Angry customers blame MS10-015 for Blue Screen of Death and XP reboot hell.
Tuesday’s security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death (BSOD), users have reported on the company’s support forum.
Complaints began early yesterday, and gained momentum throughout the day.
“I updated 11 Windows XP updates today and restarted my PC like it asked me to,” said a user identified as “tansenroy” who kicked off a growing support thread . “From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: ‘A problem has been detected and Windows has been shutdown to prevent damage to your computer.’”
Others joined in with similar reports. “There is something seriously wrong with the update. I can’t even open in safe mode,” said “Ghellow,” referring to Windows diagnostic mode that’s often a last-chance way to boot a PC.
“I am not very happy with Microsoft as I got to work this morning to find my helpdesk flooded with messages that the PC has the famous Blue Screen,” said “brawfab.”
“I had to go to work and use my Mac to get online to find out what is going on with the XP updates last night,” complained “moosewalk” on the same thread. “I am this much closer to switching over to a Mac for good.”
Source: Infoworld
Microsoft has shipped a security advisory with an urgent message for Windows XP users: Update your Flash Player immediately.
The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to the advisory.
Here’s the warning:
Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe.
The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe.
This issue affects Windows XP Service Pack 2 and Windows XP Service Pack 3. The warning is also applicable to users running Windows XP Professional x64 Edition Service Pack 2.
Adobe discontinued support for Adobe Flash Player 6 in 2006. The latest version of Adobe Flash Player is 10.0.42.34.
Adobe Flash Player is among the most commonly exploited desktop applications so it’s important for all Windows XP users to heed this warning from Microsoft.
Source: ThreatPost
A researcher warns that the transition from Windows XP could leave the developing world vulnerable.
Cybercriminals are lazy. Given the choice between adapting their malicious software to a new operating system or focusing on users who haven’t made the switch, they’ll inevitably choose the path of least resistance, according to a new report from Finnish security firm F-Secure.
This could spell trouble for the developing world. According to F-Secure’s report on 2010 cybercrime trends, the shift from Windows XP to Windows 7 could give rise to malicious software “ghettos” in emerging markets that are slow to upgrade to the more secure operating system. “Cybercriminals will always look for the easy targets,” says F-Secure Chief Research Officer Mikko Hypponen. “And that means they’ll focus on these developing countries.”
Unlike Windows Vista, Windows 7 will eventually replace Windows XP as the primary operating system globally, Hypponen says. But over the next year, there will be pockets of computers around the world that haven’t made the switch. “They don’t have the expertise from the users, they don’t have the firewalls, and now they’ll be running older versions of the operating system with less built-in security,” Hypponen says.
Source: Forbes
[UPDATE] It appears that the problem is not related to Microsoft patches.
Microsoft’s latest round of security patches appears to be causing some PCs to seize up and display a black screen, rendering the computer useless.
The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said Mel Morris , the CEO and CTO for the U.K. security company Prevx.
Prevx was alerted to the problem by users of its security software last week, Morris said. Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar.
However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren’t aware of the changes and don’t run properly, causing a black screen, Morris said.
Security applications seem to be particularly affected. Morris said users of other security products have also complained about the issue, even going so far as trying to reinstall the operating system to fix it.
“If you’ve got this problem, it’s massively debilitating,” Morris said.
Source: Computer World
Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system.
“Microsoft has not and will not put ‘backdoors’ into Windows,” a company spokeswoman said, reacting to a Computerworld story Wednesday.
On Monday, Richard Schaeffer, the NSA’s information assurance director, told the Senate’s Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 “to enhance Microsoft’s operating system security guide.”
Source: Computerworld
The National Security Agency helped Microsoft harden Windows 7 against attacks and is providing similar assistance to Apple, Sun Microsystems and Red Hat too, an agency official said.
The admission came in prepared remarks delivered Tuesday by Richard Schaeffer, the NSA’s information assurance director, at a hearing before the Senate’s Subcommittee on Terrorism and Homeland Security.
“Working in partnership with Microsoft and elements of the DoD, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft’s operating system security guide without constraining the user’s ability to perform their everyday tasks, whether those tasks are being performed in the public or private sector,” Schaeffer stated.
“All this was done in coordination with the product release, not months or years later during the product lifecycle
Full article at: The Register
Microsoft has released a patch to cover a publicly reported denial-of-service (DoS) vulnerability that affects the server messaging block protocol.
Writing in a blog post, group manager at Microsoft Research Centre Mike Reavey, claimed that the vulnerability in SMBv1 and SMBv2 affects Windows 7 and Windows Server 2008 R2.
Reavey said: “I want to be clear that this is a DoS vulnerability that is unrelated to Microsoft Security Bulletin MS09-050 which addressed a remote code execution vulnerability in the SMBv2 protocol. This vulnerability would not allow an attacker to take control or install malware on a user’s system, but could cause the affected system to stop responding until manually restarted.”
The bulletin MS09-050 was released on October’s Patch Tuesday when it impacted the Vista and Windows 2008 platforms. Reavey claimed that the situation was being monitored and Microsoft was not aware of active attacks.
Source: SC Magazine UK
Microsoft has released Security Advisory 977544 related to this issue.
Previously covered on Tech Paranoia: Windows 7 / Server 2008R2 Remote Kernel Crash
Interesting post over at Laurent Gaffié blog about how the latest, “most secure” versions of Windows can be crashed within TWO MINUTES using SMB.
Five critical Windows fixes are expected to be released this patch Tuesday. As reported in The Register:
Microsoft plans to release five critical update bulletins next Tuesday, all critical, in the September edition of its regular Patch Tuesday update cycle.
However, a fix for the IIS zero day flaw is not expected to be released. Which possibly leaves certain IIS configurations vulnerable for up to another month, unless Microsoft releases an out of band patch.
The list of affected software leaves out mention of Microsoft’s IIS Web Server software, which is currently the target of exploits capitalising on a zero-day vulnerability. More specifically, the flaw involves problems in the Microsoft FTP services component bundled with IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
The lack of mention of IIS in Microsoft’s pre-alert implies a set of patches for Microsoft’s web server software software will have to wait until at least October.
Remember to patch your servers!
