SoylentNews is people
SoylentNews
from the make-sure-your-backups-are-current dept.
NSA warns Microsoft Windows users of cyber-attack risk
The US National Security Agency (NSA) has warned Microsoft Windows users to make sure they are using updated systems to guard against cyber-attacks.
US officials and Microsoft executives say older versions of the programs may be vulnerable to malware. In the advisory, NSA officials said a flaw known as "BlueKeep" exists in past editions of Microsoft Windows.
Last week Microsoft warned that "some older versions of Windows" could be vulnerable to cyber-attacks. "All customers on affected operating systems [Windows 7 and earlier] should update as soon as possible," said Microsoft.
US officials said the "BlueKeep" flaw could leave computers vulnerable to infection by viruses through automated attacks or by the downloading of malicious attachments.
According to HelpNetSecurity:
An unauthenticated BlueKeep network scanner tool has been released and so has a Metasploit module for unauthenticated checking for the vulnerability.
And, from ZDNet:
Intense scanning activity detected for BlueKeep RDP flaw. A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw.
Also at Gizmodo.
Official entry on the Common Vulnerabilities and Exposures database: CVE-2019-0708.
Previously:
Microsoft Issues Urgent Windows XP Patch to Prevent WannaCry-Style Attack
Why a Windows Flaw Patched Nine Days Ago is Still Spooking the Internet
(Score: 2) by PiMuNu on Thursday June 06 2019, @10:32AM (4 children)
Is that one of the exploits the NSA wrote or was BlueKeep someone else's?
(Score: 1, Funny) by Anonymous Coward on Thursday June 06 2019, @11:10AM (3 children)
Not only that, is this the US-NSA, or the EU-NSA, or the C-NSA? I want to know which country is suggesting I update their surveillance software. Part of being a good global citizen these days, and not some idiot MAGA or Brexit or Hungarian Phrasebook fascist.
(Score: 1, Informative) by Anonymous Coward on Thursday June 06 2019, @11:40AM (2 children)
Primary source seems to be yanks https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865726/nsa-cybersecurity-advisory-patch-remote-desktop-services-on-legacy-versions-of/ [nsa.gov]
(Score: -1, Redundant) by Anonymous Coward on Thursday June 06 2019, @12:15PM (1 child)
Was not really a question, you know. What idiots besides Americans would be running Windoze? Sorry, another rhetorical question! "BlueKeep-of-Death", right? Gives you a screen, a Blue screen, of death? So how is this a security breach, and not just Windows normal functionality, or lack thereof?
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @08:10PM
unfortunately, we've exported our highly embarrassing digital slavery model to the world.
(Score: 5, Informative) by dltaylor on Thursday June 06 2019, @11:10AM (3 children)
Windows 10 is constantly transmitting opaque packets, so it should never be considered "secure".
(Score: 5, Informative) by Chocolate on Thursday June 06 2019, @11:23AM (2 children)
How can you trust an operating system that ignores administrator directives and spies on the system users?
Bit-choco-coin anyone?
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @12:30PM (1 child)
Cannot. Was this an actual question?
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @11:11PM
Rhetorical question. No answer is needed.
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @12:41PM (1 child)
alrite ... makes sense to connect the vulnareable computer to the internet to fetch the "update" ... not.
not-brain-dead users of windozzz (lol) would want to know the WORKAROUND FIRST, use it and only then take the leap of faith ...
so dear l3tt3rs, stop giving half-assed recommendations and tell us the workaround already?
i can totally see a totalitarian regime intercept the request for the domain lookup of the server serving the "update", delaying it, exploiting the vulnerable computer, installing a zeroday and only then serving the ... improvement. ^_^
(Score: 3, Touché) by martyb on Thursday June 06 2019, @04:44PM
Wit is intellect, dancing.
(Score: 5, Insightful) by The Archon V2.0 on Thursday June 06 2019, @01:39PM (2 children)
You can be an attack agency or a defense agency. You can't be both, and we all know which one you picked.
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @07:03PM
This is why the NSA should have their offensive role stripped away, as US Cyber Command makes more sense to have that offensive role.
(Score: 0) by Anonymous Coward on Friday June 07 2019, @04:17AM
(Score: 2) by Revek on Thursday June 06 2019, @01:48PM
For the latest version of winblows.
This page was generated by a Swarm of Roaming Elephants
(Score: 5, Insightful) by All Your Lawn Are Belong To Us on Thursday June 06 2019, @02:16PM
"All the actual enemies we are supposed to be monitoring have either patched this already or aren't going to, so now we'll make it look like we're doing our duty of protecting the citizenry. Even though everybody was already told about the severity about this multiple times from more reliable sources. We're only three weeks late coming to the party, which we know you won't think is at all odd for an intelligence agency."
This sig for rent.
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @02:18PM (6 children)
once Microsoft updates the software.
My machines have not been able to update to current version of windows for 3 years now. All x64, installs 83% of way, then fails and rolls back, to repeat tomorrow.
Maybe MS cannot code?
(Score: 2) by RS3 on Thursday June 06 2019, @03:43PM (4 children)
Which version of Windows?
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @06:26PM (3 children)
NT3
(Score: 0) by Anonymous Coward on Thursday June 06 2019, @07:26PM (2 children)
NT 3.51 more specifically ...
(Score: 5, Insightful) by RS3 on Thursday June 06 2019, @07:50PM (1 child)
Congratulations! NT3.51 is a fully mature product. You are 100% protected from any possible malware. Your system doesn't meet the minimum System Requirements for Modern Malware. Please upgrade to the newest Windows version if you want to experience the latest in malware.
