Musings tagged as windows

Microsoft has decided to pull the latest update for Windwos 10. The statement reads

We have paused the rollout of the Windows 10 October 2018 Update for all users as we investigate isolated reports of users missing some files after updating.

There are, of course, numerous reports of international companies with dominance over the OS market to pull updates just because of a few isolated reports from some users. ^^

In reality, there were serious issues like incompatibilities with Intel Display Audio device drivers, the task manager not reporting the correct CPU usage (maybe a conspiracy with Intel for their meltdown patches? ^^), and

*drumroll*

Deletion of user files located in C:\Users\[username]\Documents\.

A user reported losing 220 GB worth of personal files. You can find many more reports in the same thread. Whohooow! Go Microsoft!

There is a new exploit out in the wild that can pretty much crash most windows computers within seconds.

Actually, this bug has been around at least since July 2017 and consists of a malformed NTFS image which, when placed on a USB thumb drive and inserting it into a Windows computer will crash it within seconds. One of the reasons this automatic BSOD generation works is due to the auto-play functionality. But even if it is disabled, manually opening the file, or having it opened by anti virus software snake oil will achieve the same effect.

Marius Tivadar, a researcher that has discovered this flaw in 2017, told Microsoft about it. Microsoft declined to classify the issue as a security bug and also downgraded the bug’s severity because

exploiting it requires either physical access or social engineering (tricking the user)

Now, when did “tricking the user” ever work? And of course Microsoft apparently has never heard of malware which can just download additional features such as this to your pc for your bluescreening pleasures.

A proof of concept code is available on github so everyone can have fun with this now. Also Marius published two videos of the exploit in action, showing that it can also crash locked pcs.

Cortana, Open Sesame!

Wed, Mar 7, 2018

Two Israeli researchers have found a way to bypass the screen lock protection of Windows 10 machines and install malware. How? Well, just talk to Cortana and tell her to visit a website serving malicious code because she still listens even if the screen is locked… :)

Lenovo has released a security advisory about some serious security issues (a holy trinity of weak encryption, hardcoded password, and access without admin authentification) with their Windows-based Fingerprint Manager Pro software. So, if you are running Windows on your Lenovo (why, oh why would you shoot yourself in the foot like that?) and have not deactivated the fingerprint sensor anyway, since biometric security is insecure as fuck and nothing beats a proper password, you should probably take a look.

1
2