News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: August 11, 2020

  • SANS Institute security breach

    Posted on August 11th, 2020 at 14:50 woody Comment on the AskWoody Lounge

    Wow. If SANS can’t keep their systems secure, what hope do the rest of us have?

    Looks like somebody sent a malicious Office 365 add-in to a SANS employee, who installed it. The program started forwarding emails, including some with personally identifiable information on 28,000 accounts.

    Details here.

  • Welcome to the August 2020 Patch Tuesday plop

    Posted on August 11th, 2020 at 12:04 woody Comment on the AskWoody Lounge

    Willkommen, bienvenue, welcome!
    Fremde, étranger, stranger
    Glücklich zu sehen, je suis enchanté, happy to see you
    Bleibe, reste, stay

    Patch Tuesday is upon us. Here’s a quick look at what’s coming down the pike (updated in real-enough time):

    • 261 separately downloadable patches. It’s a big one.
    • They fix 120 separately identified security holes (CVEs). I believe that’s a record.
    • Cumulative updates for all recent versions of Win10, including KB 4566782  for Win10 version 2004 and KB 4565351 for Win10 1903 and 1909 (once again the same patch for both versions).

    Great quote from Dustin Childs:

    This volume – along with difficult servicing scenarios – puts extra pressure on patch management teams.

    There are two “actively exploited” zero-days (notes from Childs):

    • CVE-2020-1464 – Windows Spoofing Vulnerability This spoofing bug is publicly known and currently being exploited. It allows an attacker to load improperly signed files, bypassing signature verification. Microsoft does not list where this is public or how many people are affected by the attacks.
    • CVE-2020-1380 – Scripting Engine Memory Corruption Vulnerability
      This bug in IE is currently under active attack. Attackers could run their code on a target system if an affected version of IE views a specially crafted website. It is not known how extensive the attacks are, but considering this bug was reported by Kaspersky, it’s reasonable to assume malware is involved.

    Expect to hear lots of wailing from the blogosphere about those two security holes. “Microsoft advises hundreds of millions of Windows users to patch Right Now.” Meh. The first one is only rated “Important,” not “Critical,” which means it’s mighty obscure and likely to stay so for quite some time. As for the second one, if you’re still using Internet Explorer, you already have a sign out that says, “Kick me.”

    That said, I’m deeply trouble by Mozilla’s announcement that it’s laying off 250 employees. See Catalin Cimpanu’s analysis on ZDNet.

    There’s also KB 4569751 the Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909 . Odd. On the main .NET update page, this one’s listed (in the left column) as a Preview. Not likely, but it’s hard to say.

    And I see Servicing Stack Update, uh, updates all over the place.

    There’s a codec security hole, again, CVE-2020-1585, that’s being plugged via the Windows Store, again. Looks like you could only get the buggy codec from the Store, thus the unconventional (but increasingly more common) distribution route.

    Martin Brinkmann has his usual thorough list on ghacks.net.