Re: The (Windows) sky is falling! (again ...)

rslade · ‎05-16-2019

OK, lots and lots and lots of stories today about a (the?) MS Windows RDP bug/vulnerability/patch.

Yes, if you're running XP, Win 7, Win 2003, or Win Server 2008 you should definitely get patched. (I'm assuming that a lot of you are, and that's why Windows Update still hasn't rebooted my Win 10 machine this week ...) (Which begs the question of why people are still running XP, Win 2003, or Win Server 2008. Yes, I have been disappointed ever since I updated from Win 7 to Win 10, and this is the first time I've been somewhat relieved ...)

But why is everyone so panicked about it? Well, it's a remote execution bug, and it doesn't need a login. Therefore, it could (potentially) be used to create a worm. So far it doesn't seem that anyone has actually seen one, but it could be created. And, for users of XP, Win 7, Win 2003, or Win Server 2008 that would be bad.

Anybody you rely on run XP, Win 7, Win 2003, or Win Server 2008? ...

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Flyslinger2 · ‎05-16-2019

My customer has not approved the migration from 2K8 server to 2k16 or higher. We get dinged in IA audits and the response is "oh well". "I'm not given a budget to do a refresh so ..." It's a battle of the witless.

I patch as soon as I can and as often as I can.

denbesten · ‎05-16-2019

@rslade wrote:
Anybody you rely on run XP, Win 7, Win 2003, or Win Server 2008? ...

Device drivers for attached peripherals can be a huge limiting factor. Often times, they are prohibitively expensive or completely unavailable.

My wife's sewing machine is one example. The manufacturer wants much more ($500-1000) for the "upgrade" than the machine is worth. My solution was to remove the networking cable.

At work, our "limiting" peripherals tend to be things like industrial presses, milling machines, assembly lines and the like. The solution there will be network segregation with tight access controls.

dcontesti · ‎05-16-2019

@rslade wrote:
OK, lots and lots and lots of stories today about a (the?) MS Windows RDP bug/vulnerability/patch.

Yes, if you're running XP, Win 7, Win 2003, or Win Server 2008 you should definitely get patched.

And, for users of XP, Win 7, Win 2003, or Win Server 2008 that would be bad.

Anybody you rely on run XP, Win 7, Win 2003, or Win Server 2008? ...

Unfortunately in some environments, those systems exist and others (yes some older) either cannot be patched (some running real time apps) or are so old they are not supported but the application works.

So we rely on network separation or ACL's or firewalls or......any number of methods in an attempt to forestall these issues.

Oddly enough, it does not say there are any "in the wild" threats, just that there is a vulnerability that could become WANNACRY version TWO. Yes I know it's only a matter of time until someone writes that but when I see notes (Like I did today)....that say stop production and patch immediately.....I wonder.

Wonders out loud "Do you think that maybe Microsoft developers should learn how to code securely?????" Just saying....

d

`

AppDefects · ‎05-17-2019

XP is vulnerable! Nooooooo! Many hospitals and industrial control systems still depend upon it...

AppDefects · ‎05-17-2019

@dcontesti wrote:
Oddly enough, it does not say there are any "in the wild" threats, just that there is a vulnerability that
could become WANNACRY version TWO.

I think this is click bait, but if you wanted to spend $39 you could find out for sure.

CVE-2019-0708 PoC Exploit on Windows. Release tool exploit via C#, Python Script

dcontesti · ‎05-17-2019

@AppDefects wrote:
@dcontesti wrote:
Oddly enough, it does not say there are any "in the wild" threats, just that there is a vulnerability that
could become WANNACRY version TWO.
I think this is click bait, but if you wanted to spend $39 you could find out for sure.
CVE-2019-0708 PoC Exploit on Windows. Release tool exploit via C#, Python Script

My momma told me not to click on strange links....so no thanks.

CraginS · ‎05-17-2019

@denbesten wrote:...
My wife's sewing machine is one example. The manufacturer wants much more ($500-1000) for the "upgrade" than the machine is worth. My solution was to remove the networking cable.

Uh.... Why does a sewing machine need to be connected to the Internet?

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

AlecTrevelyan · ‎05-17-2019

@CraginS wrote

Uh.... Why does a sewing machine need to be connected to the Internet

So it can spool all of the forum threads! 😉

denbesten · ‎05-17-2019

@CraginS wrote:
@denbesten wrote:...
My wife's sewing machine is one example. The manufacturer wants much more ($500-1000) for the "upgrade" than the machine is worth. My solution was to remove the networking cable.
Uh.... Why does a sewing machine need to be connected to the Internet?

The sewing machine itself sews in two dimensions (x-y), much like a pen-plotter. It does things like embroidering logo shirts. "Programming" a design involves using a paint-like program on an attached PC to create a long series of "move here, stitch" commands. It is this attached PC that runs XP and had the Internet connection. Collectively, the program, the sewing machine driver and the anti-piracy dongle work only with XP.

So what was the "business need" for an Internet connection? Windows/app updates, downloading clip-art and emailing images for approval prior to stitching the design. When XP EOLed, air-gaping was the outcome of our risk analysis, primarily for reasons of ROI.