Tag Search: windows
Posted on Tuesday August 13, 2019 | bug, security, windows
CTF, a little-known Microsoft protocol used by all Windows operating system versions since Windows XP, is insecure and can be exploited with ease. From a report: According to Tavis Ormandy, a security researcher with Google's Project Zero elite security team and the one who discovered the buggy protocol, hackers or malware that already have a foothold on a user's computer can use the protocol to take over any app, high-privileged applications, or the entire OS, as a whole. Currently, there are no patches for these bugs, and a quick fix isn't expected, as the vulnerabilities are deeply ingrained in the protocol and its design. What CTF stands is currently unknown. Even Ormandy, a well-known security researcher, wasn't able to find what it means in all of Microsoft documentation. What Ormandy found out was that CTF is part of of the Windows Text Services Framework (TSF), the system that manages the text shown inside Windows and Windows applications. When users start an app, Windows also starts a CTF client for that app. The CTF client receives instructions from a CTF server about the OS system language and the keyboard input methods. It is unclear how Microsoft will patch the CTF problem.
Posted on Sunday August 11, 2019 | security, windows
Artem S. Tashkinov writes: Researchers from security company Eclypsium have discovered that more than forty drivers from at least twenty different vendors -- including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei -- include critical vulnerabilities allowing an escalation of privileges to full system level access. Considering how widespread these drivers are, and the fact that they are digitally signed by Microsoft, they allow an attacker to more successfully penetrate target systems and networks, as well as remain hidden. Also while some of these drivers "are designed to update firmware, the driver is providing not only the necessary privileges, but also the mechanism to make changes" which means the attacker can gain a permanent foothold. Eclypsium has already notified Microsoft about the issues and at least NVIDIA has already released fixed drivers.
Posted on Saturday August 10, 2019 | security, windows
itwbennett writes: Researchers from security firm Bitdefender discovered and reported a year ago a new CPU vulnerability that "abuses a system instruction called SWAPGS and can bypass mitigations put in place for previous speculative execution vulnerabilities like Spectre," writes Lucian Constantin for CSO. There are three attack scenarios involving SWAPGS, the most serious of which "can allow attackers to leak the contents of arbitrary kernel memory addresses. This is similar to the impact of the Spectre vulnerability." Microsoft released mitigations for the vulnerability in July's Patch Tuesday, although details were withheld until August 6 when Bitdefender released its whitepaper and Microsoft published a security advisory.
Posted on Tuesday July 16, 2019 | windows 8, windows, windows 8 tips, windows 8 1, windows tips, arranging windows desktop, cluttered desktop, desktop clutter
Anything that hinders productivity is considered detrimental to profit, and a cluttered computer is one of them. Even a little time spent looking for files and applications in a crowded desktop can eventually add up to hours of downtime. Worse, it can mean losing critical data like important reports. Here are some tips to help your employees clear their desktops and optimize their virtual working space.
Posted on Friday June 28, 2019 | microsoft, windows, servers, microsoft exchange, hosted exchange
A server can host most business programs, and many businesses rely on at least one server - most commonly Microsoft Exchange - to host their email platform. Some companies, however, don't have enough room for a server. Hosted Exchange solves this dilemma.
Posted on Friday May 31, 2019 | microsoft, security, windows
Earlier this month, Microsoft revealed a major Windows security vulnerability that could see a widespread "wormable" attack that spreads from one vulnerable computer to the next. "While Microsoft has released patches for Windows systems, even for older server and Windows XP machines, recent reports have revealed there are at least 1 million systems connected to the internet that can be attacked," reports The Verge. "Microsoft is confident that an exploit exists for this vulnerability," warns Simon Pope, director of incident response at Microsoft's Security Response Center (MSRC). "It's been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we're out of the woods." From the report: Pope notes that it was nearly two months after the release of patches for the previous EternalBlue exploit when WannaCry attacks began, and despite having 60 days to patch systems, a lot of machines were still infected. The EternalBlue exploit was leaked publicly, allowing hackers to create malware freely. This new BlueKeep flaw hasn't yet been publicly disclosed, but that doesn't mean there won't be malware. "It is possible that we won't see this vulnerability incorporated into malware," says Pope. "But that's not the way to bet."
Phone: +1-989-776-2080
Toll Free: +1-855-674-2968
Email: info (at) netservicesgroup dot com
DUNS 155892800
SPIN 143027933
100% Michigan
NSG is owned & operated, offering enterprise-level IT service & support, right in your own back yard.