Windows User? Zero Day Security Issue - Please don't ignore

[Solve My Problem]

There are security issues every day, and every week Microsoft patch them. Anti-Virus software does it's thing. There is currently an issue which is know to be out in the wild that is unlikely to get stopped and will compromise your machine.

Whilst we have fixed all our customers machines, you can do this yourself in 2 minutes.

If you don't feel comfortable doing this, we are happy to do this remotely for a small fee, but it is very simply and most people should be OK - aka this isn't a sales pitch

Press windows key and type cmd

It will popup “Command Prompt” and on the right say “Run as administrator”



Click that "Run as administrator" and then yes to confirm, a black box will pop up (the command line)

Copy and past the following

cd %userprofile%\documents


That will take you to your documents folder i.e. c:\users\darren\documents for example

Then copy / paste

reg export HKEY_CLASSES_ROOT\ms-msdt registrybackup.reg

This will backup the registry then, copy / paste

reg delete HKEY_CLASSES_ROOT\ms-msdt /f

That deletes the part you need gone - That's it!

The video showing this in action is here
https://www.youtube.com/watch?v=iRAnkHQUr2w

This is the Microsoft link that basically has the same thing as above but my method will put the backup in a sensible place
https://msrc-blog.microsoft.com/202...rosoft-support-diagnostic-tool-vulnerability/

You should watch the video and read the Microsoft website before doing anything so you understand what you are doing and why

Darren

 

[gpietersz]

Another zero day, and you have to do all that to stop it?

People say Linux is too hard to use and then put up with this? ?‍

I think its time software vendors had to face some liability, in some circumstances, for consequential losses. If you car crashes because of a design flaw in the brakes the manufacturer would be liable, but with software you can get away with just about anything.

 

[Deleted member 325090]

According to Microsoft (in the link you provided), they have already released a patch:

"On Tuesday June 14, 2022, Microsoft issued Windows updates to address this vulnerability."

Sounds to me that as long as people check for and install updates they should be ok. Or am I mistaken?

 

[Solve My Problem]

I think its time software vendors had to face some liability, in some circumstances, for consequential losses. If you car crashes because of a design flaw in the brakes the manufacturer would be liable, but with software you can get away with just about anything.

The problem is everything is so complex and teams of people are trying to find ways in constantly

 

[Solve My Problem]

According to Microsoft (in the link you provided), they have already released a patch:

"On Tuesday June 14, 2022, Microsoft issued Windows updates to address this vulnerability."

Sounds to me that as long as you check for and install updates and install them people should be ok. Or am I mistaken?

It all depends when the patches are downloaded and installed.

Don't click on bad Word docs is the easy answer but we have all lost focus at one time or another. It's how ransomware groups makes their millions!

 

[Deleted member 325090]

It all depends when the patches are downloaded and installed.

Don't click on bad Word docs is the easy answer but we have all lost focus at one time or another. It's how ransomware groups makes their millions!

Well given the patches were apparently released yesterday and this thread is posted today, then I'm guessing that anyone who reads this thread then does a windows update should be fine...unless I'm missing something obvious?

...the only gotcha I can think of is if there are tons of updates queued because you've not updated for months, just need to make sure that you keep updating until it says you're up to date.

 

[Solve My Problem]

The advice (from the security community) seems to be to run it and disable it anyway.

How many people skip updates as it's not convenient, won't happen to me etc..

I posted today as it's the first chance I have had to get on the forum.

 

[japancool]

Another zero day, and you have to do all that to stop it?

People say Linux is too hard to use and then put up with this? ?‍

I think its time software vendors had to face some liability, in some circumstances, for consequential losses. If you car crashes because of a design flaw in the brakes the manufacturer would be liable, but with software you can get away with just about anything.

The key (no pun intended) in those instructions is this bit:
reg delete HKEY_CLASSES_ROOT\ms-msdt /f

That actually disables the exploit. The rest of it just backs up the registry.

