BlueKeep is almost here. Get your XP/Win7 systems patched!

Topic

New Reply

https://twitter.com/campuscodi/status/1154317144173273088 https://twitter.com/GossiTheDog/status/1154325804060479489  
[See the full post at: BlueKeep is almost here. Get your XP/Win7 systems patched!]

4 users thanked author for this post.

Myst, SueW, rexr, Elly

Reply | Quote

Replies

Windows 7 x64 SP1…I’m not showing KB4499164 in my installed updates. The catalog shows it as a monthly roll up. I’ve been doing group A monthly roll ups. Should I already have this ? I’m not showing it. My guess, is perhaps it was part of a monthly roll up with a different KB number ?

Reply | Quote

I also have Windows 7 SP1 and have been doing the monthly roll-ups. I had a moment of panic when I couldn’t find KB4499164 in Programs and Features -> View installed updates… but I found it installed in Windows Update -> View update history. I’m not sure why it appears in the latter and not the former, but I assume that means I’m protected?

Reply | Quote

I just checked, and same here. I going to assume that we’re good to go. If not, could someone please correct us.

Reply | Quote

The Rollups are cumulative, ie, July’s contains June, May, April…. etc. So you will see the latest one you installed in “Installed updates.”

But History is something different. If you did something, well, you did it, and you can’t take it back. So you DID install April Rollup, and you DID install May Rollup, and you DID install June Rollup. Those events will continue to show up in history, even if you only see the latest CU (which is the cumulative result = the big bag that contains all of the updates) in “Installed Updates.”

Now, the Security-only Updates are different. They are not cumulative. So they will show up as individual patches in the “Installed updates.”

3 users thanked author for this post.

rexr, Elly, bobcat5536

Reply | Quote

[Sparky]

I’m show the same, KB4499164 is showing in “View Update History” but not in “Installed Updates”. But when I do THIS I get what is in the first PHOTO. I am I still safe?

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

• This reply was modified 5 years, 9 months ago by Sparky.

1 user thanked author for this post.

SkipH

Reply | Quote

The KBs listed are not Hotfixes, they are the Rollup and the SO for May 2019.

Rollups are cumulative.
The May Cumulative Rollup contains the fix.
The June Cumulative Rollup contains the May Cumulative Rollup.
The July Cumulative Rollup contains contains the June Cumulative Rollup and the May Cumulative Rollup.

So if you have the May Rollup, or the June Rollup, or the July Rollup (all of which have the fix), you are safe,

2 users thanked author for this post.

Sparky, pmcjr6142

Reply | Quote

PKCano,

Yes I do have those Rollups. Thanks

If your into airplanes Checkout this live airshow right now.

Thanks for the help.

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

Just to clarify, I have the May and June Rollups installed. I have not installed any July patches. I’m waiting for the DEFCON to lower, before installing any July patches.

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

Sparky wrote:

I’m waiting for the DEFCON to lower, before installing any July patches.

Yo Sparky, you want that DEFCON to get into higher numbers before installing July updates, and wait for that thumbs up from Woody.

MacOS iPadOS and sometimes SOS

2 users thanked author for this post.

Sparky, Bluetrix

Reply | Quote

That is what I meant to say, I’m waiting for the DEFCON to go higher and for Woody to give the thumbs up. Before installing the July patches.
Thanks for clarifying my clarification.

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

1 user thanked author for this post.

Myst

Reply | Quote

For us Group B people, that’s the May Security Only Win 7 update KB4499175.

KB4999164 is the Group A, all-in-one, rollup update.

If I’m wrong about this, please correct me, but I don’t think so.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

1 user thanked author for this post.

z.d.

Reply | Quote

Ah that’s good, I have the May manual security ones installed, and June’s.

Ain’t doing July’s though, no Telemetry in “Security ONLY” patches, no thankyou, that’s why I was in Group B in the first place.

If that doesn’t change, I’ll be in W. Bluekeep or not, don’t give a toss. Be honest with patches, or get out. My PC is my own, and I’ll take responsibility for any negatives that come.

1 user thanked author for this post.

wdburt1

Reply | Quote

Yes I’m also not installing July’s “Security Only” Windows 7 KB with that extra snooping thrown in, do you hear that MS! So I hope that there are no BlueKeep like issues in July 2019 as that’s a big No No for Redmond for Security – ONLY – patches.

It sure looks like Windows 7’s Support may just have ended for many folks in July 2019 instead of Jan 2020! If MS keeps that nonsense up!

Reply | Quote

Typo Charlie ..May 2019 KB4499175 for SO (Group B) and either May KB4499164 or June SMQR (via WU for Group A patchers)

Windows - commercial by definition and now function...

1 user thanked author for this post.

Charlie

Reply | Quote

Sorry – not clear to me.  WHICH patches are needed on (a) Win 7 Pro 64-bit and (b) Win  XP Pro?

On my 7, I’m patched through the June patches (group A).  Wasn’t going to do July’s until Defcon 3 or 4, but you tell me.

On my XP, I got all the updates with the POS hack until that stopped after the April updates (and I recall two more SO updates came through after).

So, what am I missing on each?

Thanks.

1 user thanked author for this post.

Seff

Reply | Quote

This raises an important point.

While I believe that the advice here is that we need to ensure we have the necessary update installed from May or June to protect against this threat, the headline appears to instruct XP/Win7 users to get patched – and that implies breaking the normal hold and installing the current July updates, while the DefCon rating is still against doing that.

This seriously needs clarification.

1 user thanked author for this post.

Chessie

Reply | Quote

Seff wrote:

This seriously needs clarification.

XP/Win 7 BlueKeep patch is mandatory disregarding Defcon level, which is global for Home, Pro, Enterprise…and not per Windows version.

Reply | Quote

Quite so. My point is simply that while all the explanations and clarifications provided in these comments are excellent they follow the article and it would actually be good for the headline to be edited to show that it’s the historic BlueKeep fixes that need to be patched, rather than the current July updates which some may otherwise think is what is covered by the briefest of instructions “Get your XP/Win7 systems patched!”

I don’t want Woody or the team to think I’m being overly critical of articles or headlines these days, I’m just trying to remember that we have been joined by a lot of new followers who are not as familiar with things like DefCon ratings as some of us are, and followers generally cover a massive range of technical know-how, so we need to provide clarification on occasion and not assume that because we know what the article or headline means everyone else will do so.

1 user thanked author for this post.

Chessie

Reply | Quote

See post #1890895 below.

Reply | Quote

On my XP, I got all the updates with the POS hack until that stopped after the April updates (and I recall two more SO updates came through after).

Are you using the registry trick or is your business still pay MS for Windows Xp updates? If it paid support, there were three other updates released three days ago.

Reply | Quote

Anonymous – I used the registry hack for the Xp updates through April. But I’ll ask my buddies at MSFN if they have any info.  Even if they do, we won’t be able to access the paid updates.

Reply | Quote

So, disabling remote access to the PC is not enough?

Reply | Quote

[Myst]

The headline to this post says it all. In addition, you might want to read the comment by @PKCano above at #1888789. Previous posts also talk about disabling Remote Access might not be enough.

MacOS iPadOS and sometimes SOS

• This reply was modified 5 years, 9 months ago by Myst.

2 users thanked author for this post.

rexr, Bluetrix

Reply | Quote

Note I am not with this company, but I do want to let users know they have a choice beside ms if they want to patch only bluekeep. And Yes I know they charge as this is in PRO. ( who knows might go to free it outbreak is bad enough)

https://www.infosecurity-magazine.com/infosec/patching-bluekeep-big-1-1-1/

“. In addition to Microsoft’s own patch, though, BlueKeep has a ‘micropatch’ courtesy of 0Patch”

https://0patch.com/patches.html

Reply | Quote

I thought that Bluekeep exploit was released three or four months ago. Groups now a days infect and hide inside OS with backdoor programs to create a huge bot net. This is why they released the exploit free so the script kids can play and cause a distraction from the original infection that can lay dormant for months or years before it is deployed. This is how money is generated now.

Reply | Quote

Not so. You can’t exploit the vulnerability without showing up and that just isn’t happening, according to Kevin Beaumont.

https://www.askwoody.com/2019/kevin-beaumont-still-no-sign-of-bluekeep-in-the-wild/

cheers, Paul

Reply | Quote

Did ZDNet announced that the exploit was already released a few weeks ago? Does someone remember the article?

Reply | Quote

I M confused.  We are at DEFCON 2 and not suppose to apply patches.  Yet you say that wIndows 7 users should patch.  Just to be sure should I apply the Windows 7 patches now or wait for Woody to give the go ahead and  apply my monthly patches.

Reply | Quote

DEFCON 2 refers to the Current month’s patches – that’s means, in this case JULY patches. DEFCON 2 does NOT mean you can’t install ANY patch.

The fix for BlueKeep (the patching referred to in this thread) was present in the MAY Security-only Updates (Group B), the MAY Monthly Rollup and the JUNE Monthly Rollup (Group A). These patches have already passed the DEFCON rating and can be installed any time.

Only the JULY patch installation are restricted by the current DEFCON 2.

4 users thanked author for this post.

Chessie, rexr, L95, Seff

Reply | Quote

[L95]

I agree with other commenters that the headline seemed confusing.  But now that PKCano has written this clarification,  it seems to me that the article only applies to people who hadn’t already updated in May or June.   If I’m wrong about this,  please correct me.

• This reply was modified 5 years, 9 months ago by L95.

2 users thanked author for this post.

Chessie, woody

Reply | Quote

PKCano – as this item also talks about XP, which XP patches are needed?  Thanks.

Reply | Quote

May patch KB4500331.

Reply | Quote

Pardon my ignorance, but just what is BlueKeep? I realize that it is some sort of malware, but the discussion here-to-fore has not made it clear just what sort it is.

= Ax Kramer

Reply | Quote

https://en.wikipedia.org/wiki/BlueKeep_(security_vulnerability)
this wiki explains it 🙂

Windows - commercial by definition and now function...

3 users thanked author for this post.

Chessie, F A Kramer, woody

Reply | Quote

Thank you Microfix for putting up the wiki description of Blue Keep. What is a Blue…Keep? Don’t know why such odd names are used instead of Remote Access Vulnerability which then describes what it is. Thank you for setting us straight.

Now I am curious what Canadian Tech thinks about this exploit.

Reply | Quote

This tweet is somewhat of an answer to what is a BlueKeep, Red Keep is a castle in the television series Game of Thrones. Somewhere on Twitter is Kevin’s personal logo for this exploit because every vulnerability needs one. 🙂

Reply | Quote

I’m always amused by the ‘cute’ icons someone comes up with for these ‘big’ security issues.

The Meltdown and Spectre ones (especially the ghost holding the branch for Spectre) always give me a bit of a chuckle and now we have the nice blue castle for BlueKeep. Lovely.

Wonder how much money is getting paid to the ‘artists’ who design these things? Mind you, I’m sure it isn’t anywhere near as much as these ‘security researchers’ get for seemingly spending every hour of every day looking for the endless security issues in Windows.

Security really is a multi million (billion?) dollar industry, isn’t it? The ‘security researchers’ keep raking in the money and Microsoft are able to ‘keep a leash’ on customers’ computers with the never ending security updates.

Looks like I’ve been working in the wrong business all these years – I should have continued learning computer programming which I dabbled in for a while back in the 80’s and maybe today I could be a Windows  ‘security researcher’ too – I might even have been a millionaire by now.

(Disclaimer – the above post is intended as sarcasm but I have a strong suspicion a large part or all of it is actually close to the truth).

1 user thanked author for this post.

anita.yk

Reply | Quote

I missed the patch links in all that, old eyes. So here are the BlueKeep patch links to MS. These installed on my old machines without a hitch:

Win7/Server2008 & R2: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

WinXP/Server2003 & R2: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Win10 Pro 20H2,backups with Macrium Reflect home edition

1 user thanked author for this post.

Myst

Reply | Quote

Kaspersky Security software (KIS, KAV..) 2020 have been just released (for now in English). One of the new features is guarding against RATs (remote access tools) :

Another type of threats we’ve dealt with in this update is RATs aka remote access tools. RATs are legitimate tools used for remote support, often misused by cybercriminals to defraud people. In the 2020 versions of Kaspersky security products, protection against RATs of all kinds is enabled by default. This to ensure a user is protected from getting a RAT without their consent. In case the user really needs to use such a tool, they can temporarily disable that protection.

https://www.kaspersky.com/blog/kaspersky-2020-security-solutions/27749/

1 user thanked author for this post.

Myst

Reply | Quote

There’s a good article over at borncity dated June 6th 2019 regarding advice, patch checks and additional optional actions available.

Windows - commercial by definition and now function...

1 user thanked author for this post.

SueW

Reply | Quote