Language Selection

English French German Italian Portuguese Spanish

Hack Brief: Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug

Filed under
Microsoft
Security

Since WannaCry and NotPetya struck the internet just over three years ago, the security industry has scrutinized every new Windows bug that could be used to create a similar world-shaking worm. Now one potentially "wormable" vulnerability—meaning an attack can spread from one machine to another with no human interaction—has appeared in Microsoft's implementation of the domain name system protocol, one of the fundamental building blocks of the internet.

As part of its Patch Tuesday batch of software updates, Microsoft today released a fix for a bug discovered by Israeli security firm Check Point, which the company's researchers have named SigRed. The SigRed bug exploits Windows DNS, one of the most popular kinds of DNS software that translates domain names into IP addresses. Windows DNS runs on the DNS servers of practically every small and medium-sized organization around the world. The bug, Check Point says, has existed in that software for a remarkable 17 years.

Read more

Patch your Windows 10 now to fix 17-year-old DNS flaw

  • Patch your Windows 10 now to fix 17-year-old DNS flaw

    Microsoft released a patch this week that fixes a long-lived bug relating to how Windows handles DNS. The patch has apparently been around in Windows for 17 years, according to Wired. The patch is available now, so don’t wait to download it.

    The bug, found by Israeli security firm Check Point, is a big one. Microsoft and Check Point rate the bug as a critical flaw and it scores a 10 out of 10 on the “common vulnerability scoring system” or CVSS. This bug is particularly insidious, as that score indicates. The flaw, called SigRed, can exploit the Windows DNS Security Extensions, which help out with DNS authentication, without any action taken by the target user.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Leftovers: LibreOffice, GNU Projects

  • [Haiku] July 2020 Activity Report

    Welcome to the July, 2020 Activity Report for the Haiku project!

    This report covers hrev54370 through hrev54484.

  • Neo Colibre for Maximum Productivity

    Having fun everyone. I wish you are all doing good in this tough time. It was Adolfo who complaint about Colibre's failure to accomplish WCAG contrast guideline. He said the colors are too faint and everything looks washed out. Furthermore, MS Office 365 has since moved those colors to a brand new monoline style iconography. See this bug report for details So I took the chance to update this Windows default icon theme. Luckily, the icon theme comes with SVG version, I can easily use bash script to automate a neccessary color conversion, and take the rest manually. In one month, I finally managed to finish this "Neo" Colibre. Hopefully this will benefit the largest LibreOffice user platform (approximately more than ~80%).

  • Simulated Animation Effects Week#9

    Last week I’ve started by working on support for Custom Shapes. At first I didn’t how could I get the related geometry information about Custom Shapes. Upon asking on IRC, mst (Micheal Stahl) directed me to SdrObject class. Inspecting this class, found out a child of it that handles Custom Shapes called SdrObjCustomShape had a function SdrObjCustomShape::GetLineGeometry was returning exactly what I’ve wanted in the first place a B2DPolyPolygon! So I went ahead and created an implementation that if the shape type is CustomShape, it got corresponding SdrObject using it’s XShape and casted the SdrObject* to an SdrObjCustomShape* and got the B2DPolyPolygon from that. Then it triangulated this polygon using basegfx::triangulator::triangulate, and added resulting collection of triangles to a box2d body.

  • Best Photoshop alternatives 2020

    GIMP boasts a huge number of features and functions that rival Photoshop. There’s also a huge community of developers and artists who have created a wide array of plugins, making this a highly adaptable program. If you desire a specific feature, there’s probably an add-on for it. 

  •        
  • AMD HSA Offloading Support Dropped From The GCC Compiler

    There didn't appear to be much usage ever out of the AMD HSA (Heterogeneous System Architecture) support within the GCC compiler and hadn't been maintained in a while so now has been wiped out of the GNU Compiler Collection.

  • Mike Blumenkrantz: Another Minor Annoyance

    Once more going way out of order since it’s fresh in my mind, today will be a brief look at gl_InstanceID and a problem I found there while hooking up ARB_base_instance. gl_InstanceID is an input for vertex shaders which provides the current instance being processed by the shader. It has a range of [0, instanceCount], and this breaks the heck out of Vulkan.

Debian and Ubuntu: DebCamp/DebConfs, Advantech, Web Team and Ubuntu Weekly Newsletter

  • DebConf5

    This was one of my most favorite DebConfs (though I basically loved them all) and I'm not really sure why, I guess it's because of the kind of community at the event. We stayed in some future dorms of the universtity, which were to be first used by some European athletics chamopionship and which we could use even before that, guests zero. Being in Finland there were of course saunas in the dorms, which we frequently used and greatly enjoyed. Still, one day we had to go on a trip to another sauna in the forest, because of course you cannot visit Finland and only see one sauna. Or at least, you should not. Another aspect which increased community bonding was that we had to authenticate using 802.10 (IIRC, please correct me) which was an authentication standard mostly used for wireless but which also works for wired ethernet, except that not many had used it on Linux before. Thus quite some related bugs were fixed in the first days of DebCamp...

  • Advantech releases EPC-C301 for machine vision applications with Ubuntu 18.04 LTS

    Advantech, a leading global provider of intelligent IoT systems and embedded platforms, is pleased to announce EPC-C301, a compact fanless box PC powered by 8th Gen. Intel® Core™ processor. This system features diverse domain-focused I/O and can operate in broad temperature ranges. EPC-C301 integrates Intel® and Canonical technologies, provides Ubuntu and OpenVINO toolkits, and is aimed at accelerating the advancement of AIoT. This powerful system is an excellent choice for machine vision applications, such as automated optical inspection (AOI), and automated plate number recognition (APNR).

