News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: July 14, 2020

  • July 2020 Patch Tuesday

    Posted on July 14th, 2020 at 12:09 woody Comment on the AskWoody Lounge

    Here’s what we know about this month’s Patch Tuesday crop.

    Big news: There’s a bug in Windows DNS Server that’s a “wormable” Remote Code Execution vulnerability, with a CVSS score of 10.0 – as high as it gets. If you’re running a Windows DNS Server, you need to install CVE-2020-1350, even if it’s buggy. There’s a registry change that’ll subvert the bug.

    Win10 Patch Tuesday cumulative updates –

    • Version 1903 and 1909 – KB 4565483 – Fixes the long-standing LSASS bug
    • Version 2004 – KB 4565503 – Fixes the OneDrive app bug, in addition to the LSASS bug.

    Dustin Childs’ analysis on the Zero Day Initiative blog is up:

    • Fixes for 123 individually identified security holes (CVEs), “That makes five straight months of 110+ CVEs released and brings the total for 2020 up to 742. “
    • “None of these bugs are listed as being under attack at the time of release, while one CVE is listed as publicly known.”

    In addition, Childs has a reinforcement of the DNS Server bug, “The attack vector requires very large DNS packets, so attacks cannot be conducted over UDP. Considering Windows DNS servers are usually also Domain Controllers, definitely get this patched as soon as you can.” The bug is known as SigRed, and apparently has been around for 17 years, according to Hackernews.

    New Servicing Stack Updates for Win10:

    Martin Brinkmann has his usual thorough list on ghacks.net.

  • Another revolution around the sun

    Posted on July 14th, 2020 at 07:31 woody Comment on the AskWoody Lounge

    AskWoody.com first appeared on July 14, 2004

    Things have, uh, changed a bit in the interim