Updated:05:48 PM EST Nov 18


this is ggmania.com subsite Wormable Windows bug could lead to another WannaCry - TechAmok

TOP STORIES

HEADLINES

7nm Intel Xe GPUs Codenamed 'Ponte Vecchio'
Windows 10 Nov 2019 Update 1909 Released
iPhone 11 Pro vs Original iPhone!
OZZY OSBOURNE - "Under the Graveyard"
NVIDIA Releases GeForce 441.12 WHQL Game Ready Drivers
Death Stranding Rick & Morty ad
2020 Mercedes-Maybach S 650 BRABUS 900 - Details
Slipknot - Psychosocial in 25 styles
No shots Dr. Vet man! I am fierce! Ok, one shot... But I didn't
PCI-Express Gen 6.0 Specification to Finalize by 2021
Greta Thunberg sings Swedish Death Metal
2 Hands 2 Drawings at the same Time - DP Truong
Naruto Running in Area 51
App vs website
Experiment: Coca Cola and Mentos Under Water
Wi-Fi 6 Launches Today As 802.11ax
How Close Are We to Immortality?
20 MOST EMBARRASSING MOMENTS IN SPORTS

Google Stadia - Early reviews
Why Car Windows Have Little Black Dots
Google Maps Can Now Speak Aloud Places in Foreign Languages
NVIDIA Announces Financial Results for Third Quarter Fiscal 2020
AMD Releases Radeon Software Adrenalin 19.11.2
7nm Intel Xe GPUs Codenamed 'Ponte Vecchio'
Insane SpaceX Starlink Pass Nov 12, 2019
Minecraft Earth Launches in US
Windows 10 Nov 2019 Update 1909 Released
NVIDIA Releases GeForce 441.20 WHQL Drivers
Samsung Faces Factory Contamination
The Best Selling Recording Artists From 1969 To 2019
Which is the best graphics card for Red Dead Redemption 2?
iPhone 11 Pro vs Original iPhone!
New Alcatel 3V Offers Huge Screen and Battery
Google Expands Effort to Block Bad Apps
OZZY OSBOURNE - "Under the Graveyard"
AMD Announces Ryzen 9 3950X

Wormable Windows bug could lead to another WannaCry - [security]
05:25 PM EDT - May,14 2019 - post a comment

Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven't been supported in four and five years, respectively. "This vulnerability is pre-authentication and requires no user interaction," Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company's May Update Tuesday release. "In other words, the vulnerability is wormable, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

As if a self-replicating, code-execution vulnerability wasn't serious enough, CVE-2017-0708 (as the flaw in Windows Remote Desktop Services is indexed) requires low complexity to exploit. Microsoft's Common Vulnerability Scoring System Calculator scores that complexity as 3.9 out of 10. (To be clear, the WannaCry developers had potent exploit code written by, and later stolen from, the National Security Agency, to exploit the wormable CVE-2017-0144 and CVE-2017-0145 flaws, which had exploit complexities rated as "high.") Ultimately, though, developing reliable exploit code for this latest Windows vulnerability will require relatively little work.

Bartholomew said network firewalls and other defenses that block the RDP service would effectively stop the attack from happening. But as the world learned during the WannaCry attacks, those measures often fail to contain damage that can collectively cost billions of dollars. Independent researcher Kevin Beaumont, citing queries on the Shodan search engine of Internet-connected computers, said here that about 3 million RDP endpoints are directly exposed.

Besides Windows 2003 and XP, CVE-2019-0708 also affects Windows 7, Windows Server 2008 R2, and Windows Server 2008. In a testament to Microsoft's steadily improving security, later versions of Windows aren't at risk.

Short overview of recent news articles

Nov,06 2019 Seagate's Roadmap Calls for 18TB, 20TB Drives in 2020,50TB by 2026
Nov,06 2019 Microsoft's New Unified Office App Available in Public Preview
Nov,06 2019 Google Play Launches Points Rewards Program in US
Nov,06 2019 Epic Games Store exploit allows you to play and keep a game forever
Nov,05 2019 Microsoft Unveils Project Silica
Nov,04 2019 NVIDIA Releases GeForce 441.12 WHQL Game Ready Drivers
Nov,03 2019 Arnold Schwarzenegger Breaks Down His Most Iconic Characters
Nov,03 2019 Death Stranding Rick & Morty ad
Nov,03 2019 How This Blob Solves Mazes
Nov,01 2019 AT&T Tweaks Unlimited Plans
Nov,01 2019 Google Buys Fitbit
Nov,01 2019 Diablo 4 has been officially announced
Oct,31 2019 How a Single Math Error Caused a $500 Million Satellite to Crash
Oct,31 2019 Intel Ice Lake-SP and Cooper Lake-SP Details Leaked
Oct,31 2019 Netflix's The Witcher live-action series trailer
Oct,31 2019 Salma Hayek shows off her curves in seductive beach video
Oct,28 2019 Intel Announces Core i9-9900KS
Oct,28 2019 Apple AirPods Pro Add Active Noise Cancellation
Oct,27 2019 Supercars Accelerating - AC SCHNITZER ACS8, F12Tdf, BRABUS 700...
Oct,27 2019 2020 Mercedes-Maybach S 650 BRABUS 900 - Details
Oct,27 2019 What Happens When Lightning Strikes a Plane
Oct,27 2019 How Your Cat Is Secretly Psychologically Manipulating You
Oct,27 2019 Lenovo ThinkPad P1 unboxing and first impressions
Oct,26 2019 Netflix Testing Variable Speed Playback on Android
Oct,25 2019 Star Wars: The Rise of Skywalker - Final Trailer
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs