many things well, esp. tutorials and example code. I just wish they'd commit to finishing an OS. Maybe they will with 10. Time will tell.