• Tag Archives microsoft
  • Windows 10 Surveillance Platform weaponized into and back ported Implants delivered seamlessly to Windows 7 and 8 via Windows Update

    Windows 10 Surveillance Platform weaponized into and back ported Implants delivered seamlessly to Windows 7 and 8 via Windows Update

    You may or may not have noticed shenanigans in your windows based 7 and * machines.

    Microsoft likes the data they stream from windows 10 machines soo much that they decided to back port functionaly and carve out impants resulting in a of push 4 optional and 2 important windows updates

    They will appear in control panel installed updates as

    Optional
    “Update for Microsoft Windows (KB3068708)”
    “Update for Microsoft Windows (KB3075249)”
    “Update for Microsoft Windows (KB3080149)”
    “Update for Microsoft Windows (KB3022345)”

    Important
    “Update for Microsoft Windows (KB2952664)”
    “Update for Microsoft Windows (KB3021917)”

    If you have better things to do than hand eye troll through the list of installed updates then here are two approached to detect the SurveillanceWare Implants.

    The referenced KB’s are specific to the surveillance implants which target Windows 7 only. If your running windows 8, 8.1 or 10 your more than likely fighting much more of a loosing battle. So this section is specific so where it may be temporarily possible to remove the Implants.

    Detection – Open an elevated command prompt
    wmic QFE list full /format:texttablewsys | find “KB3068708”
    wmic QFE list full /format:texttablewsys | find “KB3022345”
    wmic QFE list full /format:texttablewsys | find “KB3075249”
    wmic QFE list full /format:texttablewsys | find “KB3080149”
    wmic QFE list full /format:texttablewsys | find “KB3021917”
    wmic QFE list full /format:texttablewsys | find “KB2952664”

    or alternatively detect with an update to the systeminfo command

    systeminfo | findstr “KB3068708 KB3022345 KB3075249 KB3080149 KB3021917 KB2952664”

    To start removal after optionally taking an evidence image or a system backup
    wusa /uninstall /kb:3068708 /quiet /norestart
    wusa /uninstall /kb:3022345 /quiet /norestart

    Then reboot seems required then continue
    wusa /uninstall /kb:3075249 /quiet /norestart
    wusa /uninstall /kb:3080149 /quiet /norestart
    wusa /uninstall /kb:3021917 /quiet /norestart
    wusa /uninstall /kb:2952664 /quiet /norestart

    ———- Windows 7, 8, 8.1 script to detect implants——-
    Here is a list and updated DIY detection ready scripting for all 14 (currently known) Surveillance implants. Including Implants for windows 8 and later.

    I guess they thought they could catch more fish with 14 baited lines.

    Here are two batch files . run the larger script to see whats detected.

    Open an elevated command prompt

    create a batch file
    Name: check-kb.bat

    Add the batch script content

    @echo off
    echo ‘ Only the first parameter is used in the search, the rest display context.
    echo ‘
    echo ‘
    echo Checking for %1 %2 %3 %4 %5 %6 %7 %8 %9 %10
    @echo on
    wmic QFE list full /format:texttablewsys | find “%1”
    @echo off

    Create a batch file, purpose is to check for currently known Implants.
    Name: checkfor_NPI_patches.bat

    Add the batch script content

    @echo off
    SetLocal
    REM — (as of 2015-08-26):
    cls
    call Check-kb KB3012973 – Opt in payload – Upgrade to Windows 10 Pro
    call Check-kb KB3021917 – Opt in payload – Update to benchmark Windows 7 SP1
    call Check-kb KB3035583 – Opt in payload – delivers reminder “Get Windows 10” for Windows 8.1 and Windows 7 SP1
    call Check-kb KB2952664 – Opt in payload – Pre launch day push of payload for compatibility update for upgrading Windows 7
    call Check-kb KB2976978 – Opt in payload – Pre launch day push of payload for Compatibility update for Windows 8.1 and Windows 8
    call Check-kb KB3022345 – Opt in payload – surveillance Telemetry [Replaced by KB3068708]
    call Check-kb KB3068708 – Opt in payload – Update for surveillance customer experience and diagnostic telemetry
    call Check-kb KB2990214 – Opt in payload – Update that prepares payload to Windows 7 to add surveillance in later installed versions of Windows
    call Check-kb KB3075249 – Opt in payload – Update that adds surveillance telemetry to Windows 8.1 and Windows 7
    call Check-kb KB3080149 – Opt in payload – Update for CIP and surveillance with diagnostic exfil leveraging telemetry
    call Check-kb KB3044374 – Opt in payload – Marketing Windows 10 surveillance payload to windows 8,8.1 devices
    call Check-kb KB2977759 – Opt in payload – Windows 10 surveillance Diagnostics Compatibility Telemetry HTTP request response
    call Check-kb KB3050265 – Opt in payload – Marking via Windows Update services opting in to Windows 10 surveillance Implant
    call Check-kb KB3068707 – Opt in payload – CIP telemetry request response check in for Windows 7,8,8.1

