News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • The trials and tribulations of Windows 7

    Posted on Tracey Capen Comment on the AskWoody Lounge

    Home Forums AskWoody blog The trials and tribulations of Windows 7

    Viewing 1 reply thread
    • Author
      Posts
      • #2141832 Reply
        Tracey Capen
        AskWoody MVP

        PATCH WATCH By Susan Bradley We’re starting the Windows 7 extended-support era … with more than our fair share of confusion. Before I shed some
        [See the full post at: The trials and tribulations of Windows 7]

        4 users thanked author for this post.
      • #2141995 Reply
        AlexEiffel
        AskWoody_MVP

        Susan,

        Thank you for your risk assessment report about Windows 7 post support-era.

        About CVE-2020-0738, does it mean that you could get infected while browsing a web page on any browser? If so, it puts the risk at a whole different level than just having to avoid using IE.

        Do you have any mitigation to suggest that doesn’t involve patches?

        The way I see it, there is a very different category of risk using a PC where you need to download a malicious file and execute it to be infected vs just browsing the web and your browser displaying a tainted ad that will infect you without any other intervention.

        A lot of people that consider themselves careful with computers might want to still run Windows 7 with a third-party browser for casual browsing and/or gaming and with nothing of much value on the PC they run it on, but I think it is important they have a good idea of the risk they get exposed.

        Distinguishing between the different categories of risk and with the knowledge that it is exploited or not seem important.

        • #2142028 Reply
          Cybertooth
          AskWoody Plus

          A reading of the NVD report for this vulnerability suggests that it’s the type of exploit that is typically delivered via a phishing e-mail or some other method that requires a specific action by a victim who has been targeted as a result of who they are or whom they work for. In other words, it’s highly unlikely that a random user will chance on this exploit merely by surfing the Web. Things would be different, though, if you are an employee of a large company, or of government.

          Note that the exploitability score is 2.8 on a scale of 10. While no privileges are needed to take advantage of the flaw, it does require user interaction; see the Base Score Metrics for this value and hover the mouse pointer over “Required”.

           

          7 users thanked author for this post.
        • #2151324 Reply
          Susan Bradley
          AskWoody MVP

          I would recommend “casual browsing” on your phone rather than an unpatched Windows 7.  Clicking on something one shouldn’t is too easy these days.

          Susan Bradley Patch Lady

          1 user thanked author for this post.
          • #2151345 Reply
            Susan Bradley
            AskWoody MVP

            P.S. my goal is to try to keep track if/when these CVE’s start to be seen in attacks.

            Susan Bradley Patch Lady

            3 users thanked author for this post.
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The trials and tribulations of Windows 7

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.