Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Windows 10 Anniversary Update crushed exploits without need of patches (Good news about Win10!)
The Register ^ | jan 16, 2017 | Darren Pauli

Posted on 01/17/2017 9:11:01 PM PST by dayglored

Microsoft security boffins throw fresh CVEs at unpatched OS, emerge smiling

Microsoft says its Windows 10 Anniversary Update squashes more exploit delivery chains than ever.

The August updates brought in a series of operating system security improvements including boosts to Windows Defender and use of AppContainer, designed to raise the difficulty of having zero day exploits execute on patched systems.

Redmond's security team tested its exploit mitigations against two kernel-level then zero-day exploits (CVE-2016-7255, CVE-2016-7256) used by active hacking groups that offer privilege escalation.

They find, in a technical analysis designed to stress test the resilience of Windows 10, that the bugs were neutered on Anniversary Update machines even before it issued the respective November patch thanks to the exploit mitigation controls.

"Because it takes time to hunt for vulnerabilities and it is virtually impossible to find all of them, such security enhancements can be critical in preventing attacks based on zero-day exploits," the team says.

"While fixing a single-point vulnerability helps neutralize a specific bug, Microsoft security teams continue to look into opportunities to introduce more and more mitigation techniques.

"Such mitigation techniques can break exploit methods, providing a medium-term tactical benefit, or close entire classes of vulnerabilities for long-term strategic impact."

The team points to the benefits of easy and complex mitigations including simple changes against RW primitives that trigger harmless blue screens of death errors.

Pushing font-parsing code to isolated containers under improvements to AppContainer and additional validation for font file parsing significantly reduced the ability to use font bugs for privilege escalation, the team says.

That shut the door on one South Korean hacking group which used CVE-2016-7256 in small but targeted attacks in the nation.

"Windows 10 Anniversary Update introduced many other mitigation techniques in core Windows components and the Microsoft Edge browser, helping protect customers from entire classes of exploits for very recent and even undisclosed vulnerabilities," the team says.

The updates follow Microsoft's decision to delay the axing of the lauded enhanced mitigation toolkit to 31 July next year.

That move sparked the ire of Carnegie Mellon University CERT boffin Will Dormann who says the toolkit significantly improved the exploit mitigation chops of Windows 10 and should be maintained, not dropped.

[more at the article link]


TOPICS: Business/Economy; Computers/Internet; Hobbies
KEYWORDS: anniversaryupdate; microsoft; patches; windows; windows10; windowspinglist
Navigation: use the links below to view more comments.
first previous 1-2021-4041-60 next last
To: SandwicheGuy

Yup, reminds me of people who still want to stay with MS outlook for email, when web mail is easier, more reliable and mail can’t be lost when a HD crashes. Like you said, they’re just Luddites who are afraid to adapt to newer ideas and tech.


21 posted on 01/18/2017 2:29:44 AM PST by Bullish (May as well just rename Hollywood---> Hypocrite city)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Bullish

I have “Professional”. I put that in quotes because it’s anything but.

When you first upgrade/install, it immediately starts downloading apps. Games especially irk me, but also other apps that Microsoft thinks you should have.

The Store, which is responsible for this, can’t be accessed using Edge as an administrator, which is how the first account is set up, unless you make a security policy edit. Of course, Cortana doesn’t come preinstalled with the Windows products included in the install, so you can’t find the policy editor unless you go to a command line or wait for it to build a search database from scratch.

When you try to uninstall these apps one of three things happens. One is you can’t uninstall them because Microsoft decided so - there’s no uninstall option. Two, is the app gets removed from your start menu on the current profile, but it’s still on the computer, waiting to be installed on the next unfortunate user who creates an account. Three, you get taken to the old “Programs and Features” menu as if you could uninstall the program there, except it isn’t listed, so you still can’t.

Once you do figure how to turn off this wonderful automatic “feature” and uninstall all this crap, the next update, Microsoft puts it all back and negates your settings so the process starts all over again.

Originally you could disable all this in Professional, but Microsoft changed their minds and now you can only do it by upgrading to Enterprise. This makes Professional into basically a consumer-level product that happens to be able to attach to a domain, where formerly Professional was the small-to-medium size business product.

But wait, you can’t upgrade from Professional to Enterprise unless your Professional was a Volume License copy. So when you got your “free” update from Win 7 or Win 8 Pro that came on the computer you bought to Win 10 Pro, it cost you having a Professional quality OS and you were downgraded essentially to a consumer product after the fact. Now you can only “upgrade” by purchasing the full cost retail Win 10 Enterprise product under a VLSC. With a lot of vendors (Dell), you can’t buy the PC without the OS easily and you also can’t buy Enterprise, so you’re stuck paying for a bundled OS that you can’t upgrade to what you actually need and end up buying twice.