    Whatever Surveillance implants revealed in your machine, it can be removed with a customization of the wusa command, just replace the ??????? with the kb numbers reported.

    wusa /uninstall /kb:??????? /quiet /norestart
    ——-Housekeeping QA

    Housekeeping checks post removal additional steps. I can foresee someone will prophetically conclude a recommended step 5) Uninstall windows and install a secure *nix variant. Obligatorily mentioned in advance. Thanks.

    An eye on post removal Hinkyness had some hits after removals and reboots.

    1) Only two of the four uninstalled KB’s reappeared as available optional “Update for Windows 7 for x64 based Systems (KB3075249) and (KB3080149), another reappeared as

    Important “Update for Windows 7 for x64 based Systems (KB3068708)”

    The important one was the “Update for customer experience and diagnostic telemetry” Important to who, NSA?

    The “KB3068708″ Update for customer experience and diagnostic telemetry” did not reappear as an available patch. It may be dependent on one of the other three removed bits
    2) Before the uninstall, I had foresight to search the infected file system
    for .manifest with a common namespace string called assemblyIdentity which is set to a string value “Microsoft-Windows-Authentication-AuthUI.Resources”

    The before removal search listing files which matched the above search constraint yielded 62 matches in 52 manifest files.

    The after removal search listing of files which match the above search constraint yields 74 matches in 64 manifest files.
    Conclusion, the removal did not remove the manifest files pushed in the original infection.
    3) In a read of KB 3080149, it indicated it installed and updates / requires maintenance of a file named utc.app.json

    Before removal, the file file was found in 6 places on the infected filesystem
    After “removal” the file exists in the same 6 locations, same filesize just waiting for re-use and reinfection.

    discovered and removed using the disribed method 22 additional implants
    Found all 6 utc.app.json were removed and it had left two backup copies under the name utc.app.json.bk
    in
    C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings
    C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings
    in the same directory, found a backed up file telemetry.ASM-WindowsDefault.json.bk

    In order to see the hidden system directory, you must elevate to admin
    dir wont show the rest of the telemetry files unless you clear the files attributes
    An Elevated file explorer will show the files
    Files wont be readable until you change owner permissions or change your running user principal context to that which does allow access to the file.

    telemetry file content
    {
    “settings”: {
    “Microsoft-ApplicationInsights:::sampleRate”: “100”,
    “Microsoft-ApplicationInsights-Dev:::sampleRate”: “100”,
    “Microsoft-ApplicationInsights-Dev:::latency”: “Realtime”,
    “xbox.xsapi:::sampleRate”: “100”,
    “Office:::sampleRate”: “100”,
    “Skype:::sampleRate”: “100”,
    “Census:::sampleRate”: “100”,
    “Microsoft.Windows.Appraiser.General::ms.CriticalData:sampleRate”: “100”,
    “Microsoft.Windows.Appraiser.Instrumentation::ms.Telemetry:sampleRate”: “100”,
    “Microsoft.Windows.Compatibility.Asl::ms.Telemetry:sampleRate”: “5”,
    “Microsoft.Windows.Inventory.General::ms.CriticalData:sampleRate”: “100”,
    “MicrosoftTelemetry::ms.CriticalData:sampleRate”: “0”,
    “MicrosoftTelemetry::ms.Measures:sampleRate”: “0”,
    “MicrosoftTelemetry::ms.Telemetry:sampleRate”: “0”,
    “Setup360Telemetry::ms.CriticalData:sampleRate”: “100”,
    “SetupPlatformTel::ms.CriticalData:sampleRate”: “100”,
    “TelClientSynthetic:HeartBeat_5::sampleRate”: “100”
    }}
    content file of utc.app.json
    {
    “settings”: {
    “UTC:::GroupDefinition.MicrosoftTelemetry”: “f4-Redacted data-6aa”,
    “UTC:::CategoryDefinition.ms.CriticalData”: “140-Redacted data-318”,
    “UTC:::CategoryDefinition.ms.Measures”: “71-Redacted data-63”,
    “UTC:::CategoryDefinition.ms.Telemetry”: “321-Redacted data-32”,
    “UTC:::GroupDefinition.Microsoft-ApplicationInsights”: “0d-Redacted data-d0b”,
    “UTC:::GroupDefinition.Microsoft-ApplicationInsights-Dev”: “ba-Redacted data-3d”,
    “UTC:::GroupDefinition.xbox.xsapi”: “53b-Redacted data-af3”,
    “UTC:::GroupDefinition.Office”: “8DB-Redacted data-155”,
    “UTC:::GroupDefinition.Skype”: “9df-Redacted data-a89”,
    “UTC:::DownloadScenariosFromOneSettings”: “1”
    }

    To mitigate future infection, am considering removal alteration or perform a revocation of file permissions to utc.app.json and the hinky manifest files.

    4)Re the connections the malware opened, which may or may not have Mitm certificate pinning mitigation. My personal opinion is to mitigate by locking access to the data ex filtration end points.

    Firewall now blocks outbound access from your network to
    vortex-win.data.microsoft.com
    Name: VORTEX-cy2.metron.live.com.nsatc.net
    Address: 64.4.54.254
    Aliases: vortex-win.data.microsoft.com
    vortex-win.data.metron.live.com.nsatc.net
    vortex.data.glbdns2.microsoft.com

    settings-win.data.microsoft.com
    Non-authoritative answer:
    Name: OneSettings-bn2.metron.live.com.nsatc.net
    Address: 65.55.44.108
    Aliases: settings-win.data.microsoft.com
    settings.data.glbdns2.microsoft.com

    Chances are that anything outbound to “.data.microsoft” should likely be blackholed if you opt out of the “Idiots Do Opt Having Pervasive Surveillance Patches” IDOH-PSP program for short.

    Hope this helps to bring most of the malware workflow, as is early info on this new day of vendor sponsored in your face implants, info will likely be incomplete.


  • Complete Computer Repair – Apple and PC Services

    Professional Onsite Computer Repair

    Over 20 Years experience repairing laptop and desktop computers.

    Apple Computer Repair – Macbook Pro, Macbook Air, Imac, Macbook, Mac Repair

    Windows PC Repair – Dell, Acer, HP, Compaq, Dell, Sony, Toshiba, Lenovo, Asus, Samsung, MSi, Vizio, IBM Gateway and more

    Motherboard Repair  –  BGA repair,  BIOS Repair, SMD Repair, BGA Reflow, Video Repair

    Laptop Screen Repair  –  LCD Repair, Screen Repair, Laptop Repair, LED screens, LCD screens

    PC and Apple Virus Removal  –  Spyware Removal, Malware Removal, Rootkit Removal, Ransom Removal

    IT Network Specialist Analyst   Server Setup, Server installation, Server Configuration

    Complete Computer Repair Services Help and Support

     

    SAME DAY SERVICE 754-234-5598

     


  • Microsoft continues its legacy of spying on its windows users! Windows 10 Privacy Spy destroyer

    DISTROY WINDOWS 10 SPYING – Privacy Concerns

    Microsoft Windows 10 Software

    As we all know since windows 7 Microsoft has altered its operating system to be more user friendly and at the same time collect more user data on its customers, When windows 8 was launched , there were big changes including location platform and many more but now with the new Windows 10 release there are endless limitations on the collection of data being sent to Microsoft.

    Some group has released a piece of software which eliminates all apps, and blocks the data from being sent to Microsoft. I will not comment much on the software but see below what it does block.

    Also a new app by the name of DoNotSpy10 has been created by a German developer pXc-coding.

    Destroy Windows 10 Spying is an app that can block anonymous data being sent, remove apps that can’t be removed the standard way and more. I liked that it can remove some of the Windows default programs that can’t be removed under Apps & Features, an annoyance I immediately discovered since I prefer to “slim” down windows.

    I should note that there are still a few steps to complete, you’ll still need to go online to Microsoft’s site and opt out of the company’s invasive advertising tracking features when using DoNotSpy10 or other piece of software.

