Posted on 02/23/2017 10:35:21 AM PST by dayglored
Critical update deals with five ways to do remote code execution on Windows
Microsoft's popped out a Security Update for Adobe Flash.
Adobe did likewise last week, celebrating hackers' love for Flash by releasing it on Valentine's Day. That dump addressed no fewer than 13 CVEs that allowed code execution due to:
Microsoft's now caught up, issuing the Update to fix the mess on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
The attack succeeds by poisoning a malicious website. There's a list of mitigations here, but the bottom line is that if you blacklist Flash a few websites will misbehave but your attack surface will shrink appreciably.
This update is not a delayed release for February's Patch Tuesday, which Microsoft has delayed due to problems doing the job right. Windows admins can expect a patch deluge come mid-March.
Windows Update will retrieve the patches if you've set it to do so, or you can get them here.
SO WHAT ABOUT US WINDOWS 7 USERS, AND SERVER 2008 R2 ADMINS ???
You compile for Windows RT 8.1 but not for 7 ???
What's so d@mn difficult about compiling for 7 and 2008 R2 ???
Oh, you don't like that people are still using those operating systems?
... that you promised you would support with security updates until JAN 2020 ????
IMO, Microsoft is acting like a spoiled child: "I hate Windows 7!! You have to switch to Windows 10!! 10!! 10!!"
Yeah, I'm grumpy. Apologies to any who are offended. :-)
Or perhaps someone with more time to research this can show me where the Flash vulnerabilities don’t apply to Windows 7. I kind of doubt that, though.
As far as MS is concerned, the sooner Win 7 dies, the better.
Servers shouldn’t be browsing websites with Flash enabled
Windows 7 is too old to be running on any machine you care about.
apparently it’s going to get to the point where windows 7 users will have to run it in a sandbox if they go online-
I would recommend that folks still using windows 7 to at least run RollBackRX- it’s ‘system restore’ on steroids- You can keep snapshots for years- I suppose one could set it to do a rollback after every day or so online too- rollback to a known good state-
RollBackRX restores everything- so viruses Trojans etc don’t stand a change- but be aware that it affects the boot sector (So that you can restore when booting from the boot rollback menu- there’ a desktop menu too- but if your computer won’t start windows, the boot menu will save your computer)- I ran it for many many years- never had an issue with it- did run into issues twice where somehow it lost the restore points- but that was in older versions of rollbackrx- the new version hasn’t done that yet- It’s an excellent program for worry free online computing- and now that windows 7 is reaching the end of support and updates- it will be a necessity if we wish to keep running windows 7
JUST NOTE though that it can’t be used on dual boot systems unfortunately- which i run now I’ve had to resort to hte straTegy below:
another route is use macrium reflect- purchase it so you can do incremental backups- but you’ll likely need a usb drive to store them on I have several internal hard-drives ready to go if something happens- I cloned a clean system with just a few programs and personal preferences set up, onto new HDD’s so i can just pop one in if something happens to current HDD-
Shame that we have to take such drastic measures just to run an operating system that we like-
huh? windows 7 has 3 years of support and upgrades left-
Dude. Breathe through your nose for a minute. Calm down.
Microsoft stopped supporting Win7 two years ago. Time to move on. Win7 is obsolete
Dude. Breathe through your nose for a minute. Calm down.
Microsoft stopped supporting Win7 two years ago. Time to move on. Win7 is obsolete
“WIN7 is probably the most stable and most secure of any of the WIN OSs.”
Obviously not according to this article.
That simply is not true.
Only for "feature" updates and enhancements.
Security updates are supposed to be available through Jan 14 2020.
Please take a minute and learn how to read Microsoft product lifecycle postings:
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Windows 7 is far from obsolete. And it still has the highest number of active Windows users, surpassing all other versions including 10. Yes, that will eventually change, but not for a few years.
... which was written by a source synchophantic to Microsoft's position that everyone should move to Windows 10. Just a little bit biased...
Microsoft is intentionally pulling the rug out from under Windows 7, but it's not because 7 is inherently bad, it's because they have more control over you when you use 10.
Windows 7 is the last Windows operating system worth using if you value having control of your data privacy. And even that will die off in a few years.
True, in general.
Unless your server is used to admin/manage other servers whose misbegotten application UIs require Flash to administer their applications. In which case you have to have Flash somewhere.
Sometimes you can dedicate a client machine to such purposes, but sometimes you need to use a server for other related applications and functions.
There is no escape from Flash until application vendors stop building their apps to require it.
> I thought flash died a decade ago...
It's the UNDEAD. I hate Flash with a passion but it's still unavoidable for certain applications.
A few weeks ago MS made a statement that Win7 can no longer be adequately secured with patches and updates. Frankly Win10 is much better, though it does have issues like some drivers and programs can jam installation or updates. The work around is to not reboot before using Msconfig to stop the loading of non MS startup items.
I would never even use a browser on Windows Server.
I agree, for web-at-large usage, but that's not what we're talking about here.
You're thinking of hitting sites outside your corporate LAN.
I'm talking about "browsing" to web applications UIs on applications servers within the same corporate LAN, which are written to require Flash, or Java, or something else, in the browser. Or possibly to VPN-connected remote applications.
If you're a system admin, or have had to act in that capacity, I'm sure you know what I'm talking about.
“If you’re a system admin”
Them’s fighting words.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.