Updated:06:44 AM EDT Jul 17


this is ggmania.com subsite Wormable Windows bug could lead to another WannaCry - TechAmok

TOP STORIES

HEADLINES

Ryzen 9 3900X & Ryzen 7 3700X Review
3-Second Video Of A Cat Jumping Over A Gate
Emily Ratajkowski Dancing GIF
Fast & Furious Presents: Hobbs & Shaw - Final Trailer
Intel to Cut Prices of its Desktop Processors by 15%
Succubus Trailer
DXR Tech Demo
Terminator: Dark Fate - Official Teaser Trailer (2019)
How to Download the Windows 10 1903 ISO from Microsoft
20mm vs Aluminium Blocks
71-Year-Old Arnold Schwarzenegger Is Barely Fazed By Running Drop
NVIDIA's earnings in Q1 FY20 down by 31% compared to Q1 FY19
Inexplicable Rubik's Cube Magic Trick!
GOG.com is offering the first Witcher game for free
Google debuts 'next-generation' Assistant
How Viagra Made Pfizer Billions Before Generics
Tesla Will Release Fully Self-driving Cars in 2019
Catch-22 Trailer (Official)

Elon Musk's Neuralink Says Itís Ready for Brain Surgery
Nokia 2.2 Offers Small-Notch Design for $140
Apple's 2019 MacBook Air is significantly slower than last one
NVIDIA Won't Launch GeForce RTX 2080 Ti Super
3 FROM HELL Official Trailer (2019) Rob Zombies, Horror Movie
HyperX Announces First Wireless Headset Under $100
DOOM: Annihilation is set to arrive at the start of October
The King's Man - Official Teaser Trailer
Snapdragon 855 Plus Brings More Power to Gaming Phones
ASUS Begins Enabling Limited PCIe Gen 4.0
Why It's Nearly Impossible To Return A Serve Going 160 MPH
AMD Retires the Radeon VII Less Than Five Months Into Launch
Age of Wonders III is free on Steam
Hulu now supports 4K streaming on Apple TV and Chromecast Ultra
Snowball the cockatoo has 14 distinct dance moves
Feasting Shark Swallowed Whole in Cruel Twist of Fate
Intel "Comet Lake" Not Before 2020, "Ice Lake-S" Not Before
Qualcomm, T-Mobile Successfully Test First Full-Featured 5G Modem

Wormable Windows bug could lead to another WannaCry - [security]
05:25 PM EDT - May,14 2019 - post a comment

Microsoft is warning that the Internet could see another exploit with the magnitude of the WannaCry attack that shut down computers all over the world two years ago unless people patch a high-severity vulnerability. The software maker took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven't been supported in four and five years, respectively. "This vulnerability is pre-authentication and requires no user interaction," Simon Pope, director of incident response at the Microsoft Security Response Center, wrote in a published post that coincided with the company's May Update Tuesday release. "In other words, the vulnerability is wormable, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware."

As if a self-replicating, code-execution vulnerability wasn't serious enough, CVE-2017-0708 (as the flaw in Windows Remote Desktop Services is indexed) requires low complexity to exploit. Microsoft's Common Vulnerability Scoring System Calculator scores that complexity as 3.9 out of 10. (To be clear, the WannaCry developers had potent exploit code written by, and later stolen from, the National Security Agency, to exploit the wormable CVE-2017-0144 and CVE-2017-0145 flaws, which had exploit complexities rated as "high.") Ultimately, though, developing reliable exploit code for this latest Windows vulnerability will require relatively little work.

Bartholomew said network firewalls and other defenses that block the RDP service would effectively stop the attack from happening. But as the world learned during the WannaCry attacks, those measures often fail to contain damage that can collectively cost billions of dollars. Independent researcher Kevin Beaumont, citing queries on the Shodan search engine of Internet-connected computers, said here that about 3 million RDP endpoints are directly exposed.

Besides Windows 2003 and XP, CVE-2019-0708 also affects Windows 7, Windows Server 2008 R2, and Windows Server 2008. In a testament to Microsoft's steadily improving security, later versions of Windows aren't at risk.

Short overview of recent news articles

Jul,11 2019 Sprint Launches 5G in Chicago
Jul,10 2019 25 million Android devices get infected
Jul,10 2019 Intel 10th Generation Core "Comet Lake" Lineup Detailed
Jul,09 2019 NVIDIA GeForce 431.36 WHQL driver
Jul,09 2019 Stromboli Volcano Erupted Caught On Camera From A Sailboat
Jul,09 2019 Qualcomm Raises the Floor for Entry-Level Android Phones With
Jul,09 2019 Microsoft is injecting ads to install apps into Android
Jul,07 2019 AMD Radeon Software Adrenalin 2019 Edition 19.7.1 driver
Jul,07 2019 Ryzen 9 3900X & Ryzen 7 3700X Review
Jul,06 2019 3-Second Video Of A Cat Jumping Over A Gate
Jul,06 2019 Card Trick Wizard Sets The Record For Fastest Unsolvable Trick
Jul,06 2019 AMD to Cut RX 5700-series Prices at Launch
Jul,05 2019 AOC Unveils Two New Agon Gaming Monitors with 240Hz / 0.5ms
Jul,04 2019 NVIDIA's next-generation GPUs coming out in 2020
Jul,04 2019 Apple Uses AR To Fix Your Eyes During FaceTime in iOS 13
Jul,04 2019 Emily Ratajkowski Dancing GIF
Jul,03 2019 Cyberpunk 2077's Fictional Band Samurai
Jul,03 2019 Outlook for iOS gets support for shared mailboxes
Jul,03 2019 Samsung has reportedly fixed the protective film on the Galaxy Fold
Jul,02 2019 Paris Hilton Talk Cars
Jul,02 2019 Fast & Furious Presents: Hobbs & Shaw - Final Trailer
Jul,02 2019 Microsoft Teases All-New Windows 1.0
Jul,02 2019 NVIDIA announces the GeForce RTX 2060/2070/2080 SUPER GPUs
Jul,01 2019 TechPowerUp GPU-Z 2.22.0 Released
Jul,01 2019 Firefox for Android Gaining Ad Tracking Protection
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs