Technical Discussion
  >> Windows Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread
Standard User RobertoS
(elder) Tue 09-May-17 23:38:54
Print Post

Windows urgent security update


[link to this post]
 
I get the feeling this is additional to the 9 May update that Nick_ADSL has posted about, as in his summary I don't see it mentioned. I assume that was all packaged up and ready to go.

As I don't use Defender I have nothing to check, and don't think my auto-update has kicked in anyway. However does it imply any AV-product could trigger it?
Microsoft has released an urgent update to stop hackers taking control of computers with a single email.

The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message.

Researchers working for Google's Project Zero cyber-security outfit discovered the flaw at the weekend.

The fix has been specially pushed out hours before the software giant's weekly Tuesday security update.

Hackers could exploit the flaw simply by sending an infected email, instant message or getting the user to click on a web browser link.

Windows 8, 8.1, 10 and Windows Server operating systems are affected by the bug.

Anti-virus software such as Windows Defender would merely have to scan the malicious content for the exploit to be triggered.

On some computers, scans are set up to occur almost instantly - "real-time protection" - or to take place at a scheduled time.

Windows users can check that they are running the latest Windows Defender version (1.1.13704.0), which should download automatically, to make sure they are not at risk - or hit the update button.
Link.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6

Edited by RobertoS (Tue 09-May-17 23:42:57)

Standard User David_W
(knowledge is power) Wed 10-May-17 01:46:35
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
More information is in Microsoft Security Advisory 4022344.

The most likely scenario is that if you are using an affected Microsoft security product that you should automatically pick up the fixed Microsoft Malware Protection Engine within 48 hours of its release assuming you are using an Internet connected system. This Engine is updated frequently and on a much faster release cycle than the monthly cumulative patches for Windows.



ZeN Unlimited Fibre 2 with native IPv6
thinkbroadband speed test : speedtest.net : thinkbroadband quality monitor IPv4 IPv6
Standard User TinyMongomery
(knowledge is power) Wed 10-May-17 07:50:52
Print Post

Re: Windows urgent security update


[re: David_W] [link to this post]
 
As Microsoft say "no action is necessary" as a result of this advisory for the majority of users. Admins who apply updates via a local server may need to take some action, but they should know what they are doing.

==================================
Sovereignty really does mean sovereignty


Register (or login) on our website and you will not see this ad.

Standard User zyborg47
(eat-sleep-adslguide) Wed 10-May-17 08:14:33
Print Post

Re: Windows urgent security update


[re: TinyMongomery] [link to this post]
 
So glad I do not use windows own security system.

Adrian

Desktop machine now powered by windows 8.1 pro 64bit, no dreaded metro, laptop by Linux

Plusnet FTTC
Standard User RobertoS
(elder) Wed 10-May-17 08:36:28
Print Post

Re: Windows urgent security update


[re: David_W] [link to this post]
 
Thanks for the link David.

48 hours is a long time once hackers know there is such a vulnerability however. That is why manual updating is suggested.

There is also the possibility that some proprietary IS systems are vulnerable to similar exploits, and not all end users are meticulous in applying updates. I expect most readers here are.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User TinyMongomery
(knowledge is power) Wed 10-May-17 08:43:14
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
That is why manual updating is suggested.
It's not suggested by Microsoft

==================================
Sovereignty really does mean sovereignty
Standard User BatBoy
(sensei) Wed 10-May-17 09:00:28
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
Re
Windows users can check that they are running the latest Windows Defender version (1.1.13704.0), which should download automatically, to make sure they are not at risk - or hit the update button.
Mine has been updated to this version automatically smile
Standard User RobertoS
(elder) Wed 10-May-17 09:28:22
Print Post

Re: Windows urgent security update


[re: BatBoy] [link to this post]
 
I don't run it smile. There are loads of bits of it visible via File Explorer but I can't find and exe to try to establish its version, and last night couldn't be bothered to enable it in Services to find out or force it. Pointless except for interest.

It will no doubt be updated soon on my main laptop, and Kaspersky and Norton some time today if not already. On the other laptop within minutes of turning on, whenever that is.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6

Edited by RobertoS (Wed 10-May-17 09:30:27)

Standard User bobble_bob
(knowledge is power) Wed 10-May-17 09:45:08
Print Post

Re: Windows urgent security update


[re: zyborg47] [link to this post]
 
To be fair most AV software have had issues, and its choosing the best of a bad bunch at times. Ive used a few over the years and had issues with them flagging boot files as a false positive causing the PC to not boot as it deleted the file, and one even had a false positive which made it think the AV program itself was a virus.
Standard User bobble_bob
(knowledge is power) Wed 10-May-17 14:30:29
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
Dont most email clients (certainly the likes of Outlook web) block any executable code by default on incoming mail?

Still quite concerning as most viruses need some kind of user interaction/stupidity to execute, whether it be visiting a dodgy site, clicking a dodgy link in an email etc
Standard User TinyMongomery
(knowledge is power) Wed 10-May-17 14:42:02
Print Post

Re: Windows urgent security update


[re: bobble_bob] [link to this post]
 
It's not quite that simple. The exploit works by using a flaw in the virus scanner to execute the code.

These sort of exploits will always exist but the heartening thing is how quickly Microsoft has reacted and pushed out a patch. Most users will never be aware that the exploit existed and will have been automatically patched. It really is impressive that it has been fixed so quickly.

==================================
Sovereignty really does mean sovereignty
Standard User RobertoS
(elder) Wed 10-May-17 16:35:57
Print Post

Re: Windows urgent security update


[re: TinyMongomery] [link to this post]
 
+1
And that it was discovered in a lab not active in the field.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User bobble_bob
(knowledge is power) Wed 10-May-17 19:06:14
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
It was impressive how quick it was fixed, but i dont think they had a choice given the circumstances around it
Standard User XRaySpeX
(eat-sleep-adslguide) Wed 10-May-17 22:01:20
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
I can't find and exe to try to establish its version,
.EXE is at "%ProgramFiles%\Windows Defender\MSASCui.exe".

Mine seems to be Antimalware Client Version: 4.10.14393.1066 on Win 10 Anniversary Edition.
EDIT: Duh! That's just the version of Windows itself!

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC

Edited by XRaySpeX (Thu 11-May-17 03:03:14)

Standard User Banger
(eat-sleep-adslguide) Wed 10-May-17 23:24:30
Print Post

Re: Windows urgent security update


[re: XRaySpeX] [link to this post]
 
Is this problem for the Anniversary Edition, as Defender is totally different in Creators Edition. My exe is saying 4.11.15063, is this version affected? BBC article is not very clear.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766
Standard User RobertoS
(elder) Wed 10-May-17 23:53:16
Print Post

Re: Windows urgent security update


[re: Banger] [link to this post]
 
See this Microsoft Advisory. This link posted earlier in the thread by David_W.

Given the products it is stated that have the vulnerability, and the very deep inside sort of bug it is, it would be strange if the Creators Edition version doesn't also have it. Even though the serial number seems much higher. It can't be that much up the development path surely, and even if it is, how "completely different" is it from the mainstream one? An entirely different source starting from scratch at some point in the past?

How often do you update for security patches?

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User Banger
(eat-sleep-adslguide) Thu 11-May-17 00:08:17
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
I have checked Windows Update several times today and had several definition updates and yesterday I had the updates that Nick has posted but looking in WU history I cant see anything about engine update, nor can I find the engine serial number mentioned.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766

Edited by Banger (Thu 11-May-17 00:09:22)

Standard User Banger
(eat-sleep-adslguide) Thu 11-May-17 00:22:19
Print Post

Re: Windows urgent security update


[re: Banger] [link to this post]
 
I seem to have Windows Defender Security Center, with advanced network scanner. So I dont know if it is up to date or not. The exe seems to be the one with Creator Update as it is v4.11.15063.

Edit: It is up to date, found the Engine Version from an Article after googling the vulnerability and learning how to access the Security Centre about page. Phew.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766

Edited by Banger (Thu 11-May-17 00:34:12)

Standard User RobertoS
(elder) Thu 11-May-17 00:52:54
Print Post

Re: Windows urgent security update


[re: Banger] [link to this post]
 
Great.

I thought there had to be an update for it, just not mentioned in the main advisory.

I expect that is because it isn't on full roll-out yet, is it? Available to anyone, but only manually by user download. Also doesn't preserve user settings, whereas the automatic upgrade should.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User Banger
(eat-sleep-adslguide) Thu 11-May-17 01:06:52
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
I downloaded the ISO, and did an Upgrade install. Auto roll out started 11th April, but you can get it now by getting the Windows Upgrade Assistant and that will download it straight away.

I have done several Upgrade installs and they always preserve settings so does the Upgrade Assistant.

Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and TP-Link WD9970 on 80 Meg LLU Fibre
http://www.thinkbroadband.com/speedtest/results.html...

Current Sync: 68696/18766
Standard User XRaySpeX
(eat-sleep-adslguide) Thu 11-May-17 02:59:18
Print Post

Re: Windows urgent security update


[re: Banger] [link to this post]
 
The file in question is actually mpengine.dll not any .EXE. My vers. is only at 1.1.12805.0 on Win 10 Anniversary Edition but Win Defender is disabled.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC

Edited by XRaySpeX (Thu 11-May-17 03:05:26)

Standard User TinyMongomery
(knowledge is power) Thu 11-May-17 07:00:32
Print Post

Re: Windows urgent security update


[re: Banger] [link to this post]
 
It's the version number of the engine, not the executable, that you need. It is listed on the "About" menu in the application.

==================================
Sovereignty really does mean sovereignty
Standard User RobertoS
(elder) Thu 11-May-17 11:57:49
Print Post

Re: Windows urgent security update


[re: XRaySpeX] [link to this post]
 
I'm having a mental blackout frown. I have always found it difficult since upgrading from 8.1 to 10 to find the actual update version of it that I'm on, and right now failing miserably. I suspect from when I clicked for a new tab in IE11 that I got the Creators update last night, as instead of getting my usual "new tab" screen that I have set to the one that holds an array of frequently used I got a Microsft Advertising one with loads of junk and a warning that continuing without changing settings would authorise an avalanche of MS ads from thereon in.

So I followed the link and turned them off, then went to settings and reset that, then restarted as instructed.

History:
Last night the machine had been running dreadfully slow for hours for no apparent reason. When I went to turn it off it offered the common Update and restart or Update and turn off, which I took. It went to the "Preparing to update" screen as usual.

About 5 minutes later I came back and it had shut down. I was surprised as I though it may be this upgrade which I would expect to take longer.

Started it up this morning and as I normally do waited till I could log on, then left it to complete the start-up procedures which don't start till then. Probably 20 minutes later all seemed normal till I clicked this New Tab.

I suspect the slow running and constant fan running was a background installation of Creators.

So I want to see if I'm on 1607 as before or 1703.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6

Edited by RobertoS (Thu 11-May-17 11:59:03)

Standard User IanBB
(committed) Thu 11-May-17 13:45:50
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
Run 'winver' from a command prompt to see which version you are on.
Standard User RobertoS
(elder) Thu 11-May-17 14:00:15
Print Post

Re: Windows urgent security update


[re: IanBB] [link to this post]
 
Thanks Ian smile. 1607 and much easier than what I have always done. D'oh!

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User TinyMongomery
(knowledge is power) Thu 11-May-17 14:07:18
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
In which case you may have concerns about the behaviour that your computer exhibited. Time for a thorough malware scan?

==================================
Sovereignty really does mean sovereignty
Standard User RobertoS
(elder) Thu 11-May-17 14:28:16
Print Post

Re: Windows urgent security update


[re: TinyMongomery] [link to this post]
 
You could be right, except it isn't doing it now, and did stop last night. It does it fairly often for reasons I have always easily traced, which is why I wasn't too worried last night. Though it was rather persistent.

So yes. Time to have some lunch. I shall start a full system Kaspersky scan after posting this, and following that run Malwarebytes as well.

Thanks.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User RobertoS
(elder) Thu 11-May-17 17:55:04
Print Post

Re: Windows urgent security update


[re: TinyMongomery] [link to this post]
 
No problems from Kaspersky. Sixty-nine from Malwarebytes all registry, folder or file stuff to do with PUP.Optional.Amazon1Button.AppFlsh, commented as possibly not required or some such. Not labelled as threats.

So I let it quarantine them. If Amazon needs them no doubt it will reinstate them without my knowledge or complain and I can take it from there.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 63086/13719Kbps @ 600m. BQMs - IPv4 & IPv6

Edited by RobertoS (Thu 11-May-17 17:55:28)

Standard User cheshire_man
(eat-sleep-adslguide) Fri 12-May-17 07:48:01
Print Post

Re: Windows urgent security update


[re: IanBB] [link to this post]
 
No need to use a command prompt, just type winver from the Start button.

Tony
Happily running Windows 10 Pro on both desktop and laptop
We have more and more laws, and less and less enforcement
Standard User RobertoS
(elder) Fri 12-May-17 11:34:18
Print Post

Re: Windows urgent security update


[re: TinyMongomery] [link to this post]
 
Yesterday I started up my older, still Win 10, laptop for a specific reason but forgot all about it for hours. When I came back it had clearly done a Windows update and rebooted, which is what it sometimes does with a count-down warning.

Anyway, I checked the version which was still 1607, but when I went to a new tab in IE11 that too had the grotty MS advertising and links page. As on the other I disabled MS advertising and in Internet Options changed the setting to my usual one.

This MS page is clearly part of the latest update. It calls itself a news feed. I've never seen it before, at least in this format, and it is now the top of the drop down list of options for what happens when you click for a new tab, (defaulting to it after installation as on my main laptop). It used not to be in that list at all.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 64513/13170Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User IanBB
(committed) Fri 12-May-17 11:45:43
Print Post

Re: Windows urgent security update


[re: cheshire_man] [link to this post]
 
I could also have said press Win+R and enter the command 'winver' amongst many other ways of achieving the same result...
Standard User NICK_ADSL_UK
(fountain of knowledge) Tue 16-May-17 01:10:50
Print Post

Re: Windows urgent security update


[re: RobertoS] [link to this post]
 
Customer Guidance for WannaCrypt attacks
Microsoft solution available to protect additional products
https://docs.microsoft.com/en-us/msrc/customer-guida...

Wilders Security Admin
Microsoft MVP - Windows Insider


For the latest in virus software signatures
From the Security specialists
Wilders security

Keep Your Security /Software Current
Upgrades, Updates & Definitions
Major Geeks

Microsoft Security Advisories
Twitter

Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread

Jump to