Over 1 million tech questions and answers.

Another Windows Flaw

Q: Another Windows Flaw

Microsoft is investigating a new flaw in the Windows operating system but didn't provide details on their Security Response Center Blog....we?re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we?re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we?re investigating.What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur...blogs.technet.com

RELEVANCY SCORE 200
Preferred Solution: Another Windows Flaw

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Another Windows Flaw

Astronaut: Houston we have a problem...

Houston: What is it?

Astronaut: We can't tell you.

Houston: Why not?

Astronaut: Because it hasn't occured yet...

Houston: Then how do you know it will happen?

Astronaut: We saw some code laying around...

Houston: So.. we always have sloppy work

Astronaut: Correct, however, this is leading to an "unknown" problem...

laymans terms of what Microsoft is doing.

Read other 1 answers
RELEVANCY SCORE 44.8

Not sure if this the best place for this but sure needs to be looked into!
 
http://community.spiceworks.com/topic/1343923-devastating-flaw-found-in-windows-authentication-system?utm_campaign=digest&utm_medium=email&utm_source=digest&utme=topic+featured

A:Devastating flaw in Windows

You left off the quote marks around "devastating", and the question mark at the end of the sentence. Then there's this comment on the article:
 
"There is nothing new in that blog post. All the author has done is gather information from other sources (linked at the bottom of his post) and put it together in a nice article. It's El Reg that's tossing around words like "devastating". In fact, dfirblog goes into great detail about how the attack works and - more to the point - how to detect it on your network. 

Changing KEBTGT's password is trivial using the provided script, which, incidentally, was published in February. Honestly: Should we be that surprised to find that a Bad Guy that's gained access to a network can do Bad Things? 
C'mon, kids. Read the articles before crying foul. We're supposed to be better than that."
 

 

Read other 5 answers
RELEVANCY SCORE 44.4

Hi all,I came across this and thought it may be usefull to a few people here on the forums, although if you use 16 bit applications you may want to keep this disabled:This security hole is said to affect 32bit Windows operating systemsA CRITICAL FLAW has been found in the Windows NT trap handler that makes all Windows machines wide open to hackers. The problem has been a feature of every Windows system for the last 17 years and no one has noticed. According to Full Disclosure, the security hole in Windows allows users with restricted access to escalate their privileges to system level. It can be done on all 32-bit versions of Windows from Windows NT 3.1 to Windows 7. This is not likely to bother consumers much, but corporate IT managers will be wetting themselves.And the removal instructions. Enabling the "Prevent access to 16-bit applications"1. Start2. Run (Windows key + R)3. Type gpedit.msc and press enter (Run as Administrator if need be) 4. Expand - Computer Configuration5. Expand - Administrative Templates6. Expand - Windows Components 7. Open - Application Compatibility section.8. Double Click 'Prevent access to 16 bit applications'9. Check Enabled10 Click Apply then OkHere is a screenshot to help those having any troubles: http://i24.photobucket.com/albums/c11/smak...6bitdisable.jpgSources:http://www.theinquirer.net/inquirer/news/1...nt-windows-flawhttp://www.neowin.net/news/microsoft-issue...s-vulnerability

A:17 year old Windows flaw discovered in Windows 7. How to close this security vulnerability

According to the same site microsoft had promised to patch the hole in security http://www.theinquirer.net/inquirer/news/1...osoft-patch-bug. I am afraid I am one of those people who just has automatic updates on and hardly checks to see what I am actually downloading. I guess if some person who shouldnt have admin access especially in a company or business was to get it this way microsoft would have to do a lot of explaining. Its amazing that only after 17 years this hole has been found.

Read other 1 answers
RELEVANCY SCORE 44.4

IE flaw puts Windows XP SP2 at risk.Published: September 16, 2005, 7:08 AM PDTBy Dawn Kawamoto, Staff Writer, CNET News.com A flaw has been discovered in Internet Explorer that could enable a remote attack on systems running Windows XP with Service Pack 2, eEye Digital Security has warned.The flaw, which also affects systems running Windows XP, is found in the default installations of Microsoft's IE, according to an advisory released by the security company on Thursday."The flaw is not wormable but allows for the remote execution (of code) with some level of end-user intervention," said Mike Puterbaugh, eEye's senior director of product marketing. Complete article at CNET News

A:IE flaw puts Windows XP SP2 at risk

Another flaw in IE?
Noooooo, tell me it ain't so.