(Score: 1, Funny) by Anonymous Coward on Thursday June 06 2019, @08:07PM
> newest Windows version
> latest in malware
The math checks out.
(Score: -1, Troll) by Anonymous Coward on Thursday June 06 2019, @08:13PM
get a grown ups OS. your fischer price shitware has expired.
(Score: 2, Funny) by Anonymous Coward on Thursday June 06 2019, @02:20PM (5 children)
If there's anyone you should trust about making changes to your operating system, it's the secretive US government agency with a long history of attempting to gain surreptitious access to computers everywhere. /s
(Score: 2) by RS3 on Thursday June 06 2019, @03:58PM (4 children)
Yeah, I fully understand your cynicism and share the humor, but I don't know. I think almost _any_ computer that gets hacked increases the vulnerability of the US in general. Any any country. Many viruses are botnet bots, and bigger botnets = bigger enemy.
(Score: 0, Redundant) by Anonymous Coward on Thursday June 06 2019, @04:11PM (3 children)
I think the point above is that if the NSA is encouraging you to install something, particularly under the guise of protecting your system, you should question what else they're gleefully sneaking on to your computer or reconfiguring to their benefit at the same time.
(Score: 2) by RS3 on Thursday June 06 2019, @05:55PM (2 children)
I thought that was obvious. You know, the basis for the cynicism, that I acknowledged? Whoosh! You're redundant.
Pretty sure you're the same person who keeps trolling me here, both sockpuppet and name I won't type.
(Score: 2) by Runaway1956 on Thursday June 06 2019, @06:28PM (1 child)
OMG, not The One Who Will Remain Nameless™!
Abortion is the number one killed of children in the United States.
(Score: 2) by RS3 on Thursday June 06 2019, @07:41PM
Yup, the very one. I have a stalker here and I have no idea why. He does have a lording / superiority complex. Truly sick obsession. Some people have too much idle time. SN would be an awesome site without him and a few others. Libertarianism is great until someone ruins it. Some antagonists here are sometimes entertaining, sometimes brilliant, sometimes wearisome, but this guy is irrational- his troll proves it. He'd rather troll me than actually think, but I don't think he can think. We need bouncers.
I thought this site was founded because of the mess at Green Site (whose name is also unmentionable).
(Score: 2) by Runaway1956 on Thursday June 06 2019, @06:22PM (2 children)
Typically, our computers update on Saturday. Depending on the type of update, I may or may not be able to delay the update. I logged onto the machine when I arrived at work, and there were no warnings or complaints about updates. Near the end of my shift, I came into the shop, and logged back on to find the machine had performed updates, and that it was rebooting, like right now. I suppose Microsoft pushed a critical update to all enterprise customers. Never did get back to look at things, so I can't say what the update was.
Abortion is the number one killed of children in the United States.
(Score: 3, Interesting) by RS3 on Thursday June 06 2019, @09:52PM (1 child)
You're probably referring to Win10 machines... There's rumor that MS is somewhat relaxing the forced updating process, allowing people to postpone to a non-critical time. There are some great utilities that purportedly block Win10 updating. I haven't tried any yet but will soon. Here's one: https://www.sordum.org/9470/windows-update-blocker-v1-2/ [sordum.org]
(Score: 3, Informative) by jasassin on Friday June 07 2019, @01:36AM
In Windows 10 you can set active periods (no updates during those hours), and also postpone updates for a week, with one click in the updates menu.
jasassin@gmail.com GPG Key ID: 0x663EB663D1E7F223
(Score: 2) by jasassin on Thursday June 06 2019, @07:52PM (2 children)
Everyone complaining about Windows telemetry, when Intel and AMD have hardware management engines (A.K.A. NSA backdoors built in) seems pointless to me.
I have had a much better user experience with Windows 10 than Windows 7, because out of the box it supports more hardware (my laptops wifi for example). Multi-monitor support is better. Update is improved. Mounting ISO's.
You can update to Windows 10 free (If your Windows is "authentic"):
https://www.microsoft.com/en-us/software-update/windows10 [microsoft.com]
jasassin@gmail.com GPG Key ID: 0x663EB663D1E7F223
(Score: 1, Insightful) by Anonymous Coward on Thursday June 06 2019, @10:08PM
Something is bad let's make it even worse logic.
No, thank you.
(Score: 3, Informative) by RS3 on Saturday June 08 2019, @06:01AM
> Everyone complaining about Windows telemetry, when Intel and AMD have hardware management engines (A.K.A. NSA backdoors built in) seems pointless to me.
Maybe. I have only a little experience with newer machines with the ME built in, but there always seems to be a BIOS setting to disable it.
Of course the all-too-obvious response is: "but do you know it's really turned off, or that some malware or spyware might be able to talk to it"...
> I have had a much better user experience with Windows 10 than Windows 7, because out of the box it supports more hardware (my laptops wifi for example). Multi-monitor support is better. Update is improved. Mounting ISO's.
That's great if Win 10 works well for you; nothing wrong with that. Different strokes for different folks. I'm not a fan (at all) of companies abandoning a product, especially when it was never completed.
I'm sometimes involved doing A/V for live shows, meetings, etc., and Win 10 is often a big pain. It tries too hard to be MacOS, which can also be a pain. Try using a switching system when you have a projector. Switch away and Win 10 decides you don't have a monitor plugged into the 2nd graphics port, and reconfigures everything, often screwing with resolution. Switch the projector back to Win 10, and suddenly the display is way out of proportion because both the projector AND Win 10 are trying to outsmart each other, _and_ the human. If there's a way to turn OFF the much-smarter-than-humans auto-everything please let me know.