But as the patch is already out, you can just run Windows Update.

 

[gpietersz]

The problem is everything is so complex and teams of people are trying to find ways in constantly

I agree, but one of the problems is that its more complex (and therefore both less secure and less reliable) than it needs to be because features take a higher priority than security or reliability.

That is partly because buyers (an reviewers as their proxy) can assess the features of software fairly easily, but its much harder to assess security and reliability. In economic terms there is a huge information asymmetry and bad incentives.

 

[DontAsk]

More background here https://arstechnica.com/information...ws-has-been-under-active-exploit-for-7-weeks/

 

[forevergroup]

This was a zero-day vulnerability - two weeks ago ?

In case anyone is wondering, this vulnerability exploited Microsoft’s built-in troubleshooting tools - specifically the Microsoft Support Diagnostic Tool (MSDT) - allowing an attacker to compromise your PC… simply by you opening or even previewing a malicious office document.

As this issue was fixed in an update for Patch Tuesday this week, I would suggest that users disregard the manually registry editing and simply apply Windows Updates to-date on their machines.

I also believe that anyone using Microsoft Defender for Endpoint with attack surface reduction policies turned on (specifically the one that prevents office applications from launching child processes) would also have been protected.

Numerous other AV and email security solutions, especially those with sandboxing, have also come out to say that they would have blocked the threat. So it is worth investing in multiple security layers if you run a business.

Hope this additional information is of use.

 

[Nico Albrecht]

and every week Microsoft

Why so selective on Microsoft and a Zero day exploit that any decent AV would pick up on.

Apple comes to my mind who are poor at best securing their systems.

Checkm8te exploit is ongoing from ios 11 until 15.5 so almost 4 years and this is a very serious issue they haven't bothered patching for almost 5 years

Safari browser leaking all your phone data for more than 10 months after google told them 90 days into that issue it took them another year to fix it.

Apples Thunderbolt exploit which they can't fix either affecting all Apple machines 2016 - 2021.

Apple M1 chip has an 'unpatchable' security flaw great years of excitement to come for hackers.


What's the point to report a single incident on MS? It all comes down to setting up your own security! Fact

I wouldn't trust my builder or real estate agent to take care of my home security and buy updated security solutions such as better locks, CCTV and alarm system once I move in and have it maintained by 3rd party. Car, better alarm system, gps tracker etc....

Based on that my builder or real estate agent would be liable years down the line if somebody breaks in my house.

Same goes for any OS, you cant expect this can maintained free of charge forever or at speed you want.

 

[The Byre]

- allowing an attacker to compromise your PC… simply by you opening or even previewing a malicious office document.

Our house rules are -

1. Never open or go near any Office docs and delete any emails with Office attachments - Excel, Word, or anything like that.

2. Never put any documents or other data to be stored in the 'Documents' folder.

3. Backup to a separate HD.

 

[Kerwin]

Apple M1 chip has an 'unpatchable' security flaw great years of excitement to come for hackers.

You've made that sound much worse than it actually is. Intel had a similar thing with Meltdown and Spectre.

 

[gpietersz]

Never open or go near any Office docs and delete any emails with Office attachments - Excel, Word, or anything like that.

That sounds impractical. What do you do if someone emails you such an attachment?

 

[The Byre]

That sounds impractical. What do you do if someone emails you such an attachment?

Delete the email and tell them to convert to a PDF.

 

[gpietersz]

You've made that sound much worse than it actually is. Intel had a similar thing with Meltdown and Spectre.

Yes, but that does not mean hardware level security flaws are OK. It means the whole industry favours performance over security.

There are some things the rest of us can do to mitigate this (e.g. turn hyper-threading off) but we cannot do anything about things like exploits using speculative execution.

 

[Kerwin]

Yes, but that does not mean hardware level security flaws are OK. It means the whole industry favours performance over security.

There are some things the rest of us can do to mitigate this (e.g. turn hyper-threading off) but we cannot do anything about things like exploits using speculative execution.

Oh, I agree. Hardware problems are a big problem. I was just pointing out that it isn't just an Apple thing and that Intel had similar problems.

 

[gpietersz]

Why so selective on Microsoft and a Zero day exploit that any decent AV would pick up on.

I agree to some extent. Microsoft is somewhat paying the price for a reputation that stems from when its security was really shoddy.

I wouldn't trust my builder or real estate agent to take care of my home security and buy updated security solutions such as better locks, CCTV and alarm system once I move in and have it maintained by 3rd party.

You would expect your builder to build robust walls and properly attached doors and windows so an intruder cannot just walk in.

You should be able to expect your car remote unlock to be secure from things relatively simple attacks, and its difficult to get a third party fix when they are not secure, as has happened quite a bit:

Radio Attack Lets Hackers Steal 24 Different Car Models

German researchers show that the five-year-old vulnerability still exists in hundreds of thousands of vehicles on the road.

www.wired.com

Car Hacking – Manual Bypass of Modern Rolling Code Implementations

Introduction

labs.jumpsec.com

 

[fisicx]

That sounds impractical. What do you do if someone emails you such an attachment?

I tell them to use an online service where I can read the document or ask for a pdf.

 

[gpietersz]

If you don't have any capacity for self learning then you could always run windows on a virtual machine on linux.

If you want to go down that route its worth considering QubesOS. You can run multiple OSes, even an OS per application.

 

[gpietersz]

An OS per application...Iol

If you have lots of RAM (which is not expensive nowadays) then why not?

The UI handles it quite nicely: https://www.qubes-os.org/screenshots/

A lot of server installs (most) nowadays use some kind of VM on shared hardware - it might be a VPS or a container, and it might well be called something else: a "cloud server" or an "instance" or a "droplet" - but its still a VM or a container. Why not do the same on a desktop?

 

[gpietersz]

you mean multiple boot options right?

No I do not. I mean using VMs to run multiple operating systems simultaneously.

If you look at the screen shots I linked to above:

1. The name of the OS instance running the application in the window is shown the in square brackets in the titlebar. So the fourth one down (with Powerpoint open) shows two windows running in one Windows VM, and another in a different Windows VM.
2. The colour of the title bar tells you the type of VM - e.g. a permanent or temporary one, or the one running networking.

That's pretty much the norm (well, in my circle anyway)

Why? Its a lot more convenient to use VMs. Even without going to the extent Qubes does its easy to run multiple VMs.

Why would I want to shut down and reboot into another OS to use an application that I could use in the OS I was using?

Does my clarification above explain that its not what this does.

 

[fisicx]

I just turn on the windows pc when I need to do some work for a client and turn it off when I’m done. Don’t need anything cloudy, Azure, AWS buckets, a VM or anything more complicated than an internet connection. Just like the majority of people who use a PC. When you read about the problems people have it’s usually because they use all sorts of external applications. A bit like those using Adobe products which regularly fall over.

 

[gpietersz]

Don’t need anything cloudy, Azure, AWS buckets, a VM or anything more complicated than an internet connection.

Sorry, I do not get the relevance of this. Who was suggesting anything cloudy? Not me because I was talking about local VMs, running on your desktop as a security measure. I also suggested local VMs are better than multi boot.

I am the last person who would encourage people to use cloudy stuff, apart from small VPSs where the cost of a dedicated server is not justified.

It looks as though a lot of people are finding one or both of those concepts hard to grasp. Look at the link I posted, it is easier to understand if you see what if looks like.

I just turn on the windows pc when I need to do some work for a client and turn it off when I’m done.

What I do except I use Linux.

I am not going to use Qubes myself, but it is a much easier thing to set up (because Qubes sets it up for you) than the security hardening I prefer (using Linux containers to isolate apps).

 

[fisicx]

Sorry, I do not get the relevance of this. Who was suggesting anything cloudy? Not me because I was talking about local VMs, running on your desktop as a security measure. I also suggested local VMs are better than multi boot.

