Jump to content

Patch it, patch it real good (88 vulnerabilities and "authenticated" remote code execution against any Windows version)

justpoet
 Share
Posted

https://www.bleepingcomputer.com/news/security/microsoft-ntlm-flaws-expose-all-windows-machines-to-rce-attacks/

https://www.bleepingcomputer.com/news/microsoft/microsofts-june-2019-patch-tuesday-fixes-88-vulnerabilities/

 

I'm just going to leave these here as a nice reminder to make sure you're patched and up to date.  These are now fixed in patches.

 

The first is quite fun, allowing for remote code execution via "authenticated" users.  The second is a gigantic bunch of patch Tuesday.  

 

Also of note, intel NUCs have had BIOS and other updates to fix large security flaws in them too over the past couple days.  

 

So, "Get to da patches!"

 

Quote

With the release of the June 2019 security updates, Microsoft has released 4 advisories, 1 servicing stack update, and updates for 88 vulnerabilities, with 21 being classified as Critical. Some of the advisories includes updated drivers and software that fix vulnerabilities in 3rd-party hardware and software

Quote

Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version.

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
14 minutes ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

On a more serious note, ouch. Good that it's patched, but ouch.

Time to remind everyone my PC's mostly live offline...

My eyes see the past…

My camera lens sees the present…

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

It’s a good thing my Mac never gets any viruses

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

DO YOU GUYS EVEN HAVE PHONES?!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I guess when I get home I’ll have to get the computer out of the work truck and get these updates done. As well as the nuc on the tv. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, Zodiark1593 said:

Time to remind everyone my PC's mostly live offline...

 

2 hours ago, Dan Castellaneta said:

That'll do.

 

It will but proposing everyone becomes an offline brilliant woodsman is ok for the unabomber but not really a feasible solution, just saying. 

-------

Current Rig

-------

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, Misanthrope said:

 

 

It will but proposing everyone becomes an offline brilliant woodsman is ok for the unabomber but not really a feasible solution, just saying. 

DFkMU.png

"Mostly" is a hell of a word.

Check out my guide on how to scan cover art here!

Local asshole and 6th generation console enthusiast.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

this is what chromeOS is for

michaelsoft binbows vulnerabilities again?

michael, fix your product

Don't forget to use the "Quote" feature or mention me ( @Gegger) if you want me to see your reply!

Community Standards // Forum Quickstart Guide // Floatplane // Forum FAQ // The Parrot Gang
Banned by Linus in the "banning game" thread who added insult to injury by putting this crap in my sig >(

WE ARE THE DARK SIDE Don't be a light theme peasant

Spoiler

             ........:oo:........

           o//ssssssssyhhysssss+////o               .''''''''''''''. 

          mddmmm/::ddddddddddddddmmmyss::/mmN       |   PARTY ON   |

          o..+oodddmmmhhhhhhhhhhhdmmmmmdddooy       | ,............'

         h::oyyhddmmm+++///////////++++++mmmddy::s  |/

      Nyyo[[sddhyyyyy::::::::::::::::::::yyymmh//oyym

     h..:oohmm+:://///::::////////////////+mmmmms..sNN

     m++sddmmm+::hddhhy::+ddddddddddddddhhhmmmmmdhh+++d

    Nsssyyhmmhssooodmmhhh::+mmdyyyyyyyyddddddmmmmmmmmo::d

   mmd../mmmmmo::shhdmmhhh::+mmhooooooooyhhmmmmmmmmmmmyssdmm

  +++++smmdddo::///dmmhhh::+mmhooooooooooommmmmddddmmmdd/++m

 ``+hhhmmhoo/:::::oooooossymmhooooooooyyymmdoooooydddmmo//N

 ++:mmmmmy:::::::::::::/yyhmmhooooooooyhhmmd:::::+yyhmmyssddd

ooommmmmy:::::::::::::://ommhooooooooooommd:::::://shhdmm+..

yyhmmh++/::::::::::::::::+mmhooooooooyyymmd::::::::/++hmm+//

dddmmh++/::::::::::::::::+mmhooooooooyhhddh:::::::::::hmmysshhd

mmmmmdhhs::::::::::::::::+mmhoooooooohhhhhy:::::::::::hmmhhh``+

mmmmmh++/::::::::::::::::+mmdhhsooooodmm++/:::::::::::hmmsss``+

dddmmhoo+::::::::::::::::+dddddyssyyydmm::::::::::::::hmmsoo++o

dddmmdhho::::::::::::::::+hhdmmddddmmmmm::::::::::::::hmmsooNNN

mmmmmh///::::::::::::::::+hhdmmmmmmmmddd::::::::::::::hmmsoo++/

yyhmmdss+::::::::::::::::/ooydddmmmmmsoo::::::::::::::yddhyy::+

++ommmmmy:::::::::::::::::::ohhdmmddd/::::::::::::::::shhdmmsssNNNmmN

..+mmmmmy:::::::::::::::::::://shh+//:::::::::::::::::://dmmmmdoo+..o

``+dddmmhss+:::::::::::::::::::+++/::::::::::::::::::::::ooodddhhysshNNy++m ``+hhdmmdhhs///:::::::::::::::::::::::::::::::::::::::::::::yyymmmmmmmmo++hNNmdd ``+hhdmmdhhhhh+:::::::::::::::::::::::::::::::::::::::::::::::/hhhhhdmmmmmsoo... ``+ddmmmdhhhhhyyyyyyyyyyyo:::::::::::::::::::::::::::::::::::::+++++sdddmmdhhsss//+ ``+mmmmmhsshhhhhhhhhhhhhhy++/:::::::::::::::::::::::::::::::::::::::+ssyyydmmddd///hhd ``+mmmmmy::shhhhhhhhhhhhhhhhs:::::::::::::::::::::::::::::::::::::::::::::ymmmmmmmh../ ``+mmmmmy:://////////////ohhhyy+::::::::::::::::::::::::::::::::::::::::::///hddmmmhhs++s ``+mmmmmhssssssssssssssssydddddysssssssssssssssssssssssssssssssssssssssssssssdddmmmmmy::s ``+mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmhooh

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Wished microsoft changed how updates are handled.

Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

            CPU: Ryzen 9 5900X          Case: Antec P8     PSU: Corsair RM850x                        Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

            Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

i guess that was the update that ran on my PC last night.

🌲🌲🌲

 

 

 

◒ ◒ 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Actually just updated to 1903 again. Seems to be much better than last time I tried it had it shoved down my throat.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, Rune said:

shoved down my throat

Sorry about that ?

Please quote my post, or put @paddy-stone if you want me to respond to you.

Spoiler
  • PCs:- 
  • Main PC build  https://uk.pcpartpicker.com/list/2K6Q7X
  • ASUS x53e  - i7 2670QM / Sony BD writer x8 / Win 10, Elemetary OS, Ubuntu/ Samsung 830 SSD
  • Lenovo G50 - 8Gb RAM - Samsung 860 Evo 250GB SSD - DVD writer
  •  
  • Displays:-
  • Philips 55 OLED 754 model
  • Panasonic 55" 4k TV
  • LG 29" Ultrawide
  • Philips 24" 1080p monitor as backup
  •  
  • Storage/NAS/Servers:-
  • ESXI/test build  https://uk.pcpartpicker.com/list/4wyR9G
  • Main Server https://uk.pcpartpicker.com/list/3Qftyk
  • Backup server - HP Proliant Gen 8 4 bay NAS running FreeNAS ZFS striped 3x3TiB WD reds
  • HP ProLiant G6 Server SE316M1 Twin Hex Core Intel Xeon E5645 2.40GHz 48GB RAM
  •  
  • Gaming/Tablets etc:-
  • Xbox One S 500GB + 2TB HDD
  • PS4
  • Nvidia Shield TV
  • Xiaomi/Pocafone F2 pro 8GB/256GB
  • Xiaomi Redmi Note 4

 

  • Unused Hardware currently :-
  • 4670K MSI mobo 16GB ram
  • i7 6700K  b250 mobo
  • Zotac GTX 1060 6GB Amp! edition
  • Zotac GTX 1050 mini

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
9 hours ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

Boi :D

 

9 hours ago, Dan Castellaneta said:

On a more serious note, ouch. Good that it's patched, but ouch.

 

Judge a product on its own merits AND the company that made it.

How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill | (Probably) Why LMG Merch shipping to the EU is expensive

Oneplus 6 (Early 2023 to present) | HP Envy 15" x360 R7 5700U (Mid 2021 to present) | Steam Deck (Late 2022 to present)

 

Mid 2023 AlTech Desktop Refresh - AMD R7 5800X (Mid 2023), XFX Radeon RX 6700XT MBA (Mid 2021), MSI X370 Gaming Pro Carbon (Early 2018), 32GB DDR4-3200 (16GB x2) (Mid 2022

Noctua NH-D15 (Early 2021), Corsair MP510 1.92TB NVMe SSD (Mid 2020), beQuiet Pure Wings 2 140mm x2 & 120mm x1 (Mid 2023),

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
9 hours ago, Zodiark1593 said:

Time to remind everyone my PC's mostly live offline...

Time to remind everyone to look both ways before crossing the street. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Well that's great really. Security, stability and performance priority as always as it should be. We alread got a very good feature set in OS for now so yeah. 

| Ryzen 7 7800X3D | AM5 B650 Aorus Elite AX | G.Skill Trident Z5 Neo RGB DDR5 32GB 6000MHz C30 | Sapphire PULSE Radeon RX 7900 XTX | Samsung 990 PRO 1TB with heatsink | Arctic Liquid Freezer II 360 | Seasonic Focus GX-850 | Lian Li Lanccool III | Mousepad: Skypad 3.0 XL / Zowie GTF-X | Mouse: Zowie S1-C | Keyboard: Ducky One 3 TKL (Cherry MX-Speed-Silver)Beyerdynamic MMX 300 (2nd Gen) | Acer XV272U | OS: Windows 11 |

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 hours ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

On a more serious note, ouch. Good that it's patched, but ouch.

I really need to turn off forced blocks to updates on Win 10 and update... oh forget it. The hackers can have it. I might just nuke it from orbit. Literally at this point dealing with a hack is going to be easier than updating a 10 install...

Win has 1/4 a gig update. Joy.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

As IT that works for a very very large organization where security is vital and that relies heavily on windows and every update has to go through long periods of testing and certification before we deploy it...

 

fuck me.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Is there a metasploit module yet? 

18 hours ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

On a more serious note, ouch. Good that it's patched, but ouch.

 

Linux isn't always great either when you don't patch it.

 

Snap < 2.37.1 is vulnerable to local privilege escalation called dirty sock

 

https://github.com/initstring/dirty_sock

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, TigerHawk said:

As IT that works for a very very large organization where security is vital and that relies heavily on windows and every update has to go through long periods of testing and certification before we deploy it...

 

fuck me.

see your dead hands writing on this forum next week

I live in misery USA. my timezone is central daylight time which is either UTC -5 or -4 because the government hates everyone.

into trains? here's the model railroad thread!

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×