Windows 10: Windows 10 KB4551762 released with SMBv3 vulnerability fix

On Tuesday, Microsoft released cumulative updates for all supported versions of Windows 10 with security improvements for Edge, Internet Explorer and other components. During the Patch Tuesday updates rollout, details about a new “wormable” vulnerability in SMBv3 protocol accidentally leaked online.

Microsoft Server Message Block (SMB) protocol vulnerability has been labelled as CVE-2020-0796 and researchers discovered that the fix was not included in this month’s Patch Tuesday updates.

Today, Microsoft is rolling out Windows 10 KB4551762 update to patch the critical SMBv3 vulnerability. KB4551762 replaces KB4540673 on Windows 10 version 1909 and 1903 computers, and it is rolling out via Windows Update.

According to Microsoft, KB4551762 patches SMBv3 wormable bug (also known as SMBGhost, EternalDarkness) that leaked earlier this week.

SMBv3 vulnerability is more concerning because the same protocol previously helped attackers during the WannaCry and NotPetya ransomware.

The Redmond firm says users can download and install the important security update by checking for updates in Update & Security > Windows Update. Unlike the preview updates, this is a mandatory patch and it will install automatically in the background at some point if you don’t install it manually today.

For those who want to manually patch their computers, Microsoft has also published the offline installers.

Download Links for Windows 10 KB4551762


Windows 10 KB4551762 Direct Download Links: 32-bit (x86) and 64-bit.

As people have observed, enterprises can also disable the SMB compression, which is good inbound mitigation, but Microsoft recommends everyone to apply the patch. If you go with the registry change, only inbound migration is applied, but the patch helps with both inbound and outbound vectors.

In this patch, Microsoft says it’s aware of one known issue plaguing Windows Server containers where you might encounter issues with 32-bit apps and processes.

Windows 10 Build 18363.720 update package size is around 400MB for 64-bit systems and 200MB for 32-bits. This is a full-size cumulative update and if you haven’t installed Tuesday update, you’ll only get Build 18363.720 with SMBv3 and other fixes.

In related news, people have reported that this month’s cumulative update leads to BSOD and system crashes. Microsoft has yet to acknowledge the issue, but it’s still early in the morning in Redmond.

The post Windows 10 KB4551762 released with SMBv3 vulnerability fix appeared first on Windows Latest

Weiterlesen...

 

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: {{windowTitle}}

 

Windows 10 Tweaks

Pressing “Windows+Pause Break” (it’s up there next to scroll lock) opens the “System” Window.

Windows 10: In the new version of Windows, Explorer has a section called Quick Access. This includes your frequent folders and recent files. Explorer defaults to opening this page when you open a new window. If you’d rather open the usual This PC, with links to your drives and library folders, follow these steps:

• Open a new Explorer window.
• Click View in the ribbon.
• Click Options.
• Under General, next to “Open File Explorer to:” choose “This PC.”
• Click OK

credit to Lifehacker.

 

Notepad++ 7.3.3 update fixes CIA vulnerability

Notepad++ 7.3.3 update fixes CIA vulnerability - gHacks Tech News