News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: May 14, 2019

  • May 2019 Patch Tuesday arrives

    Posted on May 14th, 2019 at 12:08 woody Comment on the AskWoody Lounge

    The Update Catalog has 237 new entries. Jeeeez.

    The Security Update Guide lists 2,195 new individual patches today.

    Martin Brinkmann has posted his summary:

    • Microsoft released security updates for all supported versions of Windows.
    • All versions of Windows are affected by CVE-2019-0903,  a GDI+ Remote Code Execution Vulnerability critical vulnerability.
    • Windows 7 is the only client system affected by another critical vulnerability CVE-2019-0708 , Remote Desktop Services Remote Code Execution Vulnerability
    • Microsoft released a security update for Windows XP (KB4500331)

    Dustin Childs has his report posted for ZDI:

    security patches for 79 CVEs (separately identified security holes) along with two advisories… (Windows Error Reporting bug CVE-2019-0863 being exploited actively)… details about the use of the exploit are not available, it is likely being used in limited attacks against specific targets.

    Big news is the “wormable” security hole in RDP, CVE-2019-0708. From Simon Pope on the MSRC Technet blogt:

    Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

    Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.

    Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

    Yes, you read that correctly. There’s a downloadable fix for Win 2003 (not to be confused with Win10 “version 2003,” which is currently in the Insider Fast Ring) and WinXP.

    But wait. That’s not all. There’s also a big hole in .NET versions 2.1 and 2.2. CVE-2019-0982. It’s a Denial of Service vulnerability.

    UPDATE: Poster Old School on Krebs on Security reports:

    KB 4494441 [that’s the Win10 1809 patch] had to be installed twice so be sure to run Windows Update twice. I was not amused.

  • The Windows Secrets merge is officially over

    Posted on May 14th, 2019 at 10:35 woody Comment on the AskWoody Lounge

    We’re still nipping at a few problems, but it looks like we survived swallowing the whale. We have more than a million posts on AskWoody now, going back to December 2000. With some notable exceptions, anything that was posted on Windows Secrets (and didn’t disappear during a site outage) should now appear here on AskWoody.

    We still have a long way to go. More about that soon.

    Thanks a whole lot to everybody involved — from the devs who pulled it off, to the AskWoody MVPs of various stripes, to the Windows Secrets admins and mods and MVPs who kept it all going for so many years. Thanks, too, to the support staff at Informa, who helped us in numerous ways.

    Let me know if you encounter any problems.

  • Patch Lady – so the a/v vendors are…

    Posted on May 14th, 2019 at 10:33 Susan Bradley Comment on the AskWoody Lounge

    You remember the story about a hacker group claiming to have the source code and network access to three a/v vendors?

    Per Bleeping Computer the vendors appear to be Trend, Symantec and McAfee.


    And Concerning..

  • WhatsApp spyware vulnerability

    Posted on May 14th, 2019 at 03:13 Kirsty Comment on the AskWoody Lounge

    WhatsApp users are being urged to update their apps, to address a vulnerability discovered recently. If you have family members using this platform, I trust you’ll encourage them to make sure they’re up-to-date too.


    Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.