MFOHome About Commentary Discussions Funds The Best Resources Support Us!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

In this Discussion

Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.

    Support MFO

  • Donate through PayPal

FYI: Microsoft warns of critical remote code execution vulnerability

LLJB
in Off-Topic
Just wanted to pass this along in case not everyone is aware:

Microsoft has just warned that a critical remote code execution vulnerability has been identified in the Microsoft Secure Channel (Schannel) security package in Windows. The affected operating systems include Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, and Windows RT 8.1.

The vulnerability affects the way common internet and network applications communicate securely. Communication between client and server handled particularly through browsing relies on this type of secure channel, turning everyone affected by this vulnerability into potential victim.

Treating the vulnerability with a maximum security impact, Microsoft warns that although no cases implicating this vulnerability have been reported in-the-wild, Windows users are strongly encouraged to enable automatic updates and install the latest security patches.

Comments

  • MaxBialystockMaxBialystock
    Microsoft. Why am I not surprised??? When I had automatic updates turned on, it wanted to download the same thing countless times. So I turned it off. I have antimalware working, antivirus, a browser wipe-clean tool. And now, Firefox has just updated, yesterday or the day before. Is the problem involving Microsoft's Internet Explorer ONLY? Or anyone using WINDOWS?
  • LLJB
    I'm just the messenger and I'm not a technical guy so the simple answer is I don't know. With that said, my impression from what I've read is that it impacts the secure communication you might have on the internet, so it has to involve a browser. Given that the warning talks about the operating systems it impacts rather than the specific browser you're using, my concern would at least be that it could extend to any browser you use with a windows operating system. I did read one message that suggested people make sure they're using the latest version of Internet Explorer but it didn't say people who use other browsers don't have to worry.
  • MaxBialystockMaxBialystock
    Ok, well. I thank you for the follow-up.
  • LLJB
    I've read some more, although I'm a little surprised it seems there's very little "news" out there about this, but I think the idea is that someone can send something from a remote server, exploiting a weakness in the operating system, and take control of your computer. I guess what they might be able to then do depends on any number of factors. It has made me believe, however, that it is not an issue with the browser but rather that the operating system would allow remote control when in theory it shouldn't, or it should require some sort of security protocol before allowing remote control of the computer. I guess the updates are supposed to fix the weakness. Sorry I can't provide a more specific answer.
  • catch22catch22
    Remote Desktop/Access has been a feature built into MS software since Windows XP. The program can be turned on by user "a" and allow access to this pc from user "b". I have used this to access a relative's pc to help with a problem. This may be part of what is of concern. 'Course, there are many other ways, too.

    Catch
  • LLJB
    Right, and I've used it to allow a service person from HP to access my computer remotely to solve some problem I was having. I guess maybe this weakness is that user "b" in your example could take control of user "a's" computer without user "a" turning on and allowing remote access.
  • MikeMMikeM
    I'm far from computer knowledgable, but it is my understanding that remote servers taking over ones computer happens all the time. Often you wouldn't even know it. Antivirus security is suppose to watch for that but hackers, also known as scums of the earth, work around the clock to foil security. Hence constant upgrades from Microsoft.
  • chipchip
    I believe that this week's series of patches from Microsoft close serious security holes in both the operating systems mentioned and the Internet Explorer browser. I recommend that if you use any Windows based system, you allow all of the critical updates to install.
  • MaxBialystockMaxBialystock
    ....So, I went in and permitted Windows to look for updates and to install them........ Checking for updates...... Checking for updates......... Dinner and a cocktail finished....... Checking for updates ..... Checking for updates...... Conversation with wife on the phone.... Checking for updates........... Jeez. I looked at history. Latest installed updates were in '12. Lots of the updates were for programs I never use. Example: Microsoft Works. You can generate a document, but you cannot edit it or send it anywhere without paying for the full shot. I've never done that. But it wants to update it anyway. .....Oh, ya. THAT'S why I turned it off! ;)
  • catch22catch22
    @MaxBialystock

    I do believe there is something else not happy with your pc....desktop or laptop version.

    I've loaded two sets of updates, on two different laptops in a timely and expected fashion.
  • MaxBialystockMaxBialystock
    Thanks, Catch. I guess I just must continue to depend on my anti-malware and antivirus programs. I clean my history whenever I shut down. The anti-malware stuff not long ago found some non-critical threats--- like cookies or something else being remembered. I just told the program to remove the evil stuff, and it runs good. So many damn pictures, I'm low on hard drive space, though!
Sign In or Register to comment.