Posted on 01/17/2017 9:11:01 PM PST by dayglored
Microsoft security boffins throw fresh CVEs at unpatched OS, emerge smiling
Microsoft says its Windows 10 Anniversary Update squashes more exploit delivery chains than ever.
The August updates brought in a series of operating system security improvements including boosts to Windows Defender and use of AppContainer, designed to raise the difficulty of having zero day exploits execute on patched systems.
Redmond's security team tested its exploit mitigations against two kernel-level then zero-day exploits (CVE-2016-7255, CVE-2016-7256) used by active hacking groups that offer privilege escalation.
They find, in a technical analysis designed to stress test the resilience of Windows 10, that the bugs were neutered on Anniversary Update machines even before it issued the respective November patch thanks to the exploit mitigation controls.
"Because it takes time to hunt for vulnerabilities and it is virtually impossible to find all of them, such security enhancements can be critical in preventing attacks based on zero-day exploits," the team says.
"While fixing a single-point vulnerability helps neutralize a specific bug, Microsoft security teams continue to look into opportunities to introduce more and more mitigation techniques.
"Such mitigation techniques can break exploit methods, providing a medium-term tactical benefit, or close entire classes of vulnerabilities for long-term strategic impact."
The team points to the benefits of easy and complex mitigations including simple changes against RW primitives that trigger harmless blue screens of death errors.
Pushing font-parsing code to isolated containers under improvements to AppContainer and additional validation for font file parsing significantly reduced the ability to use font bugs for privilege escalation, the team says.
That shut the door on one South Korean hacking group which used CVE-2016-7256 in small but targeted attacks in the nation.
"Windows 10 Anniversary Update introduced many other mitigation techniques in core Windows components and the Microsoft Edge browser, helping protect customers from entire classes of exploits for very recent and even undisclosed vulnerabilities," the team says.
The updates follow Microsoft's decision to delay the axing of the lauded enhanced mitigation toolkit to 31 July next year.
That move sparked the ire of Carnegie Mellon University CERT boffin Will Dormann who says the toolkit significantly improved the exploit mitigation chops of Windows 10 and should be maintained, not dropped.
[more at the article link]
Nice. Thanks for your reply.
I hear you and am not trying to advocate for Windows 10. The only point I would make is that my own personal experience is it has not caused any major issues and I have had zero installation “Nightmares”. I too have used just about every OS on: Mobile, PC, RISC, SPARC, POWERPC etc. platforms that was available for over 25 years. I test proprietary software for a living and I am just not seeing the issue most people pile onto Windows 10. Maybe I’m lucky, maybe its my experience.
I will say that the Windows 10 installation did disable a DVD writer I have on a 10 year old system. I removed the device, searched for devices and it re-installed itself without any issues. This only caused me some heartache because I never checked it after the original installation and thought it was a hardware failure. I stupidly removed the drive before I thought to put it back in and go the software driver route. I also have perfectly functional Windows ME OEM on an old Micron and VISTA on an old Dell Laptop. I think I put Win2K on the Micron and the Dell was eventually upgraded to Win 7 before it was retired.
My observation, after over a year of running the Windows Ping List, is that most of the sniping in Windows threads comes from disgruntled Windows users and recent-convert Linux users, with considerable overlap between those two groups.
Apple users, by and large, simply don't bother with Windows issues, and so generally are not attracted to Windows threads.
For my own part, I run Windows primarily in VMs, where it's pretty safe and easy to recover/roll-back when something goes severely pear-shaped. Oh, and I stick with Win7 at home now, getting more than enough Win10 exposure and experience at work. So I actually have very little to complain about, Windows-wise.
RTFM
There is a reason courts don't allow hearsay evidence, in your case from your numerous and talented family members.
The reason I responded to your posts is because you are emblematic of the set of people who won't read the manual, being so smart you don't have to, then blame the people who actually produced something, sold, and now try to support it for people like you. I'm not going off on you personally, you just serve as an example, in this case a bad one. I'll bet we get along fine with a beer.
Having people do their own security was not working, most people can't spell Ubuntu or Red Hat for that matter, so what to do? MS and Apple did what had to be done. The internet changed everything, as the creators said it would, but you cannot explain that to people who insist on clinging to their buggy whip. Life is stages and phases, adapt or die, it is a fairly simple path. Whining doesn't move the ball forward.
Surely, you must have accepted derision about Apple products from PC users on this forum as a fact of life after all these years? We can't help ourselves; I am not sure why. I gave you a heads-up because I wasn't sure that you realized that we fight and belittle each other as much discussing Windows as we do when raiding your Apple threads.
Oh, and my wife and I have prayed for your speedy recovery.
I’m just a home user- don’t do anything too taxing- mainly jjst use the computer for photography processing, artwork- photoshop etc- so the switch to linux was a no brainer for me once i learned how to dual boot- i probably wouldn’t have mae the switch though if I hadn’t found one that was close enough to how i like to work- one that looked similar to windows 7- I tried many ‘flavors’ of linux, but found linux mint cinnamon edition fit the bill for me- super easy to install and set up=- Everything worked pretty much right out of the gate- printers- mouse keyboard- a new usb 3 card- video cards etc- no worries-
As an added bonus- there is a program called ‘Systemback” that takes complete system wide snapshots of the current system, and can turn those snapshots into bootable backup/restore .iso disk- Super easy to do- with the snapshots- if anything ever goes wrong- just roll the system back easy peasy- Had an issue where grub got corrupted once,- just reinstalled from the current backup disk and was good to go in about 20 minutes- I know it can be done in windows too- but i love that linux has this capability too-
Could the program you need to use in windows be run in a VM? Or does it rely on the need for a dedicated graphics card?- I Wish there was an easy way for VM’s to use the host os’s graphics card- I’d dispense with hte dual boot system altogether and just run windows 7 and my photoshop and windows games in a VM- There is something called passthrough where a VM can use the host graphics card- - but it’s super complicated- I got a brain ache trying to figure it out- never did attempt it though-
Dose sniveling exploits. Crush dem.
Anyone who is happy with Windows 10 should expound on its virtues if they want. They should probably expect a little blow back from people such as myself who are not fond of it. It's true, my primary issue is with not having much control over the update process. there are other areas where taking control of your own computer has become more difficult or confusing as well.
I too have had driver issues with older but still useful peripherals. I have a fairly new drawing tablet that has instability issues every time it is hooked to a Windows 10 computer even with the latest drivers. I still have a problem with the way Microsoft attempted to force this down our throats whether we wanted it or not. Overall Windows 10 wasted a significant amount of time before I finally swore it off and went back to Windows 7 on every device that we could.
The thing that I will admit is that for people such as my parents who mostly look at emails and browse the Internet, it does tend to keep them out of trouble most of the time.
[[ For my own part, I run Windows primarily in VMs, where it’s pretty safe and easy to recover/roll-back when something goes severely pear-shaped.]]
i would love to do that IF I could easily find a way to get a VM to use the hosts graphics card— everything i need to do in windows needs a dedicated graphics card- IF they ever come up with an easy way to do that I’ll ditch the dual boot and run windows right from a VM with no access to Internet to protect against windows viruses and cross contamination to the linux host- I do run windows in a VM now, but can’t run the programs I want (like photoshop and some other taxing post processing programs, and windows games)- but i have to dual boot into dedicated windows in order to run photoshop properly- I tried wine and soem other emulators in linux- but no good-
The ultimate would be for linux to be able to run windows programs in emulation mode efficiently-
Thanks for your work on the Windows Ping List. I enjoy a lively discussion and sometimes its fun to discuss something other than politics.
Going from Windows 7 to Windows 10 is like moving away from a house with property where you had independence and could grow your own food and raise livestock and moving to an apartment complex where you are dependent on others to provide your basic needs. Some people like being renters better than being home owners. The difference is that most apartment dwellers do not attempt to denigrate those who prefer to own their home. This is of course an over-simplification, but maybe it will give a tiny glimpse into my perspective.
May I merely add that for the most part, using your analogy, apartment dwellers and renters don't even care that homeowners exist. And most people are not techies or hobbyists, integrating apps and security into the operating system is a natural step by MS to address the needs of these people.
I have 8.1 Pro. Does it mean I can delete that crap? Also is there any way I can avoid an automatic install of 10? I turned off automatic updates. Last question (promise), is 15G a lot for C:\Windows? Any way to shrink that down a bit?
[[As soon as I could afford my own wheels I bought a British car that had a key starter but manual everything else.]]
LOL- now that was really moving up in the world :)
I Too grew up learning to drive with dash gauges- and witnessed loads o changes take place in vehicles over the years- But I do like the automatic stuff now- and the fact that transmissions last for forever, and steering wheels aren’t an excessive in strength training- and actually turn a vehicle straight away instead of turning the wheel a full 1/4 turn before it actually begins to turn the tires- lol-
I do miss my manual shift ‘3 on the tree’ Dodge van though- that was a fun vehicle-
Thank you for your kind and thoughtful response. Microsoft should not be expected to make everyone happy all the time.
The feel of Windows 10 is largely a result of the corporate policies set by CEO Satya Narayana Nadella. I am sure that he is a very smart guy, but I do not believe that he understands the psyche of many Americans well. Many of us are deeply offended any time someone tries to force us to do anything. We like to feel like we are in control of the computer not the other way around.
Microsoft has had a somewhat undeserved reputation for being a little tone deaf in the past, but never to the extent we are seeing these days. It is making them a terrible competitor and is opening up amazing opportunities for other companies. So Satya Narayana Nadella may very well be responsible for the next tech billionaire at Microsoft’s expense.
I would love to buy you that beer FRiend
Truth be told I will survive Windows 10 and because I’ve never been an Apple fan refuse to give up on this present bumpy ride. MS Office 16 is nice too but is also not as consistent as their earlier versions.
Talk about hating manuals try using a PC for MIDI recording.
An Apple is much easier and what I use for music now.
There was another guy who posted earlier to a bunch of us that I thought really nailed it and the disappointment many of us are feeling. Hope you saw his post.
Take Care,
An old yet still handsome Luddite
Well said.
Very well indeed.
Prayers for Windows 10
An Enlightened Luddite
You're very welcome -- it's my pleasure! And yes, even FReepers sometimes get tired of politics. Rarely, but sometimes! :-)
I don’t share your enthusiasm. One PC in the house, 4 users. Had Windows 7 and all of us could be logged in and not signed out and there would not be any problems. Now, only one person can be logged in. If that person doesn’t sign out and another person logs in the new person is plagued with out of memory problems.
I don’t remember how much RAM it has but I remember I filled all of the slots. Admittedly, the computer is showing its age since I purchased it in 2009 but I expect better memory management.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.