More from: Operating Systems

Microsoft Releases Out Of Cycle Emergency Security Path

Breaking with their second Tuesday of the month patch cycle Microsoft released an emergency out of cycle patch this week.  The flaw affects all current version of Windows Operating Systems, most vulnerable though are larger organizations in a network environment.

From Microsoft:

 

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. The update is also being provided on a defense-in-depth basis for all supported editions of Windows Vista, Windows 7, Windows 8, and Windows 8.1. For more information, see the Affected Software section.

The security update addresses the vulnerability by correcting signature verification behavior in Windows implementations of Kerberos. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability.

For more information about this update, see Microsoft Knowledge Base Article 3011780.


Windows 9 Now With Everything We Tried To Tell You Didn’t Want In Windows 8

From Extreme Tech

 

ccording to the latest leaks out of Microsoft, the next major version of Windows — Windows 9, Windows Threshold — will kill off the Charms bar. And, if that wasn’t enough to win back the droves of Desktop users who were scared off by the disgusting blight of Windows 8 Metroficiation, Windows 9 will also have virtual desktops! Yes, it would seem Microsoft is serious about making Windows a first-class operating system for mouse-and-keyboard users yet again.

If you’ve never used Windows 8, the Charms bar is one of the many abominable Metro-style additions that unfortunately also made it to the Desktop. The Charms bar is accessed by pushing your mouse into a corner of the screen, and then delicately moving your pointer up the edge of the screen to the necessary button (Share, Search, Devices, or Settings). This is probably one of the most uncomfortable UI interactions in computing history. The Charms bar is actually pretty slick on a touchscreen, where it’s comfortably accessed with your thumb, but we’ll probably never know why Microsoft also made mouse-and-keyboard users interact with it.

According to various sources, current internal alpha builds of Windows Threshold do not have the Charms bar. It isn’t clear if the Charms bar is only being removed from the Desktop, or from the Metro interface as well. Metro apps, which currently rely on the Charms bar for sharing and settings, will be changed so that these functions are exposed elsewhere. Don’t forget that Windows 9 will also allow for Metro apps to be run on the Desktop in a window — in which case, the working theory is that these Metro-on-Desktop apps will gain a Settings button in the top corner of the title bar, along with minimize and close. Desktop users will go back to using the resurrected Start menu and system tray — if they ever stopped using them in the first place, anyway

So far, then, so good — Microsoft has (finally) realized that Windows 8 offers very little for mouse-and-keyboard users, which still make up the vast majority of its user base. These changes are clearly targeted at creating significant distance between Windows 8 and Windows 9, and thus hopefully regaining the trust and affection of the lucrative enterprise market which has signaled that it’s more than happy to hold onto Windows XP and Windows 7 rather than attempt a painful upgrade to Windows 8.


Adobe Update Nixes Flash Player Zero Day

From Krebs

 

Adobe Systems Inc. has shipped an emergency security update to fix a critical flaw in itsFlash Player software that is currently being exploited in active attacks. The exploits so far appear to target Microsoft Windows users, but updates also are available for Mac andLinux versions of Flash.

The Flash update brings the media player to v. 13.0.0.206 on Windows and Mac systems, and v. 11.2.202.356 for Linux users. To see which version of Flash you have installed, check this link.

IE10/IE11 and Chrome should auto-update their versions of Flash. If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser.

The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

In its advisory about this vulnerability, Adobe said it is aware of reports that an exploit for the flaw (CVE-2014-0515) exists in the wild, and is being used to target Flash Player users on the Windows platform.

That advisory credits Kaspersky Lab with reporting the vulnerability, and indeed Kasperskypublished a blog post today detailing two new exploits that have been spotted in the wild attacking this vulnerability. Both exploits, according to Kaspersky, have been used in so-called “watering hole” espionage attacks, an increasingly common attack technique involving the compromise of legitimate websites specific to a geographic area which the attackers believe will be visited by end users who belong to the organization they wish to penetrate.

This is the second time in as many months that Adobe has shipped a patch to fix a zero-day vulnerability in Flash. What’s more, a well-known Flash exploitation technique was implicated in a separate Internet Explorer zero-day attack that Microsoft warned about yesterday.

While Flash is required by a great many Web sites, there is no reason to let this browser plug-in run content automatically when you visit a Web site. Rather, I’ve urged readers to rely on “click-to-play,” a feature built into Google Chrome, Mozilla Firefox and Opera (and available via add-ons in Safari) that blocks plugin activity by default, replacing the plugin content on the page with a blank box. Users who wish to view the blocked content need only click the boxes to enable the Flash or Java content inside of them. For more on setting up your browser to use click-to-play for Flash and other browser plugins, see Help Keep Threats at Bay with Click to Play.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746 computer repair st cloud computer reapir kissimee lake nona narcossee virus malware virus removal