22 posted on 01/18/2017 3:48:54 AM PST by chrisser
[ Post Reply | Private Reply | To 6 | View Replies]

To: SandwicheGuy

Small correction SandwichGuy. Windows ME was the last DOS based OS from Microsoft. All others are based on NT and support the NTFS File System. The progression is confusing since MS adopted Windows as the primary moniker for NT as well as the DOS Based earlier windows OS’s.


23 posted on 01/18/2017 4:17:02 AM PST by Woodman
[ Post Reply | Private Reply | To 20 | View Replies]

To: Woodman

Absolutely right, thanks for putting the facts right. Windows ME, that is a blast from the past. I would not use it... Only MS OS that I couldn’t live with.


24 posted on 01/18/2017 4:57:19 AM PST by SandwicheGuy (*The butter acts as a lubricant and speeds up the CPU)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Bullish

The problem with Windows 10 is the Telemetry spy ware.

http://www.digitalpete.com/Remove-Microsoft-Telemetry-Keyloggers-and-Spyware-from-Windows-10.html

http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html

http://www.zdnet.com/article/is-windows-10-telemetry-a-threat-to-your-personal-privacy/

Get rid of that and you would have a good system.

With it, and you may as well have the doors to your house wide open, day and night through out the year.


25 posted on 01/18/2017 5:14:47 AM PST by Flavious_Maximus
[ Post Reply | Private Reply | To 18 | View Replies]

To: Flavious_Maximus

I’ve been using Spybot AntiBeacon to tweak the privacy settings on the Win-10 boxes I set up: https://www.safer-networking.org/spybot-anti-beacon/

I’ll give the DoNotSpy a try on one of my VM’s and see if I can determine which one is the most comprehensive.

Thanks for the links!


26 posted on 01/18/2017 8:45:49 AM PST by rockrr (Everything is different now...)
[ Post Reply | Private Reply | To 25 | View Replies]

To: SandwicheGuy

Way to make it personal Windows troll.

Maybe my whole family who have worked years in the industry are also Luddites?

My wife teaches tech at one of the universities here in northern Calif

my youngest daughter is a software writer in Silicone Valley.

my youngest son is a programmer on the East Coast

My brothers son was a military hacker now works private

My sisters son has over 60 programmers that work for him (worked for MS for years and left)

I started programming in 1969

And it’s not like we don’t know others in the industry who disagree

We all think Windows 10 is a piece of junk (compared to any of its earlier versions)

sure there are some who like it because it works for what they do. Good.

I don’t call them luditties but I will trash Windows 10 and the horrible job they do with updates and support.


27 posted on 01/18/2017 9:33:06 AM PST by jcon40
[ Post Reply | Private Reply | To 14 | View Replies]

To: SandwicheGuy

[[Those bitter clingers not willing to let go of their Lotus Notes and such, well, the Model A was a good car but no one drives on cross country.]]

True- thankfully windows 7 isn’t anywhere near as antiquated as a model A- More like a 2005 Caddie which is plenty comfortable to drive across country- Its heavily customizable, and it doesn’t force you into updates, nor does it have a bunch of crap phone home junk that you constantly have to turn off after updates-

Glad ya like windows 10- but there are some downsides compared to windows 7

Yes- i made the switch to linux as my main online OS a few years ago- but I still use windows 7 in dual boot scenario- and just don’t allow it access online- I use it mainly to work with programs that either didn’t work under windows 10 or didn’t work as well under windows 10- and to play windows only games (Linux sux for gaming)-

But the fact that i switched doesn’t negate the fact I would have switched to windows 10 happily IF they didn’t roll it out like they did and force people into updates, with no control over them- and not being able to customize it how i like to use my computer- (Yep i know you can tweak menu and stuff- but not nearly as well as windows 7- although there is a workaround with installing classic shell- but still)- and really don’t like the phone home crap they implemented- Fortunately I don’t need windows online- so my solution was to make the switch to linux-

Does everything I need it to- and is much safer (that’s another thing with windows- I was constantly getting redirected to malicious websites- and always having to guard against viruses- always having to find workarounds (like for the notorious windows 7 update scans taking hours, if not days- ugggh!)- it just got to be a constant battle keeping the machine trouble free- Yes i know linux is also vulnerable to viruses- but nowhere near to the extent of windows-