The chances of my Mum understand what this means is zero. There are lots of ways to do things - the problem is most people don't understand or care enough to want to change how they do things. Pretty much all ransomware begins with someone clicking on attachment or link in an email. You can protect yourself because you know how and would never open an email attachment or click on an unknown link. But a lot of people do. Even those in organisations with people trained on cybersecurity get regularly caught.

 

[fisicx]

What I do except I use Linux.

Not possible for me. The application the client requires me to use only runs in Windows.

There's a whole world of applications and processes out there still using old unsupported versions of windows. And I'm updating the manual for a machine that uses IE5 as an user interface. Because of the integration that's how it will always be until the machine is scrapped in about 20 years.

 

[Kerwin]

Not possible for me. The application the client requires me to use only runs in Windows.

Run Windows in a virtual machine on your Linux desktop. VirtualBox is a great choice. Free and easy to use.

 

[fisicx]

Run Windows in a virtual machine on your Linux desktop. VirtualBox is a great choice. Free and easy to use.

Why? What's the benefit to me to do this? The client pays for a license for an authoring application and is what I use about once a month to update their manuals. How will creating a linux desktop and running windows in a virtual machine make the current setup any better?

 

[Kerwin]

Why? What's the benefit to me to do this? The client pays for a license for an authoring application and is what I use about once a month to update their manuals. How will creating a linux desktop and running windows in a virtual machine make the current setup any better?

So you are not forced to use Windows all day every day simply to use a single application that you use once a month. Seems a bit weird to use Windows for a single application which you admit yourself you basically never use.

 

[gpietersz]

The chances of my Mum understand what this means is zero.

Qubes is not designed for your Mum. Its designed for people who want higher security. I mentioned it specifically because @bluemore suggested running Windows in a VM as a security measure and Qubes is the next logical step from that. If you understand VMs it is not hard to understand.

Run Windows in a virtual machine on your Linux desktop. VirtualBox is a great choice. Free and easy to use.

An especially good idea if, like @fisicx, you need to use old and unsupported versions of Windows or applications.

Virtual Box is nice because of the seamlessness. I think other VMs may have caught up with it though.

 

[fisicx]

So you are not forced to use Windows all day every day simply to use a single application that you use once a month. Seems a bit weird to use Windows for a single application which you admit yourself you basically never use.

The client pays very well and the laptop was a business expense. A very lucrative arrangement.

My point was that the number of windows users who need extra security is tiny compared to the millions who just use the OS as a means to access the internet.

Consider also the millions of business users in organisations whose desktops are locked down by their IT admins.

I agree you can use a local VM, install Linux and do all sorts of other things but for most users this isn’t practical, beneficial or even possible.

 

[Paul Kelly ICHYB]

There's a whole world of applications and processes out there still using old unsupported versions of windows.

Slightly off topic, but I remember only a couple years ago, many ATM's were running Windows XP - I wonder how that has changed?

 

[gpietersz]

A network card, keyboard, mouse (any peripheral) will be assigned to the VM in current use. How do you handle the swap and back again? How does it know what to grab and what to let go?

That is the problem Qubes solves. The host OS manages the windows, each guest OS can use these windows. You can cut and paste between them etc. so from the user point of view its seamless. One guest OS manages the network (to isolate security issues in the network stack) and presents the others with a virtual network interface.

You can do the seamless windows part of it using Virtualbox. I used to use it for testing websites a long time ago and it was quite nice to have an IE window open on a Linux desktop.

 

[gpietersz]

Slightly off topic, but I remember only a couple years ago, many ATM's were running Windows XP - I wonder how that has changed?

I doubt it. I know that until a few years ago there were still ATMs running OS/2

Generally upgrade cycles on things like that are slow. Hopefully it will not matter too much for ATMs because they should not be connected to the public internet.

 

[gpietersz]

The downside would be that if your user base are windows people they would have a massive learning curve.

