News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • BlueKeep exploitation expected soon

    Posted on July 23rd, 2019 at 02:59 Kirsty Comment on the AskWoody Lounge

    Several hours ago, there was a lot of noise on Twitter about a Github explanation on how to “weaponize” BlueKeep, triggering fears it could soon be widely expolited.

    Dan Goodin‘s article on ArsTechnica.com is fairly succinct:

    BEWARE OF WORMABLE EXPLOITS —
    Chances of destructive BlueKeep exploit rise with new explainer posted online

     
    We’ll be keeping an eye on Kevin Beaumont’s Twitter feed, to see what he posts about it today.

    Are you protected?

     
    UPDATE:
    Kevin Beaumont is also warning about a more imminent threat from BlueKeep

  • Kevin Beaumont: Still no sign of BlueKeep in the wild

    Posted on July 18th, 2019 at 03:24 woody Comment on the AskWoody Lounge

    In case you were wondering, Kevin Beaumont hasn’t yet detected any BlueKeep infections:

    Good news for you and I – and yet another reminder to install the May Win7 (and XP and Vista) patch!

     

  • Are Bluekeep patches causing BSODs with Server 2008 SP2 and Vista?

    Posted on June 7th, 2019 at 17:23 PKCano Comment on the AskWoody Lounge

    There are reports that the Monthly Rollups started causing problems with Server 2008 SP2 beginning in April. It seems the same issues have occurred on Windows Vista  with Microsoft’s advice to patch for Bluekeep using Server 2008 SP2 patches.
    According to the same anonymous poster who reported the issues in April with KB4493471:

    I realize this topic is getting old, but Avast just recently took action to address issues that have existed on Server 2008 SP2 since April updates changed the build number to 6003.[…]. They say “the squeaky wheel gets the oil,” and Windows 7 certainly squeaks louder than Server 2008; but Avast finally heard a different squeak in a recent spiceworks thread titled Windows Bluekeep patches causing Win32k.sys 0x0000008E BSOD. Avast has recently posted new Knowledge Base articles with titles such as BSOD/Failure to Boot after Installing Avast Business Antivirus version 18.8 on Windows Server 2008. The same issues occurred on Windows Vista if Microsoft’s advice to patch BlueKeep by installing KB4499180 was taken.

    Are any of you seeing these issues, particulatly among those patching Vista for Bluekeep with the Server 2008 SP2 Rollups?

    Reference: Spiceworks thread and Avast Knowledge Base article.

    Thx, anonymous

  • Yes, pirate copies of Win XP and Win7 can install the “wormable” BlueKeep security fixes

    Posted on June 1st, 2019 at 01:45 woody Comment on the AskWoody Lounge

    I’m seeing references to this all over the web, but it looks like pirated copies of Win7 will get the BlueKeep fix through Windows Update, and the XP patch (manually downloaded) will work on pirated XP machines, too.

    All of the articles I’ve seen refer to a statement by Paul Cooke, who used to be Director of Product Marketing for Windows Client at Microsoft. Nowadays, according to his LinkedIn profile, he’s Senior Manager of Identity and Access Management at Providence Health & Services in Renton, but anyway…

    Back in 2009, Cooke, writing on the now-defunct Microsoft Windows Security Blog promised us all:

    There seems to be a myth that Microsoft limits security updates to genuine Windows users.

    Let me be clear: all security updates go to all users.

    I’m not at all comfortable with a promise made by an ex-employee more than a decade ago, but if you’re wondering, that’s the promise everyone’s quoting these days, and that’s where it came from.

    I can find no more-recent corroboration, but I’d welcome anything you can uncover.

  • Update: The “wormable” Win XP/Win7 RDP security hole, BlueKeep, still hasn’t been cracked

    Posted on May 29th, 2019 at 14:32 woody Comment on the AskWoody Lounge

    Forgive me for joining the Chicken Little crowd a couple of weeks ago and recommending that all of you folks running

    • Windows XP (including Embedded)
    • Windows Server 2003, Server 2003 Datacenter Edition
    • Windows 7
    • Windows Server 2008, Server 2008 R2

    install the latest patches for the “wormable” RDP security hole. (Kevin Beaumont has taken to calling the security hole “BlueKeep” and it seems the name has caught on.)

    Fortunately, I’m not aware of any problems arising from installing the patches. Unfortunately (???), the pressing need just wasn’t there.

    Why? Ends up that turning BlueKeep into a real exploit is a very difficult job. According to Beaumont:

    I’ve asked every expert I can find about an obvious solution — isn’t it sufficient to simply turn off the Remote Desktop Protocol in the user interface? (In Win7, Start > Control Panel > System and Security > System > Remote Settings, in the System Properties dialog box, click Don’t Allow Connections to This Computer.) That, and/or blocking port 3389 (the port RDP uses by default) should be enough to keep any RDP-related malware at bay. At least, it appears that way to me.

    But I haven’t received a positive response from any of those experts. The ones who know ain’t sayin’. And the ones who probably do know aren’t willing to stick their necks out. It’s hard to fault them: Microsoft hasn’t provided any guidance on the matter, one way or another, so if blocking RDP ends up being insufficient — no matter how logical — there’s a lot of exposure to the person making the recommendation.

    I’ll keep you posted as I hear more, but it looks like the Sky Ain’t Fallin’.

  • There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug

    Posted on May 20th, 2019 at 08:19 woody Comment on the AskWoody Lounge

    But it isn’t yet capable of inflicting damage