  • Design and Web team summary – 4th August 2020

    The web team here at Canonical run two week iterations. Here are some of the highlights of our completed work from this iteration. [...] I started writing code sometime around 1993 with Qbasic, dabbled in some C, C++, before ultimately ending up working with the various components of the web stack and working with PHP, Perl, Python, Go, Javascript. Day to day I’m working with Juju, JAAS and building the Juju Dashboard. Outside of a computer, I enjoy being outside and snow, wake and kiteboarding.

  • Ubuntu Weekly Newsletter Issue 642

    Welcome to the Ubuntu Weekly Newsletter, Issue 642 for the week of July 26 – August 1, 2020. The full version of this issue is available here.

Hardware Freedom: 3D Printing, RasPi and RPi CM3 Module

  • Can 3D Printing Really Solve PPE Shortage in COVID-19 Crisis? The Myth, and The Facts!

    Amid COVID-19 crisis, we see severe shortage of Personal Protective Equipment (PPE) worldwide, to the point that a strict organization like FDA is making exceptions for PPE usage, and there are volunteer effors to try to alleviate this shortage like GetUsPPE. Also, Centers for Disease Control and Prevention (CDC) provides an Excel spreadsheet file to help calculate the PPE Burn Rate. There are many blog posts, video tutorials, and guides that teach people how to print their face shields and masks.

  • Raspberry Pi won’t let your watched pot boil
  • Growing fresh veggies with Rpi and Mender

    Some time ago my wife and I decided to teach our kids how to grow plants. We both have experience as we were raised in small towns where it was common to own a piece of land where you could plant home-grown fresh veggies. The upbringing of our kids is very different compared to ours, and we realized we never showed our kids how to grow our own veggies. We wanted them to learn and to understand that “the vegetables do not grow on the shop-shelf”, and that there is work (and fun) involved to grow those. The fact that we are gone for most of the summer and to start our own garden just to see it die when we returned seemed to be pointless. This was a challenge. Luckily, me being a hands-on engineer I promised my wife to take care of it. There were two options: we could buy something that will water our plants when we are gone, or I could do it myself (with a little help from our kids). Obviously I chose the more fun solution…

  • Comfile Launches 15-inch Industrial Raspberry Pi Touch Panel PC Powered by RPi CM3 Module

    Three years ago, we noted Comfile has made 7-inch and 10.2-inch touch panel PC’s powered by Raspberry Pi 3 Compute Module. The company has recently introduced a new model with a very similar design except for a larger 15-inch touchscreen display with 1024×768 resolution. ComfilePi CPi-A150WR 15-inch industrial Raspberry Pi touch panel PC still features the CM3 module, and the same ports including Ethernet, USB ports, RS232, RS485, and I2C interfaces accessible via terminal blocks, and a 40-pin I/O header.

Programming: Vala, Perl and Python

  • Excellent Free Tutorials to Learn Vala

    Vala is an object-oriented programming language with a self-hosting compiler that generates C code and uses the GObject system. Vala combines the high-level build-time performance of scripting languages with the run-time performance of low-level programming languages. Vala is syntactically similar to C# and includes notable features such as anonymous functions, signals, properties, generics, assisted memory management, exception handling, type inference, and foreach statements. Its developers, Jürg Billeter and Raffaele Sandrini, wanted to bring these features to the plain C runtime with little overhead and no special runtime support by targeting the GObject object system. Rather than compiling directly to machine code or assembly language, it compiles to a lower-level intermediate language. It source-to-source compiles to C, which is then compiled with a C compiler for a given platform, such as GCC. Did you always want to write GTK+ or GNOME programs, but hate C with a passion? Learn Vala with these free tutorials! Vala is published under the GNU Lesser General Public License v2.1+.

  • Supporting Perl-related creators via Patreon

    Yesterday I posted about this in the Perl Weekly newsletter and both Mohammad and myself got 10 new supporters. This is awesome. There are not many ways to express the fact that you really value the work of someone. You can send them postcards or thank-you notes, but when was the last time you remembered to do that? Right, I also keep forgetting to thank the people who create all the free and awesome stuff I use. Giving money as a way to express your thanks is frowned upon by many people, but trust me, the people who open an account on Patreon to make it easy to donate them money will appreciate it. In any case it is way better than not saying anything.

  • 2020.31 TwentyTwenty

    JJ Merelo kicked off the special 20-day Advent Blog cycle in honour of the publication of the first RFC that would lay the foundation for the Raku Programming Language as we now know it. After that, 3 blog posts got already published:

  • Supporting The Full Lifecycle Of Machine Learning Projects With Metaflow

    Netflix uses machine learning to power every aspect of their business. To do this effectively they have had to build extensive expertise and tooling to support their engineers. In this episode Savin Goyal discusses the work that he and his team are doing on the open source machine learning operations platform Metaflow. He shares the inspiration for building an opinionated framework for the full lifecycle of machine learning projects, how it is implemented, and how they have designed it to be extensible to allow for easy adoption by users inside and outside of Netflix. This was a great conversation about the challenges of building machine learning projects and the work being done to make it more achievable.

  • Django 3.1 Released

    The Django team is happy to announce the release of Django 3.1.

  • Awesome Python Applications: buku

    buku: Browser-independent bookmark manager with CLI and web server frontends, with integrations for browsers, cloud-based bookmark managers, and emacs.

  • PSF GSoC students blogs: Week 9 Check-in