15 Jul 2020

Patch Tuesday: Microsoft fixes 123 bugs in July 2020 update

Microsoft has once again issued another large Patch Tuesday update, addressing a total of 123 vulnerabilities, including 18 critical vulnerabilities in Hyper-V, DNS Server, PerformancePoint, SharePoint Server, Office, Outlook and Remote Desktop. The update includes an unusually high number of remote code execution exploits that will keep both security teams and cyber criminals busy for days.

Bottom of Form

As already reported by Computer Weekly, probably the most serious vulnerability is CVE-2020-1350 or SigRed, a wormable remote code execution vulnerability in Windows DNS Server, which is exceptionally dangerous.

Chris Hass, director of information security and research at Automox, described SigRed as an “attacker’s dream”.

“An unauthenticated hacker could send specially crafted packets to the vulnerable Windows DNS Server to exploit the machine, allowing for arbitrary code to be run in the context of the Local System account,” he said. “Not only will the attacker have full control of the system, but they will also be able to leverage the server as a distribution point, allowing the attacker to spread malware between systems without any user interaction.

“This wormable capability adds a whole other layer of severity and impact, allowing malware authors to write ransomware similar to notable wormable malware such as WannaCry and NotPetya,” said Hass.

To make matters worse, Microsoft has said the exploitation of this vulnerability is more likely, and if for some reason the patch cannot be applied right away, it will inevitably be exploited in the near future.

Redmond has provided a Windows Registry setting workaround that according to Rapid7’s Richard Tsang, effectively drops TCP-based DNS response packets exceeding 65,270 bytes without reporting an error. “It’s recommended that if patching cycles are slow, that the workaround be applied earlier. The workaround does not need to be removed prior to patching, although it would be worthwhile to undo the workaround after patching,” said Tsang.

Automox’s Hass said that while DNS was a critical service and taking it down to apply patches would heavily impact productivity, the alternative was leaving yourself open to a devastating cyber attack.

“With ransomware attacks continuing to rise during the Covid-19 pandemic, this wormable vulnerability could be just what attackers needed to fully compromise an organisation; this patch is not one to sleep on,” he said.

“We expect to see exploits for this particular vulnerability emerge in the next week – potentially faster, and that it will be widely exploited. The vulnerability only requires that the server make a request to another malicious server, so this will affect most organisations running Microsoft’s DNS server,” said Jonathan Cran, head of research at Kenna Security.

“In short, patch this high-risk vulnerability now. Applying the patch or implementing the mitigation provided by Microsoft and rebooting is the best guidance we have available at this time.”

Other remote code execution vulnerabilities patched this month include CVEs 2020-1147, -1421, and -1403, which affect Windows .NET framework, LNK and VBScript respectively, all highly common services amongst Windows operating services. This commonality means that adversaries could have the ability to launch an attack that is very broad in its scope.

Downtime expected

Jay Goodman, strategic product marketing manager at Automox, said the latest patch would further strain VPN infrastructure and warned that many organisations would likely see some downtime from on-premise patch management tools buckling under the pressure.

“VPNs are not designed to extend the IT perimeter and with a large number of remote employees and devices, we are facing a situation where there is no functional perimeter for your organisation,” he said.

“Some organisations are attempting to quickly address this by expanding their VPN capacities, but doubling down on VPN and legacy on-premise endpoint management solutions would be a knee-jerk reaction that does not take into consideration the long term cost efficiencies of embracing a digital transformation to the cloud.”

Other suppliers dropping their latest patches this week include Oracle, Adobe and Google, according to Ivanti senior product manager Todd Schell.

“Oracle Java SE is going to resolve 11 vulnerabilities all of which are remotely exploitable without authentication. Highest CVSS v3.1 base score is 8.3. Fusion Middleware is resolving 53 CVEs, 49 of which may be remotely exploited without authentication. Highest CVSS v3.1 base score is 9.8. MySQL is resolving 40 vulnerabilities, six of which may be remotely exploited without authentication. Highest CVSS v3.1 base score is 9.8,” he said.

“Adobe released five bulletins today, but only one included a critical vulnerability. Adobe Creative Cloud Desktop Application resolved four CVEs including CVE-2020-9682, which was rated as critical. Flash Player did release today, but no CVEs were reported in this release.

“Google also decided to join the party with a Google Chrome update resolving 38 vulnerabilities including at least one critical and many high CVEs,” said Schell. “From a third-party perspective, you should look to update Chrome and Java as high priority items this month.”

Share this
10 Feb 2020

How to fix search problems in Windows 10

On Windows 10, Windows Search is an essential feature that allows you to find virtually anything on your computer (such as documents, pictures, videos, system files, apps, emails, and settings) very quickly. Also, thanks to its integration with Bing search, you can use the feature for quick access to web pages and answers to common questions from the result preview.

Volume 0%

Although search is a useful functionality that we take for granted every day, it’ll come the time when it’ll stop working as intended. For example, sometimes, search queries will show none or incomplete results. The search box in the taskbar will turn unresponsive or won’t open at all, and more.

Whatever the reason it may be, if you’re having problems with Windows Search on Windows 10, there are several troubleshooting steps you can follow to resolve the most common issues, including when your device received a buggy update that breaks the experience.

Remove Bing from Windows 10 Search

In light of the recent Windows 10 Search issues where nothing is displayed in the bar or window, many have found a fix by disabling Bing integration. This does require working with RegEdit, so doing a backup of both your PC and its registry are recommended.

Once you’ve performed any necessary backups, run through these steps to get local Search working again. Web results will not display while Bing is disabled. Multiple people here at Windows Central have performed the same steps with success.

  1. Hit the Windows Key + R shortcut on your keyboard.
  2. Type regedit and hit Enter on your keyboard.
  3. Double-click HKEY_CURRENT_USER.
  4. Double-click SOFTWARE.

Source: Windows Central

  • Double-click Microsoft.
  • Double-click Windows.

Source: Windows Central

  • Double-click CurrentVersion.
  • Double-click Search.

Source: Windows Central

  • Right-click the right pane of the RegEdit window to bring up the menu.
  • Click New.

Source: Windows Central

  1. Click D-WORD (32-bit) Value.
  2. Type BingSearchEnabled and hit Enter on your keyboard.

Source: Windows Central

  1. Double-click the BingSearchEnabled entry you just created.
  2. Type 0 in the Value data field. (It should already be 0 but make sure).

Source: Windows Central

  1. Click OK.
  2. Double-click CortanaConsent.

Source: Windows Central

  1. Type 0 in the data field.
  2. Click OK.
  3. Restart your PC.

This should bring Windows 10 Search back online, at least with local results. This is a temporary fix while Microsoft addresses the core root of the problem, and it’s recommended that users undo the changes once Search is working again as intended.

To undo the process above, repeat steps 13 and 14, but type a 1 in the BingSearchEnabled data field to re-enable Bing. The same can be done for steps 16 and 17, with a 1 in the CortanaConsent data field. Restart your PC and you should be back where you started.

Share this
31 Dec 2019

© 2020 CSL Data Services Ltd. All rights reserved.

Click Me