AntivirusMalwarePhishingSecurityVulnerabilty

Warning – Major WannaCry-like Windows Security Exploit

If you have a Windows computer different from Windows 10 and Windows 8, you need this update!

Windows 7, Windows XP, Windows Server 2003, Windows Server 2008 R2 and similar all need updates right now.

More on this

Here: https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/

and here: https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches

Advertisements
AntivirusLittle TipsMalwareNetworkingPhishing

Microsoft SharePoint Under Attack – CVE-2019-0604

SharePoint is under attack as attackers have discovered and are exploiting vulnerability CVE-2019-0604. Find out more about the vulnerability in the linked security advisory by Microsoft below:

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

– Microsoft SharePoint Remote Code Execution Vulnerability

According to an article by HelpNetSecurity, the attackers are able to install a web shell that then “allows them to achieve continuous access to the system and, potentially, to the internal network on which it resides.” The article also reports that, “According to the Canadian Centre for Cyber Security, researchers have identified compromised systems belonging to the academic, utility, heavy industry, manufacturing and technology sectors.”

What is the God Mode on Windows?
Little TipsWindows 10 TipsWindows PCWindows Server Tips

What Is This So Called God Mode on Windows and How Do I Access It?

Windows has a really cool tool you will be glad to discover if, like me, you like to have lots of power on you computer. Some people have called this feature the “God Mode,” but we will call it “Power Tools Mode,” because we fear God here.

The Power Tools Mode is easy to access. Just create an empty folder on your Desktop, Rename the folder to the following exact code with the brackets and dot and then press Enter.

PowerToolsMode.{ED7BA470-8E54-465E-825C-99712043E01C}

The folder icon should change to look like that of the Control Panel et voila!

Icon for the so-called God Mode on Windows

The new icon

This folder gives you access to tools like:

  • Shortcuts to several actions in the Action Center (including a shortcut to View the Reliability History discussed in one of our articles),
  • Several Administrative Tools,
  • Devices and Printers,
  • Several Accessibility features in the “Ease of Access Center.”

What is the God Mode on Windows?

Power Tools accessible via the so-called “God Mode” on Windows.

 

Reliability and Problem History
Windows 10 TipsWindows PCWindows Server Tips

What is Microsoft Windows Reliability Monitor?

One of the hidden gems on Windows computers is the Reliability Monitor. This tool can help you detect problems on your system before it is too late. The Monitor is hidden in the Control Panel > System and Security > Action Center > Reliability Monitor in some of the flavors of Windows, but the quickest way to unearth it on Windows 10 is to Windows Start / Search for “Reliability.” This should bring up a result to “View reliability history.” You can also find the tool by going to your Action Center > Maintenance, then under Check for Solutions to problem reports, click View reliability history.

Path to Reliability History

Control Panel > System and Security > Action Center > Maintenance > View reliability history

According Windows Help and Support, Reliability Monitor is an advanced tool that measures hardware and software problems and other changes to your computer. It provides a stability index that assesses your system’s overall stability on a scale from 1 to 10, 10 being the most stable. The history is presented such that, by selecting a specific period in time, you may review the specific hardware and software problems that have impacted your system.

Reliability and Problem History

A view of the Reliability and Problem History on Windows Server 2012

 

AntivirusLittle TipsMalwareSecurityWindows 10 Tips

Critical Vulnerability in WinRAR Exposed – Absolute Path Traversal

According to a report this morning from SonicWall, a vulnerability that could allow remote code execution has been discovered in WinRAR. This software vulnerability exposes the half a billion users of this Windows unarchiver. The vulnerability exploited is detailed by MITRE in CVE-2018-20250.

To find out if you are vulnerable, check to see if your WinRAR version is anything prior to WinRAR prior to 5.70 beta 1.

The fix is to update your software to the latest WinRAR version to resolve the issue.

For those not familiar with WinRAR, according to Wikipedia, “WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. To enable the user to test the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports creating encrypted, multi-part and self-extracting archives.”

Update: According to a March 23 2019 report by SonicWall, this WinRAR vulnerability is now being exploited in the wild.

“There have been two major exploits of this vulnerability, one targeting Ukraine with an Ukrainian law related PDF document and another targeting users in the Middle East. Last week, SonicWall Capture Labs Threat Research team has observed another campaign targeting users in Chile. WinRAR vulnerability is the most sought after exploit used by both cyber criminals and nation state actors.”

The security news brief from SonicWall also details the infection cycle of a WinRAR exploit. Be on guard!