Don’t mean for this to sound like a pitch for linux- It’s not, it’s just a personal preference that I’ve been happy with- In two years of running it- I’ve never had mess with it the way i constantly had to do with windows- Computer runs a lot quieter too- But like i say- I’ll gladly go back to windows if they give control back to the user- especially if windows becomes less susceptible to viruses- and if they remove all that phone home crap-


28 posted on 01/18/2017 9:40:34 AM PST by Bob434
[ Post Reply | Private Reply | To 20 | View Replies]

To: rockrr

rockrr be sure ot thoroughly check out those ‘anti-spy’ programs, some contain spyware themselves-


29 posted on 01/18/2017 9:42:26 AM PST by Bob434
[ Post Reply | Private Reply | To 26 | View Replies]

To: Flavious_Maximus

[[The problem with Windows 10 is the Telemetry spy ware.

Get rid of that and you would have a good system.

With it, and you may as well have the doors to your house wide open, day and night through out the year.]]

Precisely- I will gladly go back IF they get rid of that crap- and give us back control of updates and menu tweaking


30 posted on 01/18/2017 9:44:31 AM PST by Bob434
[ Post Reply | Private Reply | To 25 | View Replies]

To: chrisser

[[the next update, Microsoft puts it all back and negates your settings so the process starts all over again.]]

That’s one of the biggest complaints I had with 10- when i set something, I want it to remain that way- I don’t want my OS deciding for me that I ‘really want something else’- It was like all of a sudden we not only had to guard against things like viruses and malware constantly, now we have to constantly be on the lookout for changes made to our computer by MS after we get it set up the way we like? No thanks

They took a lot of control away from the user- you mentioned several areas- there are more areas- but sadly giant corporations simply don’t care what the end user wants- and then they start resorting to forcing- such as forcing full purchase of enterprise in order to strong-arm those that wish for more control over their system- We used to have most of that control in previous versions and for a lot less $$-


31 posted on 01/18/2017 9:54:37 AM PST by Bob434
[ Post Reply | Private Reply | To 22 | View Replies]

To: Bullish; SandwicheGuy
Thanks for the insults asswipe. I’ll remember that.

Mr. Bull, you appear to be a thin skinned precious little snow flake aren't you? And I am sure that you do have a long memory. We are talking about an OS here not the future of the Republic. You are the one who picked the pseudonym Bullish??? Not me. Ha, ha, ha!!! You didn't figure someone would come up with Mr. Bull from that? How adorable!

Fireman felt the need to insult me and imply that I’m a rookie compared to his vast knowledge, hahahaha.

Kind of a reach? And how did I insult you? By pointing out you are acting as a Microsoft shill, trying to improve the image of the disaster that is Windows 10??? I have been a Microsoft booster for decades, up until they tried to force Windows 10 down my throat. I have actually met come into contact with both Steve Ballmer and Paul Allen because of interests outside of computing. And living on the East side of King County I have countless friends and associates who are former and current Microsoft employees. You do not seem to have an understanding of the transition that Microsoft is trying to make with Windows 10.

Fireman implied that I don’t know what I’m doing when he’s the one who has a laptop sitting in a drawer that he doesn’t know what to do with.

And I didn't imply anything. I have a spare hard drive with the Windows 10 operating system installed on it in a drawer for my “primary laptop”, not my “primary laptop”. By drawing the conclusion that I had the laptop that I am typing on right now in a drawer somewhere you make all the implications without any help from me. I guess you didn't realize that someone can swap the hard drives out of them thangs. But the fact I stirred you and SandwicheGuy up enough that you were up at 2:30 in the morning posting about me indicates that you two are taking this all too seriously.

But lets get back to common ground, we are all friends and it sounds like we have similar histories when it comes to computer experience. I have been a computer enthusiast since before “home computers” became available. My first introduction was a digital electronic experimentation kit, that controlled a two digit LED Display. This was before electronic calculators had become affordable. It was given to me by my 5th grade teacher who was impressed that I had taught myself how to use a slide rule, and by my inquisitive nature and the fact that I was already reading at the 10th grade level. So when the rest of the class was focused on subjects that I had picked up on my own, he let me tinker with the "digital electronic experimentation kit". It helped to keep me from being bored and disruptive and I learned much from it.

I still have a couple TRS-80s in my basement, along with the first XT Clone that I put together, Commodore 64s, VIC 20s, TI-99-4As, a Timex Sinclair, a couple Atari home computers, a Spectravideo SV-328 which was the machine that the failed MSX (Microsoft X) Standard was based on... I have a large assortment of tape players, drives and expansion boxes for these as well. Believe it or not this hardware has actually become fairly valuable again. About the only hardware I do not have “vintage computer museum” is any overpriced Apple junk which I have shunned since the beginning.

And I have always been interested in machine work, and did work as a millwright for 8 years in a family owned business. But the only piece of CNC equipment that I have directly used with a Windows computer is my 3D Printer. Although I have gotten fairly good at using Windows based software to build 3D models. My favorite software package for this are currently Autodesk Fusion 360, and Autodesk 123D Design which both work fine with Windows 10. But I have other drawing and design software and hardware which will not work with Windows 10 which is one of the reasons I choose not to use it right now.

As far as calling people who prefer email programs such as Windows Live Mail which have the capability to store their files locally “luddites”??? I think the two of you are out on a limb with that as well. There are many legitimate security concerns with “cloud based storage solutions” and they are not going away. This is regardless of whatever security enhancements Microsoft comes up with for Windows 10. The only time a storage device is truly secure is when it is not connected to a computer that has an internet connection and it is locked in a safe.

So lighten up you two, life is too short. Any generalizations that I make are not directed at either of you specifically as insults or otherwise. I think that both of you are very interesting characters and enjoy reading your posts.

32 posted on 01/18/2017 10:02:17 AM PST by fireman15 (How many illegal aliens voted for Hillary in CA and NY alone?)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Bob434

Thanks for the advice. I do all my testing on virtual machines with dummy accounts and no ties to my personal data.

The advantage of VM’s is that you can experiment to your hearts content and then, with a simple click, revert to your clean original image.


33 posted on 01/18/2017 10:39:19 AM PST by rockrr (Everything is different now...)
[ Post Reply | Private Reply | To 29 | View Replies]

To: rockrr

yeash i use virtualbox have windows set up on that too- so i don’t have to reboot into my windows environment- just fire up the VM


34 posted on 01/18/2017 11:33:00 AM PST by Bob434
[ Post Reply | Private Reply | To 33 | View Replies]

To: Bob434

My solution is a little unorthodox and probably expensive for others but...

I need to use RDP to access one of our apps via the WAN. Since I have to buy the RDP licenses anyhow, I’m just going to convert all the non-laptop machines to dedicated terminal clients and move all the desktops to the server. At least for now, MS isn’t pulling as many shenanigans on the server products.

It simplifies control and app deployment as another benefit. I’ll probably use a linux-based terminal client emulator, so Windows 10 will be the last in a long line of MS desktop products (except for laptops) in my organization.

But if I didn’t already need to purchase the RDP licenses, it would cost a fair amount (although I’m not sure if it would be less than Enterprise, to be honest, since pricing on Enterprise isn’t easy to find).

I expect I won’t be the only one going this route, so I also expect MS to jack up the cost of RDP licensing in the future. I’m at the point where, if my main application didn’t require Windows, I’d bail on the whole company and switch to Linux. I could accomplish everything I can with Windows at a fraction of the cost and complexity.


35 posted on 01/18/2017 12:34:23 PM PST by chrisser
[ Post Reply | Private Reply | To 31 | View Replies]

To: chrisser; Woodman; SandwicheGuy; jcon40; Bob434; rockrr; dayglored; Bullish; Swordmaker

Just a casual observation. If you take a look at an Apple thread started by Swordmaker you will find plenty of sniping from we “PC guys”, but the “Apple guys” mostly stay in lock step supporting their I-phones, I-watches, I-pads, I-macs and I-whatever else they have. There is not much “diversity” in the Apple Fan Boy community.

But you bring up anything to do with Windows 10, Microsoft, or PCs in general and you get opinions from a huge number of knowledgeable people who come from a huge number of viewpoints and levels of experience. There are those of us who have been working or tinkering for decades with various operating systems. Most of us believe that the operating system is the software that provides basic support for our systems and should mostly just stay out of our way. Ironically, we set up systems with two, three, four or more OS’s on them with multiple boot options on startup. Or we set up multiple virtual systems on our computers and we fool around with numerous systems that way. Why do we do it? Speaking as someone who has frequently had six or more operating systems on a single computer... I really cannot give a good rational explanation other than I am always probing and taking apart everything that I own.

I always find it amusing when someone starts a thread or makes posts claiming that Windows 10 is the greatest operating system ever and that anyone who disagrees with them is a “luddite” or ignorant or stupid. This community has some extremely knowledgeable members and you just cannot make blanket statements like that and be accurate.

We all have our own perspective and I personally have appreciated so many different OS’s over the years. For me it really started with various operating systems on “home computer systems”, then the various DOS (Disk Operating Systems) that became available and their constant improvements. Then graphical overlays came on scene popularized by Apple, Commodore GEOS, and Windows and others. At first I just a straight DOS system, where I set up my own menu system for quick access to the programs I used. But after years graphical interfaces became more and more convenient and allowed one to use various programs together which increased productivity especially with progressively more powerful hardware.

Up until Windows 10 I never had any major complaints with any Windows Operating System. Windows 3.1 worked fine for me as did Windows 95, Windows XP, and Windows 7. I also didn’t have any problems with Windows ME or Windows Vista. To me it seemed like Windows 8 was starting to go off the rails a little but there were work-arounds that made it acceptable on devices that shipped with it.

I also didn’t have difficulty with devices running Windows PE, Windows CE, Windows Mobile, Windows Mobile 2003, or other variations. I used phones and GPS devices with these various Windows Operating Systems and they were dependable and easy to use for me.

I understand why there are those who like Windows 10, the biggest problem I have is the high handed philosophy behind it. Windows 10 is making a transition from Operating System to service and content provider. Legally, I suppose that this started even before Windows 10 but it has become more and more clear the path that Microsoft is leading us down.

Going from Windows 7 to Windows 10 is like moving away from a house with property where you had independence and could grow your own food and raise livestock and moving to an apartment complex where you are dependent on others to provide your basic needs. Some people like being renters better than being home owners. The difference is that most apartment dwellers do not attempt to denigrate those who prefer to own their home. This is of course an over-simplification, but maybe it will give a tiny glimpse into my perspective.


36 posted on 01/18/2017 12:35:08 PM PST by fireman15 (How many illegal aliens voted for Hillary in CA and NY alone?)
[ Post Reply | Private Reply | To 2 | View Replies]

To: fireman15

If you want my opinion, like GM in the past, Microsoft has started to view it’s customers as a cash cow to exploit rather than a market whose needs they should serve.

And, like GM, they’ll probably be able to coast on it for awhile, but eventually the competition will catch up with them, and like GM, those customers will never come back once they leave.


37 posted on 01/18/2017 12:40:05 PM PST by chrisser
[ Post Reply | Private Reply | To 36 | View Replies]

To: fireman15

I learned to drive in an old pickup that had a floor-mounted push-starter, a hand choke, and a stickshift. And gauges. Gauges that showed me (almost) everything going on with my engine. As soon as I could afford my own wheels I bought a British car that had a key starter but manual everything else.

I remember thinking “How boring!” the first time I got behind the wheel of a contemporary automobile that had automatic everything. “Where’s the damned instruments?! What’s with these idiot lights?!”

Obviously I prefer to do things for myself, and just as obvious, there are a whole host of people who like the luxury or automation. So I don’t advocate one way or another on OS’s (or cars for that matter). I like what I like and I’m happy if you like what you have, too.

I’ve often said that “As long as Microsoft continues to make crappy software I’ll continue to have a crappy job”. I grouse about stupid changes like everyone else - and then I go looking for ways to modify or circumvent the things I don’t like.


38 posted on 01/18/2017 1:07:39 PM PST by rockrr (Everything is different now...)
[ Post Reply | Private Reply | To 36 | View Replies]

To: fireman15; dayglored
Just a casual observation. If you take a look at an Apple thread started by Swordmaker you will find plenty of sniping from we “PC guys”, but the “Apple guys” mostly stay in lock step supporting their I-phones, I-watches, I-pads, I-macs and I-whatever else they have. There is not much “diversity” in the Apple Fan Boy community.

And there, fireman, is the difference. Where is all the sniping from us "Mac guys" in Windows threads?

Apple device users, unlike Windows users, don't find that much in their devices to complain about.

39 posted on 01/18/2017 1:37:38 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 36 | View Replies]

To: dayglored

Windows 10 is garbage. Watching task manager you will find system updates constantly writing to the hard drive spinning it up and using 100% of disc capacity. Even after killing Fetch, Cortana, and Siri it still is always updating system files and programs every 10 minutes spinning up the drive and making me totally pissed off. I keep Norton running because I do not trust Microsoft and their virus protection software, and Norton does not take up that much cache or drive capacity.


40 posted on 01/18/2017 1:48:45 PM PST by Mat_Helm
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-60 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson