Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
justpoet

Patch it, patch it real good (88 vulnerabilities and "authenticated" remote code execution against any Windows version)

Recommended Posts

Posted · Original PosterOP

https://www.bleepingcomputer.com/news/security/microsoft-ntlm-flaws-expose-all-windows-machines-to-rce-attacks/

https://www.bleepingcomputer.com/news/microsoft/microsofts-june-2019-patch-tuesday-fixes-88-vulnerabilities/

 

I'm just going to leave these here as a nice reminder to make sure you're patched and up to date.  These are now fixed in patches.

 

The first is quite fun, allowing for remote code execution via "authenticated" users.  The second is a gigantic bunch of patch Tuesday.  

 

Also of note, intel NUCs have had BIOS and other updates to fix large security flaws in them too over the past couple days.  

 

So, "Get to da patches!"

 

Quote

With the release of the June 2019 security updates, Microsoft has released 4 advisories, 1 servicing stack update, and updates for 88 vulnerabilities, with 21 being classified as Critical. Some of the advisories includes updated drivers and software that fix vulnerabilities in 3rd-party hardware and software

Quote

Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version.

 

Link to post
Share on other sites

Time to remind everybody that you use Linux!

On a more serious note, ouch. Good that it's patched, but ouch.


Volume / Normalized 100% / 66% (content loudness 3.7dB)

Local VHS collector and video capture amateur. PM me for any questions concerning VHS recording if interested.

 

 

@Dan Castellaneta x @pinksnowbirdie | Jake x Tyler :^

Link to post
Share on other sites
14 minutes ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

On a more serious note, ouch. Good that it's patched, but ouch.

Time to remind everyone my PC's mostly live offline...


The pursuit of knowledge for the sake of knowledge.

Forever in search of my reason to exist.

Link to post
Share on other sites
Just now, Zodiark1593 said:

Time to remind everyone my PC's mostly live offline...

That'll do.


Volume / Normalized 100% / 66% (content loudness 3.7dB)

Local VHS collector and video capture amateur. PM me for any questions concerning VHS recording if interested.

 

 

@Dan Castellaneta x @pinksnowbirdie | Jake x Tyler :^

Link to post
Share on other sites

DO YOU GUYS EVEN HAVE PHONES?!


Build Logs: Cotton Candy Threads | ZEN CLARITY + | Just NCASE mITX | Noc Noc | NUC | Storage Log

 

Cotton Candy Threads - CPU AMD Threadripper 2950X | GPU EVGA FTW3 RTX 2080 Ti | MOBO Asus ROG Zenith Extreme | MEMORY 128GB (8x 16GB) Corsair Vengeance RGB 3200 | STORAGE 3x Samsung 960 Evo SSD + 4x Crucial P1 1TB + 2x Seagate Ironwolf 8TB 7.2k HDDs | PSU Corsair HX1200i w/ Cablemod Pro Extensions | COOLING Cooler Master TR4 ML360 | CASE Lian Li O11 Dynamic Black | LIGHTING 2x Corsair HD120 Fans, 4x Corsair Addressable RGB Strips, 2x Corsair Commander Pro | PCPP
 
ZEN CLARITY + - CPU AMD Ryzen 2700X | GPU Radeon VII | MOBO Crosshair VII Hero | MEMORY 32GB (4x 8GB) Corsair Vengeance RGB Pro @ 3200 | STORAGE Samsung 960 Pro SSD + 2x SanDisk Ultra II SSDs | PSU Corsair RM1000i | COOLING Corsair H150i Pro | CASE Crystal 570X | LIGHTING 6x Corsair SP120 Fans, Cablemod Addressable RGB Strip, Corsair Commander Pro | PCPP
 
Just NCASE mITX - CPU Intel Core i7 8700K @ 5.2GHz | GPU EVGA RTX 2080 Ti XC | MOBO Asus Z370-I Gaming | MEMORY 16GB (2x 8GB) G.Skill Triden-Z RGB 3000 | STORAGE Samsung 960 Evo 500GB SSD + Corsair MX500 1TB M.2 SSD | PSU Corsair SF600 | COOLING Noctua NH-U9S w/ Redux Push/Pull Fans | CASE NCase M1v5 | LIGHTING 2x Cablemod Addressable RGB Strips | PCPP
 
Noc Noc, Who's There? - CPU AMD Threadripper 1950X | GPU ASUS RTX 2080 Ti OC | MOBO ASRock X399M Taichi | MEMORY 32GB (4x 8GB) GSkill Trident-Z 3200 | STORAGE Samsung 970 Evo SSD | PSU Corsair HX1000i w/ Cablemod Pro B&W Kit | COOLING Noctua U9 TR4 w/ 2x Redux 92mm | CASE Corsair 280X White | FANS 6x Noctua 140mm Redux | PCPP
Link to post
Share on other sites

I guess when I get home I’ll have to get the computer out of the work truck and get these updates done. As well as the nuc on the tv. 

Link to post
Share on other sites

i updated the Windows install on my pc...

 

goddamn those are big vunerabilities...


Phone: iPhone 7 | 128GB | iOS 13

Laptop: Asus ZenBook Pro UX510UXK | i5 7200U | HD620 | GTX 950M | 8GB RAM | 1TB SSD | 128GB SSD | Windows 10

Gaming PC: Core i3 8100 | R9 290X | Asus Prime Z370-P | Bitfenix Whisper 850W | 16GB RAM | 2x256GB SSD & 500GB SSD & 1TB HDD | Windows 10

Link to post
Share on other sites
2 hours ago, Zodiark1593 said:

Time to remind everyone my PC's mostly live offline...

 

2 hours ago, Dan Castellaneta said:

That'll do.

 

It will but proposing everyone becomes an offline brilliant woodsman is ok for the unabomber but not really a feasible solution, just saying. 


-------

Current Rig

-------

Link to post
Share on other sites
Just now, Misanthrope said:

 

 

It will but proposing everyone becomes an offline brilliant woodsman is ok for the unabomber but not really a feasible solution, just saying. 

DFkMU.png

"Mostly" is a hell of a word.


Volume / Normalized 100% / 66% (content loudness 3.7dB)

Local VHS collector and video capture amateur. PM me for any questions concerning VHS recording if interested.

 

 

@Dan Castellaneta x @pinksnowbirdie | Jake x Tyler :^

Link to post
Share on other sites

this is what chromeOS is for

michaelsoft binbows vulnerabilities again?

michael, fix your product


Don't forget to use the "Quote" feature or mention me ( @Gegger) if you want me to see your reply!

Community Standards // Forum Quickstart Guide // Floatplane // FAQ

If you want to make a thread, check if there is another related thread first.

It's LTT Folding Month! Donate computing power to fight cancer and other diseases!

Don't be a light theme peasant

Good job using dark theme

Link to post
Share on other sites

Wished microsoft changed how updates are handled.


Specifications:

Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

CPU: Ryzen 7 2700X @ 4.2Ghz                                                                                     Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

Boot drive: Samsung 970 EVO plus 250GB            Second drive: Micron 1100 2TB         GPU: EVGA RTX 2080 ti Black edition @ 2Ghz

Case: Antec P8                                                                                                                    PSU: Antec HGC850

Link to post
Share on other sites

Actually just updated to 1903 again. Seems to be much better than last time I tried it had it shoved down my throat.


 

 

Link to post
Share on other sites
4 hours ago, Rune said:

shoved down my throat

Sorry about that 🤣


Please quote my post, or put @paddy-stone if you want me to respond to you, I may not see your post otherwise.

 

Spoiler
  • PCs:-
  • AM4 1700 build https://uk.pcpartpicker.com/user/paddy.stone/saved/XyXyXL
  • ASUS x53e  - i7 2670QM / Sony BD writer x8 / Win 10, Elemetary OS, Ubuntu/ Samsung 830 SSD
  • Lenovo G50 - 8Gb RAM - Samsung 860 Evo 250GB SSD - DVD writer
  •  
  • Displays:-
  • Panasonic 55" 4k TV
  • LG 29" Ultrawide
  •  
  • Storage/NAS/Servers:-
  • Main Server - ASrock AB350M Pro 4 - AMD Athlon 200GE - 16GB DDR4 2133Mhz RAM - 240GB Crucial M500 SSD Boot Drive, running Windows 10, plex server - 4x 4TB Seagate Ironwolf HDDs.
  • Backup server - HP Proliant Gen 8 4 bay NAS running FreeNAS ZFS striped 3x3TiB WD reds
  • HP ProLiant G6 Server SE316M1 Twin Hex Core Intel Xeon E5645 2.40GHz 48GB RAM
  •  
  • Gaming/Tablets etc:-
  • Xbox One S 500GB + 2TB HDD
  • PS4
  • Nvidia Shield TV
  • Xiaomi/Pocaphone F1 128GB 6GB RAM
  • Xiaomi Redmi Note 4
  • Lenovo k3 note
  • Windows tablet
  •  
  • Unused Hardware currently :-
  •  
  • i7 6700K  b250 mobo - Thermaltake Core V21-  EVGA Supernova G2 650W Gold PSU
  • AMD phenom II 1055t / 8GB RAM / DVD writer
  • Zotac GTX 1060 6GB Amp! edition x2
  • Zotac GTX 1050 mini
  • Nvidia Shield K1 tablet

 

 

Link to post
Share on other sites
9 hours ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

Boi :D

 

9 hours ago, Dan Castellaneta said:

On a more serious note, ouch. Good that it's patched, but ouch.

 


How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

iPhone 8 Plus (Mid 2019 to present)

Samaritan XL (Early 2018 - present with 2019 GPU upgrades) - AMD Ryzen 7 1700X (8C/16T) , MSI X370 Gaming Pro Carbon, Corsair 16GB DDR4-3200MHz ,  Asus ROG Strix RX Vega 56 , Corsair RM850i PSU, Corsair H100i v2 CPU Cooler, Samsung 860 EVO 500GB SSD, Seagate BarraCuda 2TB HDD (2018), Seagate BarraCuda 1TB HDD (2014), NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML 140 Pro

Link to post
Share on other sites

Well that's great really. Security, stability and performance priority as always as it should be. We alread got a very good feature set in OS for now so yeah. 


Ryzen 7 3800X | X570 Aorus Elite | G.Skill 16GB 3200MHz C16 | Radeon RX 5700 XT | Samsung 850 PRO 256GB | Mouse: Zowie S1 | OS: Windows 10

Link to post
Share on other sites
13 hours ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

On a more serious note, ouch. Good that it's patched, but ouch.

I really need to turn off forced blocks to updates on Win 10 and update... oh forget it. The hackers can have it. I might just nuke it from orbit. Literally at this point dealing with a hack is going to be easier than updating a 10 install...

Win has 1/4 a gig update. Joy.

Link to post
Share on other sites

As IT that works for a very very large organization where security is vital and that relies heavily on windows and every update has to go through long periods of testing and certification before we deploy it...

 

fuck me.

Link to post
Share on other sites

Is there a metasploit module yet? 

18 hours ago, Dan Castellaneta said:

Time to remind everybody that you use Linux!

On a more serious note, ouch. Good that it's patched, but ouch.

 

Linux isn't always great either when you don't patch it.

 

Snap < 2.37.1 is vulnerable to local privilege escalation called dirty sock

 

https://github.com/initstring/dirty_sock


                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to post
Share on other sites
4 hours ago, TigerHawk said:

As IT that works for a very very large organization where security is vital and that relies heavily on windows and every update has to go through long periods of testing and certification before we deploy it...

 

fuck me.

see your dead hands writing on this forum next week


into trains? here's the model railroad thread!

The way to get the specs for my PC. go to the store. Buy some potatos. boil them and mash the. and stuff that in a focus g with a ssd.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×