    It’s your own fault if you don’t know that Windows 10 is spying on you. That’s what people always say when users fail to read through a company’s terms of service document, right?

    Well, here is Microsoft’s 12,000-word service agreement. Some of it is probably in English. We’re pretty sure it says you can’t steal Windows or use Windows to send spam, and also that Microsoft retains the right to take possession of your first-born child if it so chooses. And that’s only one of several documents you’ll have to read through.

    Actually, here’s one excerpt from Microsoft’s privacy statement that everyone can understand:

    Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

    If that sentence sent shivers down your spine, don’t worry. As invasive as it is, Microsoft does allow Windows 10 users to opt out of all of the features that might be considered invasions of privacy.
    Some of the domains we know send anonymous information back to Microsoft include:
    vortex.data.microsoft.com
    vortex-win.data.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    redir.metaservices.microsoft.com
    choice.microsoft.com
    choice.microsoft.com.nsatc.net
    df.telemetry.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    sqm.df.telemetry.microsoft.com
    telemetry.microsoft.com
    watson.ppe.telemetry.microsoft.com
    telemetry.appex.bing.net
    telemetry.urs.microsoft.com
    telemetry.appex.bing.net:443
    settings-sandbox.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    survey.watson.microsoft.com
    watson.live.com
    watson.microsoft.com
    statsfe2.ws.microsoft.com
    corpext.msitadfs.glbdns2.microsoft.com
    compatexchange.cloudapp.net
    cs1.wpc.v0cdn.net
    a-0001.a-msedge.net
    statsfe2.update.microsoft.com.akadns.net
    sls.update.microsoft.com.akadns.net
    fe2.update.microsoft.com.akadns.net
    diagnostics.support.microsoft.com
    corp.sts.microsoft.com
    statsfe1.ws.microsoft.com
    pre.footprintpredict.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    feedback.windows.com
    feedback.microsoft-hohm.com

    feedback.search.microsoft.com
    rad.msn.com
    preview.msn.com
    ad.doubleclick.net
    ads.msn.com
    ads1.msads.net
    ads1.msn.com
    a.ads1.msn.com
    a.ads2.msn.com
    adnexus.net
    adnxs.com
    az361816.vo.msecnd.net
    az512334.vo.msecnd.net

    www.CCREPAIRSERVICES.COM

    Local and Online PC Computer Repair Tel. 754-234-5598

    FAST SAME DAY COMPUTER REPAIR, VIRUS REMOVAL, CRYTOWALL FILE RECOVERY AND LAPTOP SCREEN REPAIR SERVICE


  • Microsoft PowerPoint Vulnerable to Zero-Day Attack

    New Windows zero day being exploited through PowerPoint

    Summary: A vulnerability exists in Windows OLE for all versions except Server 2003. The company has released a workaround to block known attacks, but newer attacks could still get through.

    Microsoft has disclosed a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The attack is being exploited through limited, targeted attacks using Microsoft PowerPoint.

    Microsoft has released a Fix it “OLE packager Shim Workaround” that should stop the known PowerPoint attacks. It does not stop other attacks that might be built to exploit this vulnerability. The Fix it is not available for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1.

    There are some important mitigating factors for this problem. It is a remote code execution vulnerability, so if a user opens an affected Office document, the attacker would gain control of the system with the same privileges as the user. Using Windows with limited permissions limits the damage this attack can cause.

    Microsoft reports that in the attacks they know of, a User Account Control (UAC) prompt was raised when the user opened the document. This is not typical behavior and should alert many users that something is wrong.

    Attacks could be sent through files other than Microsoft Office documents, if the handling application supports OLE objects. In reality, Office documents are the obvious vehicle for spreading such an attack.

    The security advisory describing the problem also includes instructions for configuring the Enhanced Mitigation Experience Toolkit 5.0 to protect against the known attacks.

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw

    Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild

    As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations’ networks.

    Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations.

    Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim’s entire system.

     

    According to the researchers at FireEye, the two of three so-called zero-day flaws are being actively exploited in the wild by hackers and are being used as “part of limited, targeted attacks against some major corporations.”

    Microsoft updates for the month of October 2014 Patch Tuesday address several vulnerabilities in all currently supported versions of Windows, Internet Explorer, Office, Sharepoint Server and the .Net framework. Three of the bulletins are marked “critical” and rest are “important” in severity. Systems administrators are recommended to apply the patches immediately for the critical updates.

