OMG! Run for the hills! FIVE new Windows zero-days published

Topic

New Reply

I love the headlines these days. “Microsoft warns meeeeelions of customers that the world is coming to an end!” “New zero-days announced and you bette
[See the full post at: OMG! Run for the hills! FIVE new Windows zero-days published]

3 users thanked author for this post.

Carl D, Elly, Kirsty

Reply | Quote

Replies

And, once again I can’t help but wonder just how many of these “scary” zero days would ever have seen the light of day if these (presumably) highly paid “security researchers” hadn’t found them?

I cannot imagine any (or at least most) of these ever being discovered by the “hacker wannabes” hiding away in the darkness of their parents’ basements furiously typing away day in and day out trying to create the next “big scary security issue” (and impress their peers, of course).

As I’ve said before, PC “security” is big business these days with the seemingly never ending “security issues”. And, as I’ve also said before, Microsoft love it because it enables them to keep a ‘leash’ on customers’ computers.

(The best “security tool” is still common sense, in my opinion).

PC1: Gigabyte B560M D2V Motherboard, Intel i5 11400 CPU, 16GB RAM, NVIDIA GeForce GTX 1650 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 22H2 64bit.
PC2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 22H2 64bit.

Reply | Quote

Sitting on vulnerabilities is why we get ransomware like wannacry which took down entire hospitals, yes it was likely used by script kiddies but the vulnerability was stockpiled by a well known 3 letter security agency so they could weaponise it – https://en.wikipedia.org/wiki/Eternalblue

You might think that keeping vulnerabilities under wraps forever means they’ll never be discovered but that’s very much a NOBUS (NObody But US) way of thinking. These things are always discovered and exploited at some point and the state have been shown to be not as smart as they think they are when amassing exploits.

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

I know Woody likes to say lots of security issues are non issues for casual users while not saying they might not be used by three letters agencies.

I just read the following and found it fascinating and way more scary to see how powerful those hidden powers are. Even for someone who knows a thing or two in security, it is impressive to see how it is impossible to think they won’t get you if they want to get you, despite how you are very careful applying advanced techniques to protect yourself.

https://www.theatlantic.com/magazine/archive/2020/06/edward-snowden-operation-firstfruits/610573/

2 users thanked author for this post.

T, SueW

Reply | Quote

[T]

That’s a scary but fascinating read. I believe it’s from Gellman’s new book about Snowden called Dark Mirror and there’s another excerpt over at wired which is also worth reading. I can only imagine how frightening it must be to be a target of the state and how difficult it is to protect yourself all the time because you only have to slip up once for attackers to get you and even then it seems all bets are off when it’s state surveillance after you.

https://www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/

• This reply was modified 3 years, 4 months ago by T.
• This reply was modified 3 years, 4 months ago by T.

2 users thanked author for this post.

AlexEiffel, SueW

Reply | Quote

Since Windows is more and more complex, I am not surprised, that more and more holes are discovered. I honestly dont think, that all can be patched, so the OS is 100% immune.
These proclamations by MSFT are just PR for me, so noobs will see, that MSFT is “working hard” on their OS.
Since their main source of income is Azure, Windows has become out of their main focus and we see lots of systems affected by ransomware, which is known for a long time.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote