Please run windows update now

Keith Medcalf kmedcalf at dessus.com
Sat May 13 05:21:51 UTC 2017


Not to mention of course that the version of Windows 10 that actually has all Microsoft's wonder-dunder-touted-all-and-fro security features is the one that most mere  mortals cannot buy.

I wunder.  

When there are these wunderful fluffings of the security of Windows 10, should one be suing Microsoft for not explicitly stating in the opening sentence that the features touted do not apply to any version of Windows that can be purchased at whim (ie, retail) and only applies to the "Enterprise" version which is *only* available with a minimum purchase quantity and the selling of the first (and second) born to Microsoft, and at that only after entering into a really nasty contract with Microsoft?  

Or should one be suing all the "security fools and newsfrothers" that promulgate the story without specifying that the emperors "new secure clothing" is only available to "Enterprise" customers with special contracts to Microsoft and failing to warn that Microsoft has deliberately left everyone else "naked and unprotected"?

Or should one simply sue them all and let God (or a judge) sort it out?
 
-- 
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı


> -----Original Message-----
> From: Joe [mailto:jbfixurpc at gmail.com]
> Sent: Friday, 12 May, 2017 23:08
> To: Keith Medcalf
> Cc: nanog at nanog.org
> Subject: Re: Please run windows update now
> 
> One word. Linux.
> 
> After this we'll probably see (yet more) additional processes running on
> windows boxes safe guarding against issues like this, forcing windoze
> users to upgrade memory/processor/disk space. I, for one, am not looking
> at Windoze 10 S as it locks too many applications needed for work to the
> Windoze store.
> 
> 
> Getting kind of ridiculous if you ask me.
> 
> 
> -Joe
> 
> 
> On Fri, May 12, 2017 at 11:56 PM, Keith Medcalf <kmedcalf at dessus.com>
> wrote:
> 
> 
> 
> 	Well, this one was patched (or more accurately, undone).  Perhaps.
> Maybe.
> 
> 	How many other "paid defects" do you estimate there are in Microsoft
> Windows waiting to be exploited when discovered (or disclosed) by someone
> other than the "Security Agency" buying the defect?
> 
> 	Almost certainly more than just this one ... and almost certainly
> there is more than a single "payor agency" independently purchasing the
> deliberate introduction of code defects.
> 
> 	--
> 	˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
> 
> 
> 	> -----Original Message-----
> 	> From: Nathan Brookfield [mailto:Nathan.Brookfield at simtronic.com.au
> <mailto:Nathan.Brookfield at simtronic.com.au> ]
> 	> Sent: Friday, 12 May, 2017 22:48
> 	> To: Keith Medcalf
> 	> Cc: nanog at nanog.org
> 	> Subject: Re: Please run windows update now
> 	>
> 	> Well it was patched by Microsoft of March 14th, just clearly
> people
> 	> running large amounts of probably Windows XP have been owned.
> 	>
> 	> Largely in Russia.
> 	>
> 	> Nathan Brookfield
> 	> Chief Executive Officer
> 	>
> 	> Simtronic Technologies Pty Ltd
> 	> http://www.simtronic.com.au
> 	>
> 	> On 13 May 2017, at 14:47, Keith Medcalf <kmedcalf at dessus.com>
> wrote:
> 	>
> 	>
> 	> The SMBv1 issue was disclosed a year or two ago and never patched.
> 	> Anyone who was paying attention would already have disabled SMBv1.
> 	>
> 	> Thus is the danger and utter stupidity of "overloading" the
> function of
> 	> service listeners with unassociated road-apples.  Wait until the
> bad guys
> 	> figure out that you can access the same "services" via a
> connection to the
> 	> DNS port (UDP and TCP 53) on windows machines ...
> 	>
> 	> --
> 	> ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
> 	>
> 	>
> 	> > -----Original Message-----
> 	> > From: NANOG [mailto:nanog-bounces+kmedcalf <mailto:nanog-
> bounces%2Bkmedcalf> =dessus.com at nanog.org] On
> 	> Behalf
> 	> > Of Karl Auer
> 	> > Sent: Friday, 12 May, 2017 18:58
> 	> > To: nanog at nanog.org
> 	> > Subject: Re: Please run windows update now
> 	> >
> 	> >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> 	> >> - In parallel, consider investigating low-hanging fruit by OU
> 	> >> (workstations?) to disable SMBv1 entirely.
> 	> >
> 	> > Kaspersky reckons the exploit applies to SMBv2 as well:
> 	> >
> 	> > https://securelist.com/blog/incidents/78351/wannacry-ransomware-
> used-in <https://securelist.com/blog/incidents/78351/wannacry-ransomware-
> used-in>
> 	> > -widespread-attacks-all-over-the-world/
> 	> >
> 	> > I thought it was a typo in para 2 and the table, but they
> emailed back
> 	> > saying nope, SMBv2 is (was) also broken. However, they also say
> (same
> 	> > page) that the MS patch released in March this year fixes it.
> 	> >
> 	> > Assuming they are right, I wonder why Microsoft didn't mention
> SMBv2?
> 	> >
> 	> > Regards, K.
> 	> >
> 	> > --
> 	> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 	> > Karl Auer (kauer at biplane.com.au)
> 	> > http://www.biplane.com.au/kauer
> <http://www.biplane.com.au/kauer>
> 	> > http://twitter.com/kauer389
> 	> >
> 	> > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C
> 6A3A
> 	> > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB
> C38B
> 	> >
> 	>
> 	>
> 	>
> 
> 
> 
> 
> 
> 






More information about the NANOG mailing list