Windows 10: NSA Reported Security Vulnerability Patch Hardware Dependent?

Discus and support NSA Reported Security Vulnerability Patch Hardware Dependent? in AntiVirus, Firewalls and System Security to solve the problem; My HP Compaq nc6120 runs Windows 10 1709 with all the quality updates currently offered by Windows Update. Reading about the recent NSA reported... Discussion in 'AntiVirus, Firewalls and System Security' started by Brian Horton, Jan 19, 2020.

  1. NSA Reported Security Vulnerability Patch Hardware Dependent?


    My HP Compaq nc6120 runs Windows 10 1709 with all the quality updates currently offered by Windows Update. Reading about the recent NSA reported security vulnerability, I downloaded patch KB4534276 from http://www.catalog.update.microsoft.com/ and ran it; after about 10 minutes it said something like ‘This update is not applicable to your machine’. Does anyone know whether the vulnerability is actually hardware dependent?

    Brian

    :)
     
    Brian Horton, Jan 19, 2020
    #1
  2. Yukikaze Win User

    WPA2 Vulnerability Found

    A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

    Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
    The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

    Source: {{windowTitle}}
     
    Yukikaze, Jan 19, 2020
    #2
  3. keiser__ Win User
    Patching windows 10 vulnerabilities

    Hi,

    I'm new to windows and to the community so excuse me if I miss some community guidelines.

    I've installed windows 10 (build number 14390) a few days ago, and today out of paranoia run a vulnerability scan using retina community. The report came out very colorful (6 high risk vulnerabilies) . I have almost nothing installed apart from the following:

    • Visual Studio Code
    • Visual Studio Community edition
    • Cmder
    • MongoDb/Nodejs with some Npm modules
    • VLC
    I was confused by the fact that almost all the vulnerabilities were Microsoft Office or Microsoft VB6 related and I don't have any of that installed.

    Any idea where should I look for patches or how to proceed to fix those problems?

    The report included links for Microsoft security bulletins related to each problem but I could not find any software I have installed in order to update it.

    I think it goes without saying that I install all the updates Microsoft update finds daily.

    Thank you for your time.
     
    keiser__, Jan 19, 2020
    #3
  4. t0yz Win User

    NSA Reported Security Vulnerability Patch Hardware Dependent?

    Mitigating the last "L1 terminal fault" vulnerabilities - possible or not?

    I've read that, thanks.

    If what you saying is true, this is a departure from how previous vulnerabilities were described, and just adds confusion. The previous way of doing it made far more sense, you could see if the necessary hardware (microcode) was there and if the mitigation
    is enabled&working.

    With this formulation, it suggests that the hardware is vulnerable, and that's it. Yes you applied the mitigations, but... hardware is still found to be vulnerable.

    The whole reason we apply these mitigations is to patch the vulnerable hardware and achieve a non-vulnerable state. You don't want to see that you're still vulnerable with all mitigations in place.
     
Thema:

NSA Reported Security Vulnerability Patch Hardware Dependent?

Loading...
  1. NSA Reported Security Vulnerability Patch Hardware Dependent? - Similar Threads - NSA Reported Security

  2. Vulnerability Assessments – Detailed Report

    in AntiVirus, Firewalls and System Security
    Vulnerability Assessments – Detailed Report: Kindly help to share the step to remediate this findings on our windows 10.1. Microsoft Windows Unquoted Service Path Enumeration - #Ensure that any services that contain a space in the path enclose the path in quotes. NWSAPAutoWorkstationUpdateSvc : C:\Program Files...
  3. Vulnerability Assessments – Detailed Report

    in Windows 10 Gaming
    Vulnerability Assessments – Detailed Report: Kindly help to share the step to remediate this findings on our windows 10.1. Microsoft Windows Unquoted Service Path Enumeration - #Ensure that any services that contain a space in the path enclose the path in quotes. NWSAPAutoWorkstationUpdateSvc : C:\Program Files...
  4. Vulnerability Assessments – Detailed Report

    in Windows 10 Software and Apps
    Vulnerability Assessments – Detailed Report: Kindly help to share the step to remediate this findings on our windows 10.1. Microsoft Windows Unquoted Service Path Enumeration - #Ensure that any services that contain a space in the path enclose the path in quotes. NWSAPAutoWorkstationUpdateSvc : C:\Program Files...
  5. Windows Security: time to patch these three zero-day vulnerabilities

    in Windows 10 News
    Windows Security: time to patch these three zero-day vulnerabilities: Microsoft released security updates for all client and server versions of Windows that it supports yesterday. Among the 30 or so security issues that each version of Windows is affected by are three zero-day vulnerabilities that are exploited already. [ATTACH] It is...
  6. Active X Vulnerability Patch - Where is it?

    in Windows 10 Installation and Upgrade
    Active X Vulnerability Patch - Where is it?: For the Active X vulnerability, on the advisory website you state there's is a patch / upgrade released, without a download link - see https://msrc.microsoft.com/update-guide. Where is the patch? Office is badly affected. Are you guys doing this on purpose, telling there's a...
  7. Windows patch Dependency

    in Windows 10 Installation and Upgrade
    Windows patch Dependency: How to check the Windows patch Dependency, I want to know that is there any tool available to check the Windows patch dependency. I will appreciate your reply. https://answers.microsoft.com/en-us/windows/forum/all/windows-patch-dependency/3338d9d6-62a6-4779-a504-1700336af310
  8. Security Patch

    in AntiVirus, Firewalls and System Security
    Security Patch: Hi All, How to download the KB4049411 and KB4033631 in Microsoft catalog? If we select "Check for Update" , these two patches are showing , but in Microsoft catalog mentioned KB's are not shown....
  9. Report: Researchers find a Cortana vulnerability (already patched) which could bypass...

    in Windows 10 News
    Report: Researchers find a Cortana vulnerability (already patched) which could bypass...: If a report is believed to be true, Microsoft’s Cortana could have been used to bypass the security protection of the Windows 10 operating system. It’s worth noting that the vulnerability has already been patched in June by Microsoft. At Black Hat in Las Vegas this week,...
  10. Spectre Intel CPU Security Vulnerability Patch - Performance Questions

    in AntiVirus, Firewalls and System Security
    Spectre Intel CPU Security Vulnerability Patch - Performance Questions: Does the Intel patch for Spectre on a 6th Gen Core i5 Desktop CPU have any distinguishable performance hit for gaming, streaming, media playback, video editing, or photo editing? I heard there's a performance hit (so I've been avoiding the patch) but on newer processors it...