MS update Tuesday: to fix an extraordinarily serious security risk

Discussion in 'HardForum Tech News' started by Monkey34, Jan 14, 2020 at 7:32 AM.

  1. PeaKr

    PeaKr Gawd

    Messages:
    815
    Joined:
    Sep 6, 2004
    d3athf1sh likes this.
  2. Domingo

    Domingo [H]ard as it Gets

    Messages:
    17,489
    Joined:
    Jul 30, 2004
    Guess this has to be important. Tomorrow's the rollout of the Chromium-based Edge. If this wasn't urgent, they would have just waited a day.
     
  3. DejaWiz

    DejaWiz Oracle of Unfortunate Truths

    Messages:
    19,414
    Joined:
    Apr 15, 2005
    Win7 support officially ended today.
     
  4. Axman

    Axman 2[H]4U

    Messages:
    2,455
    Joined:
    Jul 13, 2005
    Those outlier machines you handle on a case-by-case basis, but any of the sensitive info lives on the server inside a secure room. If your accountant is keeping financials on a local machine, that accountant is embezzling money.

    The servers you update as soon as possible, after hours or as close to after hours as you can manage, with backups at your fingertips.

    IP you protect with lawyers.
     
  5. clockdogg

    clockdogg Gawd

    Messages:
    981
    Joined:
    Dec 12, 2007
    What a coincidence... couldn't have planned this... unless...
     
  6. Ebernanut

    Ebernanut [H]ard|Gawd

    Messages:
    1,091
    Joined:
    Dec 15, 2010
    So am I missing something or is this just an exploit that makes an executable not give an extra warning about not having a properly signed certificate?

    It seems like this would have to be paired with a remote execution exploit to be very dangerous since if you can convince an idiot to d/l and run something an extra warning usually isn't going to stop them.
     
  7. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,645
    Joined:
    Mar 4, 2013
    Interesting that there is no Win 8.1 update listed. Support for that runs through 2023. Wonder if there will be more additions later.
     
    jfreund likes this.
  8. clockdogg

    clockdogg Gawd

    Messages:
    981
    Joined:
    Dec 12, 2007
    Red Falcon, the901, Monkey34 and 2 others like this.
  9. blandead

    blandead Limp Gawd

    Messages:
    249
    Joined:
    Nov 6, 2010
    That's very common and achievable with a level 2 & level 1 tech

    I would simply find the dism command needed to uninstall the patch, send it to all computers simultaneously and reboot. Or automate with a script if physical access needed to fix. Run script and move on.

    But agreed never blindly install patches without reading known issues on MS's site
     
  10. d3athf1sh

    d3athf1sh Limp Gawd

    Messages:
    495
    Joined:
    Dec 16, 2015

    i'm assuming 1909 doesn't need it?? i'm pretty sure it didn't come up on either of the two 1909 enterprise installations i have here at the house. and if you go to the actual download page for the update it's only showing for the older versions of win10 and 8 & 7. unless i'm missing something.
     
  11. GoodBoy

    GoodBoy [H]ard|Gawd

    Messages:
    1,655
    Joined:
    Nov 29, 2004
    1909 needs it. I installed it last night.

    Windows 10 Version 1909 for x64-based Systems Article: 4528760 Patch: Security Update
     
  12. PeaKr

    PeaKr Gawd

    Messages:
    815
    Joined:
    Sep 6, 2004
    Blame the Forbes article which mentions W7 and 8. Guess I shoulda known better, fake news.

    "Before you take a deep breath and relax because you're still using Windows 8, Windows 7 or Windows XP, that same crypto component is present in all versions of Windows. "
     
    GoodBoy likes this.
  13. Jacobhobz

    Jacobhobz n00b

    Messages:
    1
    Joined:
    Dec 29, 2019
  14. KD5ZXG

    KD5ZXG Limp Gawd

    Messages:
    464
    Joined:
    Mar 24, 2017
    Finally got the update to start. It was stuck pretty good there.
    Seems I had installed Spybot Anti-Beacon and forgot about it.
    It left comments explaining in my HOSTS file was how I found.
    Disabled Anti-Beacon's immunization and rebooted.

    Update hasn't finished, but at least its futher than before.
    So, when it finishes I turn Anti-Beacon immunization back on?
    Or I need an updated anti-beacon? Prolly wouldn't hurt...

    MS best not be reinstalling stupid games and whatever other
    garbage I've deliberately removed...
     
  15. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    29,229
    Joined:
    Oct 29, 2000
    So, is this CVE-2020-0601?

    How does someone write an article about a vulnerability without referencing the tracking number?