Out-of-band updates for serious Windows Codecs Library vulnerabilities available via the Microsoft Store
Microsoft has released two off-schedule patches for serious vulnerabilities in the Windows Codecs Library affecting Windows 10 and Windows Server.
With the updates, which have been released through the Microsoft Store, the company is addressing the "critical" CVE-2020-1425 and the "serious" CVE-2020-1457. Both are Remote Code Execution vulnerabilities, and both have been addressed with little fanfare from Microsoft.
Microsoft releases emergency patch for critical SMB vulnerability in Windows 10 and Windows Server
Earlier this week, Microsoft inadvertently released details of a critical vulnerability in the SMBv3 protocol in Windows 10 and Windows Server. While there was no fix available at the time, the company did provide suggestions about how to mitigate against attacks.
With the information out in the wild, Microsoft was under pressure to get a patch released to customers -- and now it has managed to produce such a fix. KB4551762 is an emergency patch for the CVE-2020-0796 vulnerability, and users are advised to install it as soon as possible.
Microsoft provides mitigation advice for critical vulnerability in SMBv3 protocol
Having inadvertently revealed details of an unpatched security flaw, Microsoft published an advisory that provides details on a recently detected vulnerability in the SMBv3 (Server Message Block) protocol. Attackers who exploit the issue successfully "gain the ability to execute code on the target SMB Server or SMB Client" according to Microsoft's disclosure.
Attacks against SMB Servers use a specially crafted packet that is sent to the target. Attacks against SMB Clients are more complicated as it is required to configure a malicious SMBv3 Server and get users to connect to it.
Microsoft leaks details of unpatched critical SMB vulnerability in Windows 10 and Windows Server
Patch Tuesday is supposed to be the day Microsoft issues bug-fixing updates for Windows and other software, but this week things were a little different. In addition to the usual patches, the company also inadvertently revealed the existence of a critical vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol -- one for which there is currently no patch.
It seems that Microsoft had intended to issue a patch to the vulnerability (CVE-2020-0796) yesterday, and therefore referenced it in the introductory text for the Patch Tuesday release, but then changed its mind -- perhaps because the patch was not ready. Two cybersecurity firms also published brief details of the security flaw, and while Microsoft is still yet to issue a patch, the company has provided details of workarounds.
Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway
A self-described "reverser/pwner [and] Windows kernel hacker" has demoed a working exploit for two recently discovered vulnerabilities in Windows Remote Desktop Gateway (RD Gateway).
The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.
Another Windows 10 update is causing problems, this time with printing
There have been a series of problematic updates for Windows recently, and now yet another one has popped up, this time affecting not only Windows 10, but also Windows 8.1, Windows 7 and Windows Server.
The KB4522016 cumulative update is interfering with printing. The update is causing issues with the printer spooler service, leading to print jobs failing or being canceled without user intervention.
From July, Windows 7 and Windows Server 2008 users will need SHA-2 support to get updates
Microsoft has announced that from the middle of July, Windows 7 and Windows Server 2008 users who want to continue to receive updates will need SHA-2 code signing support.
The change is being introduced because "the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing".
Docker launches Windows Server application migration program
Containerization enables organizations to both modernize existing applications and adopt new technologies based on business requirements. But the process of migrating older systems can be daunting.
Popular container platform Docker is addressing this with the launch of a new Windows Server application migration program. This is designed to allow businesses to migrate and modernize their legacy Windows Server applications in advance of the end-of-support deadline for Microsoft Windows Server 2008.
Microsoft releases Project Honolulu as Windows Admin Center
It has been a while since Microsoft first mentioned Project Honolulu, and several months down the line it has now been released. Hitting general availability sees Microsoft officially revealing the name: Windows Admin Center.
There have already been several previews of Project Honolulu/Windows Admin Center, but now Microsoft will start the big push to encourage sysadmins to use it to manage their Windows Server and Windows 10 deployments.
Microsoft releases HTML5-based Remote Desktop web client preview
Microsoft is working on an HTML5-based Remote Desktop client to allow Windows users to control their devices from the comfort of their favorite browser. The web app was announced at the Ignite event last year and it is now finally available to test.
The Remote Desktop client is offered as a preview at this stage, and is accompanied by official documentation on how it can be set up on Windows devices. The web version is compatible with Windows 7 SP1 or Windows Server 2008R2 and newer, but it also requires a "compatible" browser as well.
Microsoft releases update that fixes problematic Meltdown patch
As if the Meltdown and Spectre chip vulnerabilities weren't bad enough in their own right, the patches designed to fix them caused a further series of problems. A Swedish researcher recently discovered that Microsoft's Meltdown fixes lowered security in Windows 7 and Windows Server 2008 R2, and now the company has issued a fix.
As the new patch is being released outside of the usual schedule, it is indicative of the importance of the security update. KB4100480 is a kernel update for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 that addresses CVE-2018-1038 problems.
Meltdown patches from Microsoft made Windows 7 and Windows Server 2008 less secure
If you're running Windows 7 and you've not yet installed the March updates, now is very much the time to do so. It turns out that the Meltdown patches released in January and February actually opened up a security hole in both Windows 7 and Windows Server 2008 R2.
A Swedish security researcher found that the patches changed access permissions for kernel memory, making it possible for anyone to read from and write to user processes, gain admin rights and modify data in memory.
Download Windows Server 2019 preview ahead of the launch later this year
Microsoft has revealed details about the upcoming Windows Server 2019. Due for release later in the year, there's a preview available for download right now, giving users the chance to try out the new features, including Linux and Kubernetes support.
Announcing the availability of the build to Windows Insiders, Dona Sarkar said that Microsoft is "pleased to release the first build of the Windows Server 2019 Long-Term Servicing Channel (LTSC) release that contains both the Desktop Experience as well as Server Core in all 18 server languages, as well as the first build of the next Windows Server Semi-Annual Channel release."
Microsoft releases Windows Server Insider Preview Build 16267, but forgets to add new features
The Windows Insiders program is both cool and annoying. It is cool because it lets enthusiast users experience new Windows features and contribute feedback to make the operating system better. It is a bit annoying, as these testers aren't paid for their volunteer efforts. Even worse, the Insider builds will seemingly never end, meaning some users will forever be using an unstable operating system. Yes, that is their choice, but sometimes people can't help themselves. Hell, it can be argued that their feedback is tainted, as they are maybe never really experiencing the stable releases.
Microsoft has chosen to expand the Insiders program to Windows Server too. Today, the company pushes out Server Preview Build 16267, but there is something weird -- the company forgot to include any new features! In fact, the announcement literally says "There are no new features in build 16267." OK, yes, I am being facetious (and a bit snarky) when I say Microsoft "forgot" to include features, as technically updates and fixes alone are worthy of a new build. Still, for all the effort put in by the testers, a feature or two would be appreciated -- throw em' a friggin' bone!
Windows Server containers get native support on Red Hat OpenShift
Microsoft and Red Hat have a longstanding enterprise cloud partnership, and today the two tech giants reveal an expansion which sees Windows Server containers receiving native support on the OpenShift platform.
Support for Windows Server containers on OpenShift will first be available as a Technology Preview next spring, before reaching general availability later down the road.
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.