boot13A new version of WordPress repairs six vulnerabilities in earlier versions. Most WordPress sites are configured to automatically update themselves, but if you manage any WordPress sites, you should make sure they’re all up to date.
All posts by jrivett
WannaCrypt variants infecting systems worldwide
The accidental stifling of WannaCrypt’s spread was too good to last, apparently. New versions of the ransomware — unaffected by the serendipitous domain registration of a security researcher — are now making their way around the world. You can even watch the malware spread using MalwareTech’s WannaCrypt live feed.
Our advice remains the same: make sure all your Windows computers have the relevant updates installed, including Windows XP. Microsoft’s Customer Guidance for WannaCrypt attacks is a good place to start; there are links to the updates at the bottom of that page. For more information about the exploit used by WannaCrypt, see Microsoft’s MS17-010 bulletin from March 14.
SANS has a good summary of the technical aspects of WannaCrypt.
Update 2017May16: There’s plenty of blame to go around for this mess. Microsoft is being criticized for abandoning Windows XP when it’s still widely used. Meanwhile, Microsoft is blaming the NSA’s vulnerability hoarding.
Vivaldi 1.9.818.49
The release notes for Vivaldi are getting harder to find on the browser’s web site, but they are still being updated. The release notes for Vivaldi 1.9.818.49, which was released on May 10, show that this version fixes a few bugs that showed up after Vivaldi 1.9 was released in late April.
The release announcement for Vivaldi 1.9.818.49 just echoes what’s in the release notes.
WannaCrypt ransomware: Microsoft issues updates for unsupported Windows
Ransomware known as WannaCrypt (aka WCry, WannaCry) has already crippled as many as 75,000 unpatched Windows computers in Europe and Asia. So far it hasn’t done much damage in North America, but that could change quickly.
The flaw WannaCrypt uses to infect Windows computers was patched by Microsoft in March, but unpatched computers and those running unsupported versions of Windows were left unprotected.
Microsoft has long since stopped releasing security updates for Windows XP, but WannaCrypt is spreading quickly, and Windows XP computers are essentially defenseless against it. So Microsoft has taken the unprecedented step of publicly releasing an update that protects Windows XP computers from the flaw that WannaCrypt uses to spread.
If you manage any computers that run Windows XP, you should install the update immediately: download update for 32-bit Windows XP Service Pack 3. There’s more information about this from Microsoft.
Techdirt points out that the flaw WannaCrypt exploits was exposed in the recent NSA tool leaks. Which is exactly the problem when security organizations hoard flaws instead of reporting them responsibly.
Update 2017May14: Apparently a security researcher at MalwareTech registered a (previously unregistered) domain used by WannaCrypt as part of his investigation into the ransomware. This is standard practice, because it often allows researchers to gain a better understanding of their subject. Surprisingly, this move stopped WannaCrypt from doing any further damage.
Opera 45: user interface and ad-blocking improvements
Though it’s not mentioned until close to the end of the page, a recent announcement on the Opera blog entitled ‘Opera is Reborn‘ is actually about a specific new version of the browser: 45.
Opera 45 includes numerous changes to the user interface, mostly related to aesthetics: colours, backgrounds, icons, and animation. The integrated ad-blocker now reloads pages automatically when ad blocking is switched on and off. Social messaging software (Facebook Messenger, WhatsApp and Telegram) is now integrated into the sidebar. Video performance is improved slightly on some hardware. And you’ll now see warnings below password and credit card fields on web sites that don’t support encryption.
Many of Opera 45’s changes come from the experimental browser Neon, which Opera released a few months ago to test some ideas and elicit user feedback.
You can peruse the full change log for more information. That log includes changes to development and pre-release versions as well.
Don’t use Edge to print or create PDF files
A bizarre bug in Microsoft’s Edge web browser is baffling users. Depending on the selected printer and other factors, attempting to print a PDF file, or use Edge’s ‘Print to PDF’ function, will cause random changes in the output. The changes are difficult to detect: we’re not talking about the usual kind of printer garbage. For example, users are reporting shifted cell numbers, added words and symbols, and substitution of words and characters.
If you’re printing invitations to a neighbourhood barbecue, this issue is unlikely to cause any serious problems, but what if you’re printing legal, medical, or architectural documents?
Microsoft hasn’t said much about this yet, but according to at least one bug report, they are at least aware of the problem. Which is good, because Microsoft just announced that Windows 10 is running on 500 million devices; Edge is the default browser on all those devices, and Print to PDF is the default printer on many.
My advice? If you use Windows 10, don’t use Edge at all if you can avoid it: try Firefox or Chrome. If you must use Edge, use a different PDF reader to view and print PDF files. Adobe’s Reader is free and actually works as expected.
Chrome 58.0.3029.110
The change log for Chrome 58.0.3029.110 contains forty-four items, mostly minor bug fixes. Nothing related to security.
Flash 25.0.0.171
Adobe’s software updates for April include Flash 25.0.0.171, which fixes seven security issues in previous versions. If Flash is enabled in your web browser, you should visit the official Flash About page to check its version and update if it’s not current.
As usual, Chrome will update itself with the latest Flash, and Internet Explorer and Edge get their new Flash via Windows Update.
Patch Tuesday for May 2017
Well, I was right. The announcement for May’s Patch Tuesday has almost exactly the same wording as last month’s. That’s because neither contains any useful information. No, it’s back to the new Security Update Guide, at least if you want to know what Microsoft wants to do to your computer this month.
According to my analysis of this month’s update information in the SUG, there are fifty distinct bulletins, affecting Flash, Internet Explorer, Edge, .NET, Office, and Windows. A total of fifty-six vulnerabilities are addressed. Fifteen of the vulnerabilities are categorized as Critical.
Today Microsoft also issued three advisories:
- Microsoft Security Advisory 4022345: Identifying and correcting failure of Windows Update client to receive updates
- Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
- Microsoft Security Advisory 4010323: Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
Vulnerability in Microsoft’s anti-malware software
All of Microsoft’s anti-malware software is based on a common core: MsMpEng, the Malware Protection service. That includes Microsoft Security Essentials, System Centre Endpoint Protection, and Windows Defender. If your PC is running Windows, there’s a good chance that MsMpEng is running as well.
Which is bad, because Google’s Project Zero just discovered a vulnerability in Microsoft’s anti-malware engine that has the potential to provide almost unlimited access to any computer running MsMpEng. The vulnerability can be exploited in various ways, including via specially-crafted email that can do its damage without even being opened.
Project Zero’s analysis includes a proof of concept, and shows that the vulnerable component of MsMpEng is nscript, which analyzes any file or activity that appears to be Javascript.
I just checked my Windows 8.1 test PC, and although Windows Defender is disabled, MpMpEng is running, describing itself as ‘Antimalware Service Executable’. On my Windows 7 test PC, I’ve installed Avast, which was supposed to have disabled Microsoft’s software; but again I see that MsMpEng is running.
If Windows Defender is disabled, why is MsMpEng running? If it’s disabled, is the computer still vulnerable to this exploit? I’d like to think that even though MsMpEng is running, it’s not actively analyzing file and network activity, in which case the vulnerability would be mitigated. But it’s difficult to know for sure.
In any case, Microsoft has issued an update, and since all of their various anti-malware offerings update themselves automatically, most Windows systems may already have the necessary fix in place. You can find out by checking your software’s ‘About’ information. For example, if you’re running Windows Defender for Windows 8.1, double-click the blue shield icon to open its interface, then click the small triangle next to Help and select About. In the About dialog, look for Engine Version; if it’s 1.1.13704.0 or later, it’s up to date.
Report from Ars Technica.