    The zero-day flaw (CVE-2014-4114) discovered by iSight partners in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the “Sandworm” cyberattack, are patched as part of MS14-060. Microsoft rated Bulletin MS14-060 as important rather than critical because it requires a user to open a Microsoft Office file to initiate the remote code execution.

    The vulnerability [exists in Windows OLE] could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object,” Microsoft warned in its bulletin. “An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.” (OLE is Microsoft technology for creating complex documents that contain a combination of text, sound, video and other elements.)

    However, the two zero-days discovered by FireEye are patched as part of MS14-058 and are marked critical. They are designated CVE-2014-4148 and CVE-2014-4113.

    We have no evidence of these exploits being used by the same actors. Instead, we have only observed each exploit being used separately, in unrelated attacks,” FireEye explained.

    CVE-2014-4148 exploits a vulnerability in TrueType Font (TTF) processing. TTF processing is performed in kernel mode as part of the GDI and has been the source of critical vulnerabilities in the past as well.

    The vulnerability affects Windows 8.1/Windows Server 2012 R2, Windows 8/Windows Server 2012, Windows 7/Windows Server 2008 R2 (Service Pack 0 and 1) and Windows XP Service Pack 3. It affects both 32-bit and 64-bit versions of the Operating System, but the attacks have only been observed against 32-bit systems.

    However, CVE-2014-4113 is a local Elevation of Privilege (EoP) vulnerability that affects all versions of Windows including Windows 7, Vista, XP, Windows 2000, Windows Server 2003/R2, Windows Server 2008/R2, Windows 8.x and Windows Server 2012/R2.

    Out of remaining bulletins, two are rated critical, both address remote code execution vulnerability in Internet Explorer and Microsoft .NET Framework respectively. Remaining bulletins are rated important in severity, include elevation of privilege bugs, Security Feature Bypass, and a remote code execution flaw.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • ONE MILLION people already running Windows 10

     

    Microsoft announced early this week that they have released a Technical Preview of Windows 10. This sounds awesome. Because I always loved the moment when new OS release comes from Microsoft. People were expecting Windows 9 after the previous 8.1 but it was quite surprising that Microsoft Skipped 9 and released Windows 10.

    Microsoft has revealed that a million people have signed up for the Windows Insider Program it is using to offer early access to Windows 10 for those willing to test the operating system’s early iterations.

    Of those crash test dummies, Redmond says 36 per cent are running the OS in a virtual machine.That leaves about 650,000 people running Windows 10 on bare metal.

    Microsoft says

    “Insiders” have delivered “over 200,000” pieces of feedback. If the list of most-requested features Microsoft has presumably allowed to reach Paul Thurrott’s Supersite for Windows is any guide, feedback is not coming from sysadmins: most requests concern minor UI tweaks and aesthetics, although “Make it easier to use a local account” is the third-most-requested new feature.

     

    SNEAKPEAK

    Well if you are not familiar with previous release then Download Windows 8.1 ISO first. Then you can have better picture what changes Microsoft brought in this Metro Style User Interface. There was large community which was preferring Windows 7 on these new Metro Interface operating Systems. That’s why Microsoft had to take a new step. This time they created a Mix of Windows 7 and Windows 8 to create the New Windows 10.

    Windows 10 Download ISO 64 bit Free

    Features of Windows 10 Technical Preview

    Below are some noticeable improvements which you’ll get after Windows 10 Download ISO 32 Bit 64 Bit.

    • New Cleaned Start Menu.
    • Mix of Windows 7 Menu and Windows 8 Metro Interface.
    • Virtual Desktops Feature.
    • Task View Option with Arrays of Virtual Desktops.
    • Dynamically Resizing of Windows Apps.
    • Huge Search Improvements.

    More Features can be seen when you Download Windows 10 ISO.

    Windows 10 Download ISO 32 Bit 64 Bit

    Windows 10 Technical Specs

    • Software Full Name: Windows 10 Technical Preview 32 Bit 64 Bit English
    • Setup File Name: WindowsTechnicalPreview-x86-EN-US.iso (32 Bit), WindowsTechnicalPreview-x64-EN-US.iso (64 Bit)
    • Full Setup Size: 2.93 GB (32 Bit), 3.81 GB (64 Bit)
    • Setup Type: Offline Installer / Full Standalone Setup:
    • Compatibility Architecture: 32 Bit (x86) / 64 Bit (x64)
    • Latest Version Release Added On: 2nd Oct 2014
    • License: Free
    • Developers: Microsoft

    Minimum System Requirements for Windows 10

    Before you start Windows 10 Download ISO 32 Bit 64 Bit, Make sure you PC meets minimum system requirements.

    • Processor: 1 GHz
    • Memory (RAM): 1 GB (For 32 Bit), 2 GB (For 64 Bit)
    • Space: 16 GB Free Hard Disk Space

    Microsoft’s not saying when the feedback will result in a new release of of the OS, or when it will go on sale. ®


  • New Zero Day Vulnerability Found In Internet Explorer All versions


    A new zero-day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday.

    The vulnerability, which could allow remote code execution, is being used in “limited, targeted attacks,” according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm FireEye, which first reported the flaw Friday.

    The attack leverages a previously unknown “use after free” vulnerability — data corruption that occurs after memory has been released — and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.

    The vulnerability is currently being exploited by a group of hackers targeting financial and defense organization in the US, FireEye told CNET.

    “The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past,” FireEye said. “They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”

    FireEye said the flaw was significant because it affects more than a quarter of the total browser market.

    “Collectively, in 2013, the vulnerable versions of IE accounted for 26.25% of the browser market,” FireEye said in its advisory.

    An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.

    “The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” Microsoft said. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”

    Microsoft said it is investigating the vulnerability and may issue an out-of-cycle security update to address the issue.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere



  • Microsoft Going through your emails!!

    Outlook.png
    MS Outlook Ad

    What Microsoft Says

    Microsoft Corporation once advertised, “We don’t go through your email to sell ads.” What Microsoft does instead is go through your email for everything else.

    Microsoft is establishing a way for major Internet Service Providers to get away with accessing and using actual communications of customers while couching everything under “protection.” The violation goes way beyond the collection and storage of data while not even violating Microsoft’s own Privacy Policy or Terms of Service.

    Since Microsoft and all the other big ISPs are now allowed by the Electronic Communications Privacy Act to read and disclose its customers communications (email, blogs, texts, chat), the law itself protects Microsoft and all ISPs and gives them a way out since they stand on the premise that the data belongs to them, so there is no expectation of privacy. Where does that leave you, the consumer, and what does it mean for journalists?

    Recently Microsoft, without a court order, accessed the private emails and chat communications between one of its customers who was blogging with an ex MS employee. The employee did break the law,but Microsoft sidestepped legal process to gather the evidence on its own and then turn it over to authorities who proceeded to arrest the individual.

    The current Administration has repeatedly assured us that the ISPs are innocently collecting and simply storing data in the name of national security’ in order to keep us all safe from terrorism. Not true since there is a little backdoor which allows Microsoft (because it can) to go in and search and read and use details of communications of its customers. In this case, Microsoft did just that by accessing the Hotmail account (which is now Outlook and owned by MS) of a customer because they wanted to use the information they found to go after an ex-employee.

    It appears that ISPs get to invade customer communications because it is in THEIR best interest since the ECPA law was recently interpreted and changed to allow ISPs to get away with whatever they want to. What happened to due process? It is apparent that the bottom line is all that matters for the ISP.

    In this particular case, Microsoft did not go to a judge or get a court order; and despite the public being assured that ISPs will not misuse the data they are ‘collecting and storing’, remember, they dont have to any more. Microsoft considers this information to belong to them in the first place.

    After Microsoft came under fire for the incident, John Frank, Microsoft General Counsel, issued a statement that included magnificent double speak to convince us all that MS is only protecting their customers and justifying the action by saying his company “took extraordinary actions based on the specific circumstances” to “protect our customers and the security and integrity of our products.”

    Oh yes, the action Microsoft took was indeed extraordinary.

    Frank went on to justify the legal reasoning guiding Microsoft’s actions and explained how Microsoft adhered to its own terms of service as it was determined by its own investigation. Frank said that courts do not “issue orders authorizing someone to search themselves, since obviously no such order is needed,” basing his argument on Microsoft owns the data so they just don’t need a court order to go get whatever they want or target whomever they choose.

    Frank added that Microsoft will not search customer email (and other communications) unless it would justify a court order if one were available. The fact is that if Microsoft does not follow legal procedures in the first place or attempt to get a court order, then of course there wont be one ‘available’ so he establishes the way out of following any due process.

    Frank also made sure to tell us how Microsoft has had our backs and even has their very own internal process set up that is designed to protect customers from Microsoft deciding to grab emails and using the specific information. Part of the plan apparently involves an internal legal staff that operates independently from another internal department to jointly determine if a court order would otherwise be issued by a judge before they can go in (internally) and grab all your actual communications. Lots of ‘internal’ machinations go into the very internal determination. They even announced they will now follow extra steps and submit their evidence (noteevidence they already have collected) to an outside attorney to review.

    One can safely assume Microsoft is paying this outside attorney as a consultant with a CDA in place, so of course this outside attorney is really an inside attorney on the side of MS, and this statement is simply double speak to make Microsoft look good. “Oh, we are hiring an outside attorney who used to be a former judge even! And he will help us determine if it’s okay for us to use emails and chat conversations of our customers before we decide to go use it.”

    With the loss of Net Neutrality and the recent changes in the law that favor their bottom line, the ISPs like Microsoft, Google, Yahoo, can pretty much do what they want now and charge what they want. This is only the beginning of the double speak but there are still people who can see through. And, it’s not half way in and half way out, its never halfway when only the consumer is losing.

    The incident should raise major red flags among bloggers and journalists who use Microsoft and other ISP services to communicate and do research, particularly when it comes to protection of sources.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • Microsoft announces vulnerability when viewing RTF documents in Word

    Microsoft yesterday announced a new vulnerability in Word where specially crafted RTF files could cause your computer to execute commands without your permission. Microsoft Security Advisory (2953095) explains how attackers are currently using this vulnerability to execute commands on computers that open these types of RTF documents. This vulnerability also exists in Outlook if it is configured to use Word as its email viewer.

    The advisory states:

    Quote

    Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

    At this point there is no patch available, but Microsoft has released a Fixit that can be used to disable the opening of RTF content in Word. This fixit should be used by all users of Word until an official patch is released.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • Ex-Microsoft employee charged with leaking trade secrets

    Allegedly gave pre-release Windows info to a blogger.

    A former employee of Microsoft is facing criminal charges after he allegedly passed trade secrets to a blogger in France, US court documents showed.

    Russian national Alex Kibkalo, a former Microsoft employee in Lebanon and Russia, admitted to Microsoft investigators that he provided confidential company documents and information to the blogger, documents from a Seattle federal court showed.

    The blogger, who was not identified, was known to those in the Microsoft blogging community for posting screenshots of pre-release versions of the Windows operating system. The blogger hid his identity stating falsely that he was from Quebec, according to the documents.

    An internal investigation by Microsoft revealed unauthorised transmissions of proprietary and confidential trade secrets, according to the court documents. An email from Kibkalo was found within the blogger’s Hotmail account, establishing that he shared confidential data.

    “We take protection of our intellectual property very seriously, including cooperating with law-enforcement agencies who are investigating potential criminal actions by our employees or others,” a Microsoft spokesman said in a statement.

    A lawyer representing Kibkalo could not be reached for comment immediately.

    The court documents said during interviews, the blogger admitted to posting information on Twitter and his websites and selling Windows Server activation keys on eBay.

    According to Microsoft’s investigation, in July and August 2012, Kibkalo uploaded proprietary software including pre-release software updates of Windows 8 RT, as well as the Microsoft Activation Server Software Development Kit (SDK) to a computer in Washington and subsequently to his personal Windows Live SkyDrive account.

    Kibkalo, who worked with Microsoft for seven years, received a poor performance review in 2012 and threatened to resign if the review was not amended, the documents showed.

    According to an FBI agent who was part of the investigation, Kibkalo has relocated to Russia and based on a LinkedIn account, he is currently working for another US-based technology company with offices in Moscow and St. Petersburg.

     

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • Windows 8 had more vulnerabilities than previous versions of Windows

    Microsofts Windows 8 platform has been tagged by security research firm Secunia as being the most vulnerable Windows platform on the market….according to their research, Windows 8 had more vulnerabilities than previous versions of Windows that are currently supported by Microsoft for 2013….the answer is quite simple; Flash. Because Flash is now baked into the modern instance of IE, any Flash vulnerability can now be tied into Windows 8 as well.

    flashwin8.png

    Visit www.ccrepairservices.com for all latest computer repair and related news online