Re: Please run windows update now

[Joe <jbfixurpc () gmail com>]

One word. Linux.
After this we'll probably see (yet more) additional processes running on
windows boxes safe guarding against issues like this, forcing windoze users
to upgrade memory/processor/disk space. I, for one, am not looking at
Windoze 10 S as it locks too many applications needed for work to the
Windoze store.

Getting kind of ridiculous if you ask me.

-Joe

On Fri, May 12, 2017 at 11:56 PM, Keith Medcalf <kmedcalf () dessus com> wrote:

> Well, this one was patched (or more accurately, undone).  Perhaps.  Maybe.
>
> How many other "paid defects" do you estimate there are in Microsoft
> Windows waiting to be exploited when discovered (or disclosed) by someone
> other than the "Security Agency" buying the defect?
>
> Almost certainly more than just this one ... and almost certainly there is
> more than a single "payor agency" independently purchasing the deliberate
> introduction of code defects.
>
> --
> ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
>
>
> > -----Original Message-----
> > From: Nathan Brookfield [mailto:Nathan.Brookfield () simtronic com au]
> > Sent: Friday, 12 May, 2017 22:48
> > To: Keith Medcalf
> > Cc: nanog () nanog org
> > Subject: Re: Please run windows update now
> >
> > Well it was patched by Microsoft of March 14th, just clearly people
> > running large amounts of probably Windows XP have been owned.
> >
> > Largely in Russia.
> >
> > Nathan Brookfield
> > Chief Executive Officer
> >
> > Simtronic Technologies Pty Ltd
> > http://www.simtronic.com.au
> >
> > On 13 May 2017, at 14:47, Keith Medcalf <kmedcalf () dessus com> wrote:
> >
> >
> > The SMBv1 issue was disclosed a year or two ago and never patched.
> > Anyone who was paying attention would already have disabled SMBv1.
> >
> > Thus is the danger and utter stupidity of "overloading" the function of
> > service listeners with unassociated road-apples.  Wait until the bad guys
> > figure out that you can access the same "services" via a connection to
> the
> > DNS port (UDP and TCP 53) on windows machines ...
> >
> > --
> > ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
> >
> >
> > > -----Original Message-----
> > > From: NANOG [mailto:nanog-bounces+kmedcalf=dessus.com () nanog org] On
> > Behalf
> > > Of Karl Auer
> > > Sent: Friday, 12 May, 2017 18:58
> > > To: nanog () nanog org
> > > Subject: Re: Please run windows update now
> > >
> > > > On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > > > - In parallel, consider investigating low-hanging fruit by OU
> > > > (workstations?) to disable SMBv1 entirely.
> > >
> > > Kaspersky reckons the exploit applies to SMBv2 as well:
> > >
> > > https://securelist.com/blog/incidents/78351/wannacry-
> ransomware-used-in
> > > -widespread-attacks-all-over-the-world/
> > >
> > > I thought it was a typo in para 2 and the table, but they emailed back
> > > saying nope, SMBv2 is (was) also broken. However, they also say (same
> > > page) that the MS patch released in March this year fixes it.
> > >
> > > Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> > >
> > > Regards, K.
> > >
> > > --
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~
> > > Karl Auer (kauer () biplane com au)
> > > http://www.biplane.com.au/kauer
> > > http://twitter.com/kauer389
> > >
> > > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> > > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B