You can run Windows under Qubes so the applications etc. remain the same.

From a business usage then this would be great and very secure if run as a main server for remote access (WFH)

There are other solutions for that.

For windows users then something like parrot OS would provide the same level of protection without the learning curve.

Parrot is more for security testing and it does not have the isolation that Qubes has.

Some of the new Linux cross distribution software sources (like Flatpak and Snap) provide some isolation but they are still not that mature and do not isolate as thoroughly as Qubes.

For Windows users I would say something like Mint with a Cinnamon or KDE desktop.

 

[anon328307]

People say Linux is too hard to use and then put up with this? ?‍

Linux is not ready for business machines, or mainstream users who work 9-5. Not by a long chalk. And of course, if it were, it would be targeted accordingly. Please don't peddle this nonsensical belief that Linux is somehow the oracle of OS perfection, it really isn't.

The inherent problem with ALL operating systems is their inability to deal with stupid.

 

[Kerwin]

Linux is not ready for business machines, or mainstream users who work 9-5. Not by a long chalk. And of course, if it were, it would be targeted accordingly. Please don't peddle this nonsensical belief that Linux is somehow the oracle of OS perfection, it really isn't.

The inherent problem with ALL operating systems is their inability to deal with stupid.

What about Linux means it isn't ready for business machines or mainstream users?

 

[anon328307]

What about Linux means it isn't ready for business machines or mainstream users?

If you need to ask, then maybe you aren't ready for it either

But here you go for starters -
Availability from enterprise vendors. Try buying in volume from suppliers. Windows is an OOTBE. Linux would invariably require some sort of technical intervention, not always, but a lot more than Windows.
Familiarity for the end user. Outages and downtime whilst users are trained and issues resolved.
Business software availability. The odds favour Windows far too much. Yes, I know you can get the equivalent, but then I take you to the point above where end users have to totally adjust to new working practices. Maybe I should have said the business isn't ready for Linux, because that is very much the case too. I'm a keen Linux user, and Mac, and Windows, so I'm not saying one is better than the other, but one clearly has an upper hand which is going to be be near impossible to overtake.
Here's an article from over 20 years ago.

Is Linux ready for the corporate desktop?

Desktop Linux has already taken hold in some niches, but with improvements in Windows compatibility and software management, the Linux Desktop is ready for prime time, says Ximian Inc. co-founder and Chief Technology Officer Miguel de Icaza.

www.computerworld.com

How much progression has been made since then? Have you noted any significant change? I haven't, and I have a client base of >2000.

 

[gpietersz]

Please don't peddle this nonsensical belief that Linux is somehow the oracle of OS perfection, it really isn't.

Did I say it was perfect? I said people say Linux is hard to use, but Windows so often seems to need mucking around with registry settings and the like. The major desktop Linux distros mostly just work.

Availability from enterprise vendors. Try buying in volume from suppliers. Windows is an OOTBE.

List of Linux adopters - Wikipedia

en.wikipedia.org

Linux is more of an OOTBE experience - default installs provide a lot more software.

You also have the option of using Linux with licences, and buying technical support separately or hiring to provide it in-house.

Linux would invariably require some sort of technical intervention, not always, but a lot more than Windows.

That was the point of my comment. It appears Windows needs urgent technical interventions and I have no idea why you think Linux would need more frequent interventions.

IMO Windows is fine for companies with with full time IT support and using tools for managing large numbers of desktops, but Linux is far easier to maintain for individuals and small businesses.

Familiarity for the end user. Outages and downtime whilst users are trained and issues resolved.

Most of that for the typical user is getting used to using Libre Office instead of MS Word. A lot of other systems are web based now so there is no difference.

It is true where there is complex specialist software that is only available for Windows that requires users to retrain to switch. Things like photo processing and CAD.

Have you noted any significant change?

In 20 years? A huge amount!

I have a client base of >2000.

Businesses or desktops? What sort of work do you do for them? How many are Linux and which distros?