Chances of destructive BlueKeep exploit rise with new explainer posted online

Chances of destructive BlueKeep exploit rise with new explainer posted online

Enlarge (credit: One of the slides posted to Github)

A security researcher has published a detailed guide that shows how to execute malicious code on Windows computers still vulnerable to the critical BlueKeep vulnerability. The move significantly lowers the bar for writing exploits that wreak the kinds of destructive attacks not seen since the WannaCry and NotPetya attacks of 2017, researchers said.

As of three weeks ago, more than 800,000 computers exposed to the Internet were vulnerable to the exploit, researchers from security firm BitSight said last week. Microsoft and a chorus of security professionals have warned of the potential for exploits to sow worldwide disruptions. The risk of the bug, found in Microsoft’s implementation of the remote desktop protocol, stems from the ability for attacks to spread from one vulnerable computer to another with no interaction required of end users.

“A pretty big deal”

One of

Read the rest
Your Phone Notification Mirroring Arrives for Windows and Android

Your Phone Notification Mirroring Arrives for Windows and Android


The Your Phone app from Microsoft now does full Android phone notification mirroring, the company announced yesterday. With a Windows machine and the app installed on it and your phone, your worlds have never been more connected. Well, unless you used one of the number of already-available apps that have done this for years, but hey, let’s not take away from today’s news.

The Your Phone app allows for photos, texts, and (now) notifications to be available on your computer. It’s been around for a while doing the photos and texting part, but this notification stuff takes it to a new level of fun.

To get started, you’ll need to install Your Phone everywhere and we have links below to help you do that. Once done, you will login with your matching Windows credentials within the Your Phone app on your Android phone. After completing that task and then … Read the rest

Apple’s iCloud has been a poor experience in Windows, but a new update seeks to fix that

Apple’s iCloud has been a poor experience in Windows, but a new update seeks to fix that

Apple has released a new version of iCloud for Windows 10 in the Microsoft Store, according to a recent blog post by Microsoft and a handful of Apple customer support documents. The new version claims to be a major improvement, with more robust features and more reliable syncing—the latter of those has been a common complaint for users of Apple’s previous version.

Features listed by Microsoft include:

  • Access your iCloud Drive files directly from File Explorer without using up space on your PC
  • Choose the files and folders you want to keep on your PC
  • Safely store all your files in iCloud Drive and access them from your iOS device, Mac, and on iCloud.com
  • Share any file right from File Explorer and easily collaborate with others—edits will be synced across your devices

Interestingly, Microsoft says the new iCloud app

Read the rest
Warnings of world-wide worm attacks are the real deal, new exploit shows

Warnings of world-wide worm attacks are the real deal, new exploit shows

(credit: flattop341)

For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal.

It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.

The video shows a module Dillon wrote for the Metasploit exploit framework remotely connecting to a Windows Server 2008 R2 computer that has yet to install a patch Microsoft released in mid May. At about 14 seconds, a Metasploit payload

Read the rest
Answers to some of your iTunes questions: Old libraries, Windows, and more

Answers to some of your iTunes questions: Old libraries, Windows, and more

SAN JOSE, Calif.—After much speculation and fanfare in the press, Apple confirmed today that it will sunset iTunes in the next version of macOS and spin its functionality into three new apps—Apple Music, Apple Podcasts, and Apple TV. As we noted earlier, this marks the end of an era of sorts on the Mac—but there were plenty of unanswered questions. What features will Music retain from iTunes? And what happens to Windows users who are dependent on iTunes?

While some details are still fuzzy and will remain that way until we start digging into the beta releases, we got some broad answers from Apple on those top-level questions.

Old iTunes libraries and files

Apple Music in macOS Catalina will import users’ existing music libraries from iTunes in their entirety, Apple says. That includes not just

Read the rest
Microsoft practically begs Windows users to fix wormable BlueKeep flaw

Microsoft practically begs Windows users to fix wormable BlueKeep flaw

Enlarge (credit: Aurich Lawson)

Microsoft security officials say they are confident an exploit exists for BlueKeep, the recently patched vulnerability that has the potential to trigger self-replicating attacks as destructive as the 2017 WannaCry attack that shut down computers all over the world.

In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft issued two weeks ago patching against the so-called BlueKeep vulnerability, which is formally tracked as CVE-2019-0708. The exploits can reliably execute malicious code with no interaction on the part of an end user. The severity prompted Microsoft to take the unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and two

Read the rest
Xbox Game Pass is coming to Windows 10, but many questions remain

Xbox Game Pass is coming to Windows 10, but many questions remain

Enlarge / Well, there you have it.

In one of the less-detailed announcements of the pre-E3 season, Microsoft this morning officially confirmed it is bringing its “all-you-can-play” Game Pass subscription service to the PC. The new expansion of the Xbox Game Pass (which launched just over two years ago) “will give players unlimited access to a curated library of over 100 high-quality PC games on Windows 10, from well-known PC game developers and publishers such as Bethesda, Deep Silver, Devolver Digital, Paradox Interactive, SEGA and more,” according to an announcement from Microsoft.

Games from Microsoft’s own studios, including recent acquisitions Obsidian and inXile, will be available on Xbox Game Pass for PC on the day they’re released, just as they are on Xbox One. Game Pass members will also receive discounts of up to 20% on Windows Store games and up to 10% off of DLC and add-on

Read the rest
Eternally Blue: Baltimore City leaders blame NSA for ransomware attack

Eternally Blue: Baltimore City leaders blame NSA for ransomware attack

Enlarge / Baltimore: An IT disaster area? (credit: Cyndi Monaghan via Getty Images)

The mayor and city council president of Baltimore are pushing for the ransomware attack that brought Baltimore’s city government to a standstill to be designated a disaster, and officials are seeking federal aid to help pay for the cleanup from the RobbinHood malware’s damage. This call came after a New York Times report that the ransomware used the EternalBlue exploit developed by the National Security Agency to spread across the city’s network.

EternalBlue was part of a set of tools developed for the NSA’s Tailored Access Operations (TAO) group that were leaked by Shadow Brokers in 2017. The tool was then used two months later as part of WannaCry, the destructive cryptographic worm that affected thousands of computers worldwide. Shadow Brokers has been linked by some security experts to a Russian intelligence agency; WannaCry has been attributed

Read the rest
Why a Windows flaw patched nine days ago is still spooking the Internet

Why a Windows flaw patched nine days ago is still spooking the Internet

Enlarge / Artist’s impression of a malicious hacker coding up a BlueKeep-based exploit. (credit: Getty Images / Bill Hinton)

It has been nine days since Microsoft patched the high-severity vulnerability known as BlueKeep, and yet the dire advisories about its potential to sow worldwide disruptions keep coming.

Until recently, there was little independent corroboration that exploits could spread virally from computer to computer in a way not seen since the WannaCry and NotPetya worms shut down computers worldwide in 2017. Some researchers felt Microsoft has been unusually tight-lipped with partners about this vulnerability, possibly out of concern that any details, despite everyone’s best efforts, might hasten the spread of working exploit code.

Until recently, researchers had to take Microsoft’s word the vulnerability was severe. Then five researchers from security firm McAfee reported last Tuesday that they were able to exploit the vulnerability and gain remote code execution without any

Read the rest
Serial publisher of Windows 0-days drops exploits for 3 more unfixed flaws

Serial publisher of Windows 0-days drops exploits for 3 more unfixed flaws

Enlarge (credit: SandboxEscaper)

A serial publisher of Microsoft zeroday vulnerabilities has dropped exploit code for three more unpatched flaws, marking the seventh time the unknown person has done so in the past year.

Technical details of the vulnerabilities, along with working proof-of-concept exploits, are the work of someone using the moniker SandBoxEscaper. A local privilege-escalation vulnerability in the Windows Task Scheduler that was disclosed on Tuesday allows an authenticated attacker to gain SYSTEM privileges on an affected system. On Thursday, the person released a privilege escalation code that exploits a bug in the Windows Error Reporting service. Attackers can use it to modify files that would normally be off limits. A third exploit, which was also released Wednesday, works against Internet Explorer 11 and allows attackers to execute a JavaScript that runs with higher system access than is normally permitted by the browser sandbox.

Decent deal

Like the

Read the rest