NSA announcement advises 'legacy' Windows users to patch their machines against 'BlueKeep'...

HyperPete

TS Enthusiast
For all the users you've now terrified into wondering if their computer is vulnerable, how about providing:

1) A way for users to check to see if the patch is missing/installed on their system.
2) A link to where they can download the patch for their OS.

Your "patches Do Exist" link merely links to another TS post. Not cool. :(
For Windows 10:
How to create a Windows Update shortcut on your desktop
  • Right-click an empty spot on your desktop.
  • Click New.
  • Click Shortcut.
  • Type ms-settings:windowsupdate.
  • Click Next.
  • Type Windows Update or whatever you'd like to name the shortcut.
  • Click Finish.
-------------------------------------------------------------------------------------------------------------

For Windows 7:
How to create a Windows Update shortcut on your desktop

  • Right-click an empty spot on your desktop.
  • Click New.
  • Click Shortcut.
  • Type %windir%\System32\rundll32.exe url.dll,FileProtocolHandler wuapp.exe

    OR

    %windir%\explorer.exe shell:::{36eef7db-88ad-4e81-ad49-0e313f0c35f8}
  • Click Next.
  • Type Windows Update or whatever you'd like to name the shortcut.
  • Click Finish.
 
R

retsxel

For Windows 10:
How to create a Windows Update shortcut on your desktop
  • Right-click an empty spot on your desktop.
  • Click New.
  • Click Shortcut.
  • Type ms-settings:windowsupdate.
  • Click Next.
  • Type Windows Update or whatever you'd like to name the shortcut.
  • Click Finish.
-------------------------------------------------------------------------------------------------------------

For Windows 7:
How to create a Windows Update shortcut on your desktop

  • Right-click an empty spot on your desktop.
  • Click New.
  • Click Shortcut.
  • Type %windir%\System32\rundll32.exe url.dll,FileProtocolHandler wuapp.exe

    OR

    %windir%\explorer.exe shell:::{36eef7db-88ad-4e81-ad49-0e313f0c35f8}
  • Click Next.
  • Type Windows Update or whatever you'd like to name the shortcut.
  • Click Finish.
This is only helpful to those who are willing to trust Microsoft or don't need to worry about trusting them. Because of antics in the recent past, not everyone does or wants to. Thus alternatives are always desired.
 
R

retsxel

@HyperPete & @lexster

The PIS*ING contest dilutes the importance of the subject -- shame on both of you. Break those narcissistic mirrors and just provide "a solution that works for me". Someone might actually comment Thank You :grin:
Context is important. What do you think you've missed here?
 
R

retsxel

IMO, nothing.
You know what they say about opinions...
You two have created a hostile environment of playing "King of the mountain" as if TS users are somehow going to vote one of you as the Master Of Security! Humbug!!
Except that we're generally agreeing with each other. Our comments have been complementary and respectful, not antagonistic as you suggest. That's the context you've clearly missed.
Offer solutions and stop the pis*ing contest as there's always something that can be gleaned from everyone.
Both of us have offered solutions in some detail. HyperPete recommended the patches and properly configuring Windows Update. I offered an alternate solution.
I've been doing this for sometime too (see the profile) but system and security is a moving target and what worked yesterday needs updates for today's systems.
Thanks for the input. Now I ask you, how did that contribute to the conversation? Do you offer an agreement to one or the other of us? Did you offer an alternate solution to the problem addressed in the article? All I see is someone attempting to start the very same drama he claims is already going on.

HyperPete and I are doing just fine. Please stop making mountains out of mole-hills. Thank You.
 
  • Like
Reactions: HyperPete
R

retsxel

IMO, nothing. You two have created a hostile environment of playing "King of the mountain" as if TS users are somehow going to vote one of you as the Master Of Security! Humbug!! Offer solutions and stop the pis*ing contest as there's always something that can be gleaned from everyone.

I've been doing this for sometime too (see the profile) but system and security is a moving target and what worked yesterday needs updates for today's systems.
Are you done trolling?
 

HyperPete

TS Enthusiast
  • Like
Reactions: retsxel

HyPeroxya

TS Enthusiast
Is linux equally as vuln to these hacks? they are chip level zombieload/rowhamer , so I presume they run as machine code/asssembler ...
One way to prevent would surely be to run a (fresh every time) w/xp in a fully snadboxed VM under warp/BEOS etc
 
R

retsxel

Is linux equally as vuln to these hacks? they are chip level zombieload/rowhamer , so I presume they run as machine code/asssembler ...
One way to prevent would surely be to run a (fresh every time) w/xp in a fully snadboxed VM under warp/BEOS etc
All versions of Linux are completely immune to WannaCry and BlueKeep both.
 
  • Like
Reactions: HyperPete

HyperPete

TS Enthusiast
All versions of Linux are completely immune to WannaCry and BlueKeep both.
'nix systems are themselves, but Samba could be vulnerable to the same kind of vulnerability. See https://www.samba.org/samba/security/CVE-2017-7494.html for details. Note that this CVE was released in 2017.

As I have been saying from the outset, the very best thing that most people can and should do, is to apply their operating system's (and associated software's) security updates when they are released. As you have pointed out, there are other ways to protect one's self, but most people have neither the knowledge nor the inclination to do so.

My two cents, ymmv.
 
  • Like
Reactions: jobeard
R

retsxel

'nix systems are themselves, but Samba could be vulnerable to the same kind of vulnerability. See https://www.samba.org/samba/security/CVE-2017-7494.html for details. Note that this CVE was released in 2017.
While that's a good point, Samba is a Windows code replication environment that acts a interface between Windows networks and 'nix OS. I just don't see anyone taking advantage of that attack vector the same way that Windows was hit, for two reasons;

1. Any OS using Samba is going to be greatly more difficult to penetrate than Windows even if the initial stage of such an attack is successful, and..

2. Market saturation and audience participation. 'nix users are far more tech savvy and will actively resist such efforts. Couple that with the fact that 'nix based systems are(unfortunately) in the minority in the world. The effort to create malware based on that attack vector is extremely unlikely to yield results that are worth the greater effort required.
 
  • Like
Reactions: HyperPete