Read other 1 answers
RELEVANCY SCORE 44.4

 In Win10's game, Minesweeper, the entire far-right section of the game is not visible and I can not complete a level!
 
Worse, the exact same problem exists in Treasure Hunt!
 
This is just terrible!
 
I haven't been able to sleep for days.
 
Please tell me there is a fix, 'cause I need one!
 

A:Major, unforgivable, Windows 10 flaw...

I am only guessing but have you tried dragging where you want it?

Read other 6 answers
RELEVANCY SCORE 44.4

Hiya

Help and Support Center provides a centralized facility through which
users can obtain assistance on a variety of topics. For instance, it
provides product documentation, assistance in determining hardware
compatibility, access to Windows Update, online help from Microsoft,
and other assistance.

A security vulnerability is present in the Windows XP version of Help
and Support Center, and results because a file intended only for use
by the system is instead available for use by any web page. The
purpose of the file is to enable anonymous upload of hardware
information, with the user's permission, so that Microsoft can
evaluate which devices users are not currently finding device drivers
for. This information is then used to work with hardware vendors and
device teams to improve the quality and quantity of drivers available
in Windows. By design, after attempting to upload an XML file
containing the hardware information, the system deletes it.

An attacker could exploit the vulnerability by constructing a web
page that, when opened, would call the errant function and supply the
name of an existing file or folder as the argument. The attempt to
upload the file or folder would fail, but the file nevertheless would
be deleted. The page could be hosted on a web site in order to attack
users visiting the site, or could be sent as an HTML mail in order to
attack the recipient when it was opened.
Maximum Severity Rating: Moderate

Affected Software:

Microsoft Window... Read more

Read other answers
RELEVANCY SCORE 44.4

Microsoft warns of TLS/SSL flaw in Windows.

Microsoft has warned of a publicly known vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. All supported versions of Windows are affected.

-- Tom
 

Read other answers
RELEVANCY SCORE 44.4

Information Week article notes:The "highly criticial" vulnerability affects Internet Explorer 5.01, 5.5, and 6 on fully patched PCs running either Windows XP SP1 or the newer SP2.Another flaw in Internet Explorer has been uncovered by Danish security firm Secunia, which said that the gaffe left all PC users open to attack, even those who had updated Windows XP with the massive Service Pack 2 upgrade.More info:http://www.informationweek.com/story/showA...icleID=29116685Regards to allJohn-who-uses-Mozilla

A:IE Flaw Affects Windows XP SP2 Systems

Here's more on the vulnerability and what actually happenshttp://www.securityfocus.com/archive/1/372...22/2004-08-28/0

Read other 1 answers
RELEVANCY SCORE 44.4

Hello Everyone,I am from India and i am working as a network admin in a company and i am having some problem regarding Some Windows Services.From 25th Of Nov there is some problem in windows Sharing Service.I mean the Pc's Having Printer Or File Sharing Enabled They are unable to Share that shared Resources.The Server , Workstation, Theme And Computer Browser Service Is Automatically Stops On those Pc's(Which Having Some Kind Of Data Sharing Is Enabled).All My pc's are in Domain Environment And Some Having Windows Xp With SP3 And Some Having Sp2 Also.All Pc's Are Fully Patched And Having Anti virus.When i Login Through Admin And Start These Service Manually.The Services Work For Some Minutes And Shuts Down.At Starting I thought that Pc's Having Some Kind Of Virus But I checked Every thing It is ok..I formated one pc but not this not resolved my problem..Please Help Me To solve this problem.......RegardsShivesh Kumar

Read other answers
RELEVANCY SCORE 44.4

Hiya

Thought I'd put this here, as its more for the Admins.
Windows messages provide a way for interactive processes to react
to user events (e.g., keystrokes or mouse movements) and communicate
with other interactive processes. One such message, WM_TIMER, is sent
at the expiration of a timer, and can be used to cause a process to
execute a timer callback function. A security vulnerability results
because it's possible for one process in the interactive desktop to
use a WM_TIMER message to cause another process to execute a callback
function at the address of its choice, even if the second process
did not set a timer. If that second process had higher privileges
than the first, this would provide the first process with a way of
exercising them.

By default, several of the processes running in the interactive
desktop do so with LocalSystem privileges. As a result, an attacker
who had the ability to log onto a system interactively could
potentially run a program that would levy a WM_TIMER request upon
such a process, causing it to take any action the attacker
specified. This would give the attacker complete control over the
system.

In addition to addressing this vulnerability, the patch also makes
changes to several processes that run on the interactive desktop
with high privileges. Although none of these would, in the
absence of the TM_TIMER vulnerability, enable an attacker to gain
privileges on the system, we have included them in the patch to
make the servic... Read more

A:Flaw in Windows WM_TIMER Message: Dec 11

Hiya

V2.0 (February 07, 2003): Microsoft has investigated this issue and is releasing an updated patch for Windows NT 4.0. The bulletin has been modified to include the new download links for the revised NT 4.0 patch.
Windows NT 4.0:

All except Japanese NEC and Chinese - Hong Kong

Japanese NEC
Chinese - Hong Kong

Windows NT 4.0, Terminal Server Edition:
All

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-071.asp

Regards

eddie
 

Read other 2 answers
RELEVANCY SCORE 44

 

A critical Server Message Block (SMB) #VU672268 in all Windows version including Windows 10 allows potential hackers to steal sensitive login credentials
Security researchers at Cylance have discovered a serious vulnerability in all supported versions of Windows that can allow a potential hacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services.
Cylance researchers disclosed the vulnerability today on their website in which they said that their study is an extension to a similar research done by Aaron Spangler in 1997.

 
 

New Redirect to SMB Flaw in all Windows versions including Windows 10 allows hackers to steal login credentials
 
.

A:New Redirect to SMB Flaw in all Windows versions including Windows 10

Please take a few moments to read what is necessary to exploit this.  SMB ports have been blocked by ISPs since the 90s, this was after people figured out that they could see the C: drive of everyone else on the network.
 
Other methods are a man in the middle attack.  If a man in the middle attack is happening on your home network that is a bigger problem.
 
The most likely attack is using a compromised network.  So, if you stay off of free public networks, or use appropriate safety, like a VPN, you should be fine.

Read other 1 answers
RELEVANCY SCORE 44

September 22, The Register ? (International) Microsoft issues IE 10 Flash flaw fix for Windows 8. Soon after an update that fixed the recent zero-day flaw discovered in Internet Explorer (IE) versions 7, 8, and 9, Microsoft released a separate patch that solves issues related to the Adobe Flash Player component of IE 10. The current Flash vulnerabilities only affect IE 10 running on Windows 8 and Windows 2012 server, meaning most Windows users are not vulnerable. However, although Microsoft?s latest operating systems have yet to ship to retail customers, they are already available to volume licensees and subscribers to Microsoft?s MSDN and TechNet programs. Source: Microsoft issues IE 10 Flash flaw fix for Windows 8 ? The Register

A:Microsoft issues IE 10 Flash flaw fix for Windows 8

I got that update a few days ago.. seems good to me.

Read other 6 answers
RELEVANCY SCORE 44

Article:

http://news.com.com/2100-1009_3-1026420.html?tag=lh
 

A:Microsoft warns of critical Windows flaw

http://forums.techguy.org/t145656/s.html

This should help quite a bit =)

-Z
 

Read other 1 answers
RELEVANCY SCORE 44

Hi All,
Your can read about here.
Barry
 

A:Microsoft Releases Patch for Windows Flaw

Run a scan at the Windows Updates site and the KB912919 patch should appear in the critical updates section.

Microsoft has released it 5 days early.

-------------------------------------------------------------------------------------
 

Read other 1 answers
RELEVANCY SCORE 44

After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.
Read more here.

Read other answers
RELEVANCY SCORE 44

.

http://threatpost.com/en_us/blogs/serious-new-java-flaw-affects-all-browsers-040910

Time to uninstall Java, at least until it is patched.

.
 

A:Serious New Java Flaw Affects All Browsers in Windows

Read other 16 answers
RELEVANCY SCORE 44

When you view 1 picture with Windows Picture and Fax Viewer, the viewer will also show you pix you've viewed in the past. For example, if you viewed picture 1 from a previous day or week and you're viewing picture 2 today, MS will combine all pictures viewed.

MS Picture Manger also has this flaw. I narrowed it down to viewing in Outlook 2003.

Question:

Any fixes or viewer that doesnt have this flaw?
 

Read other answers
RELEVANCY SCORE 44

By TOM PULLAR-STRECKER - The Dominion Post.

**** May be of interest to our New Zealand Readers.***





Sixteen of New Zealand's top 100 computer users, including some banks and government agencies, may be unable to fully protect some of their computers from hackers after Microsoft said it would not patch a fault in the Windows 2000 operating system.
Microsoft issued a fix for a vulnerability in other operating systems affected by a networking flaw on Tuesday, but said it could not patch Windows 2000 without rewriting a significant portion of the operating system, which might prevent some software applications working properly.



Link. -
Windows 2000 users left with unfixable flaw | Stuff.co.nz

Read other answers
RELEVANCY SCORE 44

read here.....Serious New Java Flaw Affects All Current Versions of Windows | threatpost






Quote:
There is a serious vulnerability in Java that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years.

The problem lies in the Java Web Start framework, a technology that Sun Microsystems developed to enable the simplified deployment of Java applications. In essence, the JavaWS technology fails to validate parameters passed to it from the command line, and attackers can control those parameters using specific HTML tags on a Web page, researcher Ruben Santamarta said in an advisory posted Friday morning.In short, if you have a recent version of Java running on a Windows machine, you're affected by this flaw.The workaround for this problem is to disable JavaWS and Javaws.exe, Santamarta said in his advisory

A:Serious New Java Flaw Affects All Versions of Windows

Sun company is offering this very important link that allows users to run a quick scan to determine whether the Java environment installation is up to date.

Update should be 6u19

Read other 9 answers
RELEVANCY SCORE 43.2

Hiya

The Windows debugging facility provides a means for programs to
perform diagnostic and analytic functions on applications as they
are running on the operating system. One of these capabilities
allows for a program, usually a debugger, to connect to any running
program, and to take control of it. The program can then issue
commands to the controlled program, including the ability to
start other programs. These commands would then execute in the
same security context as the controlled program.

There is a flaw in the authentication mechanism for the debugging
facility such that an unauthorized program can gain access to the
debugger. A vulnerability results because an attacker can use
this to cause a running program to run a program of her choice.
Because many programs run as the operating system, this means
that an attacker can exploit this vulnerability to run code as
the operating system itself. She could take any action on the
system including deleting data, adding accounts with
administrative access, or reconfiguring the system.

A successful attack requires the ability to logon interactively
to the system, either at the console or through a terminal
session. Also, an a successful attack requires the
introduction of code to exploit this vulnerability.
Because best practices recommends restricting the
ability to logon interactively on servers, this
issue most directly affects client systems and terminal servers.

Affected Software:

Microsoft Windows NT 4.0
Micro... Read more

Read other answers
RELEVANCY SCORE 43.2

Hiya

Microsoft Windows Media Services is a feature of Microsoft Windows
2000 Server, Advanced Server, and Datacenter Server and is also
available as a downloadable version for Windows NT 4.0 Server.
Windows Media Services contain support for a method of delivering
media content to clients across a network known as multicast
streaming. In multicast streaming however, the server has no
connection or knowledge of the clients that may be receiving the
stream coming from the server. To facilitate logging of client
information for the server Windows 2000 includes a capability
specifically designed for that purpose. . To help with this
problem, Windows 2000 includes logging capabilities for multicast
and unicast transmissions.

This capability is implemented as an Internet Services Application
Programming Interface (ISAPI) extension - nsiislog.dll. When
Windows Media Services are installed in Windows NT 4.0 Server or
added through add/remove programs to Windows 2000, nsiislog.dll is
installed to the Internet Information Services (IIS) Scripts
directory on the server.

There is a flaw in the way in which nsiislog.dll processes incoming
requests. A vulnerability exists because an attacker could send
specially formed communications to the server that could cause IIS
to stop responding to Internet requests.

Windows Media Services is not installed by default on Windows 2000,
and must be downloaded to install on Windows NT 4.0. An attacker
attempting to exploit thi... Read more

A:Flaw in ISAPI Extension for Windows Media Services: May 28

V2.0 May 30, 2003: Re-released bulletin with new rating of Important to reflect additional action an attacker could take.

Maximum Severity Rating: Important

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-019.asp

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 43.2

Hiya

The Windows Script Engine provides Windows operating systems with
the ability to execute script code. Script code can be used to add
functionality to web pages, or to automate tasks within the
operating system or within a program. Script code can be written in
several different scripting languages, such as Visual Basic Script,
or JScript.

A flaw exists in the way by which the Windows Script Engine for
JScript processes information. An attacker could exploit the
vulnerability by constructing a web page that, when visited by the
user, would execute code of the attacker's choice with the user's
privileges. The web page could be hosted on a web site, or sent
directly to the user in email.

Although Microsoft has supplied a patch for this vulnerability and
recommends all affected customers install the patch immediately,
additional preventive measures have been provided that customers
can use to help block the exploitation of this vulnerability while
they are assessing the impact and compatibility of the patch. These
temporary workarounds are discussed in the "Workarounds" section in
the Frequently Asked Questions section of the security bulletin for
this release.

Maximum Severity Rating: Critical

Affected Software:

Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Download locati... Read more

Read other answers
RELEVANCY SCORE 43.2

Researchers have uncovered yet another flaw in Microsoft's Windows 7 beta that could allow attackers to gain full administrative privileges by bypassing the operating system's UAC, or user access control.
Researcher Rafael Rivera Jr. has released proof-of-concept code that demonstrates how unauthorized third-party software can elevate its privileges and install a potentially malicious payload on the latest version of Windows, which is still in beta. Researchers warn that anyone using the OS is vulnerable.
Read the full article:

Code:
Windows 7 UAC flaw silently elevates malware access ? The Register

A:Windows 7 UAC Flaw Silently Elevates Malware Access

That article was posted on the 4th of February and I believe they made some changes since then.

Read other 1 answers
RELEVANCY SCORE 43.2

Security flaw touches Windows Media Player, IEBy Dawn KawamotoStaff Writer, CNET News.comPublished: October 18, 2005, 7:23 AM PDTLast modified: October 18, 2005, 10:44 AM PDTupdate A "critical" flaw that affects both Microsoft's Windows Media Player and Internet Explorer has been uncovered, a security company reported late Monday. The security flaw, which is found in the default installations of Media Player and the IE browser, could let attackers launch a remote execution of code, according to an advisory posted by eEye Digital Security. Systems affected by the flaw include Windows XP with Service Pack 1 and Service Pack 2, Windows NT, Windows 2003 and Windows 2003 SP1, and all versions of Windows 2000.news.com

Read other answers
RELEVANCY SCORE 43.2

The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7 and can result in an attacker hijacking the vulnerable computer. It can lead to a conficker like attack.Microsoft has advised all Vista and 7 users to disable SMB2 service as a temporary solution : http://support.microsoft.com/kb/975497More information :http://blogs.zdnet.com/security/?p=4228http://lastwatchdog.com/smb2-zero-day-flaw...conficker-like/

A:SMB2 flaw in Windows Vista and 7 can lead to hijacking

Boy oh Boy it didn't take them long to start jumping on (7). Thanks for the update Romeo29.

Read other 1 answers
RELEVANCY SCORE 43.2

Hiya

A flaw exists in a Windows NT 4.0 Server file management function
that can cause a denial of service vulnerability. The flaw results
because the affected function can cause memory that it does not own
to be freed when a specially crafted request is passed to it. If
the application making the request to the function does not carry
out any user input validation and allows the specially crafted
request to be passed to the function, the function may free memory
that it does not own. As a result, the application passing the
request could fail.

By default, the affected function is not accessible remotely,
however applications installed on the operating system that are
available remotely may make use of the affected function.
Application servers or Web servers are two such applications that
may access the function. Note that Internet Information Server 4.0
(IIS 4.0) does not, by default, make use of the affected function.
Maximum Severity Rating: Moderate

Affected Software:

Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Terminal Server Edition
Download locations for this patch

Microsoft Windows NT 4.0 Server

Microsoft Windows NT 4.0 Terminal Server Edition

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-029.asp
Regards

eddie
 

A:Flaw in Windows Function Could Allow Denial of Service: NT only. 23 July

V2.0 (August 13, 2003): Updated to reflect the release of updated patches to correct problems on computers running RAS.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-029.asp

eddie
 

Read other 1 answers
RELEVANCY SCORE 43.2

Microsoft won't fix Windows flaw that lets hackers steal your username and password
 

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.
Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account. The flaw works because Internet Explorer and Edge (on Windows 10) allow a user to access local network shares but don't fully block connections to remote shares.

 

There's a simple mitigation, according to the group. Don't use Internet Explorer, Edge, or Microsoft Outlook, and don't log in to Windows with a Microsoft account.

 
Greets! 

A:Windows flaw that lets hackers steal your logins

I refuse to use IE or Edge. Windows 10 Cortana forces users to use Edge so there is no way to avoid Edge when doing searches. 
 
http://searchengineland.com/microsoft-says-no-to-other-browsers-248381

Read other 1 answers
RELEVANCY SCORE 43.2

Tavis Ormandy posted this message to the Full Disclosure security mailing list. It describes a flaw in the 16-bit emulation subsystem of the Windows NT kernel. The NT Kernel is the basis for Windows NT, Windows 2000, Windows XP, Windows Vista, and Windows 7. 64-bit versions are unaffected. Microsoft has confirmed the report.The flaw, if exploited, would allow an attacker to execute programs and commands with full System user rights. In Windows, the System user is even more powerful than the Administrator.Microsoft was informed of this flaw on June 12, 2009. No patch has been issued.Further reading:http://www.geek.com/articles/chips/17-year...vered-20100120/http://www.h-online.com/security/news/item...ate-908917.html

A:Ancient Flaw Affects Windows NT3.1 through Windows 7

No patch has become available, although Ormandy reports that Microsoft was already informed of the hole in mid 2009. The developer decided to publish the information regardless because, in his opinion, there is a simple workaround: to disable the MS-DOS subsystem.The workaround requires users to start the group policy editor and enable the "Prevent access to 16-bit applications" option in the Computer Configuration\Administrative Templates\Windows Components\Application Compatibility section.Some folks are still asking Will 16-bit applications and games be able to run on Windows 7 64-bit?

Read other 3 answers
RELEVANCY SCORE 42.8

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.
However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:
www.epicurious.com (home page)
sports.yahoo.com (home page)
The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.
The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running Win 8 Pro 64-bit. Windows Experience score of 5.9.... Read more

A:Major Flaw in Windows 8 Slow Browsing on Chrome, Firefox?

I have not noticed any slowness in Chrome or FF in Windows 8. Are you using chrome in Desktop mode or in Metro mode?

Read other 6 answers
RELEVANCY SCORE 42.8

Hiya

Help and Support Center provides a centralized facility through
which users can obtain assistance on a variety of topics. For
instance, it provides product documentation, assistance in
determining hardware compatibility, access to Windows Update,
online help from Microsoft, and other assistance. Users and
programs can execute URL links to Help and Support Center by
using the "hcp://" prefix in a URL link instead of "http://".

A security vulnerability is present in the Windows Me version of
Help and Support Center, and results because the URL Handler for
the "hcp://" prefix contains an unchecked buffer.

An attacker could exploit the vulnerability by constructing a URL
that,when clicked on by the user, would execute code of the
attacker's choice in the Local Computer security context. The URL
could be hosted on a web page, or sent directly to the user in
email. In the web based scenario, where a user then clicked on
the URL hosted on a website, an attacker could have the ability
to read or launch files already present on the local machine. In
the case of an e-mail borne attack, if the user was using Outlook
Express 6.0 or Outlook 2002 in their default configurations, or
Outlook 98 or 2000 in conjunction with the Outlook Email Security
Update, then an attack could not be automated and the user would
still need to click on a URL sent in e-mail. However if the user
was not using Outlook Express 6.0 or Outlook 2002 in t... Read more

A:Flaw in Windows Me Help and Support Center Could Enable Code Execution: Feb 26

Im sorry but doesn't that go against the Forum Rules of explaining how to HACK, crack, or pirate programs? Because I just learned something new...
 

Read other 3 answers
RELEVANCY SCORE 42.8

Download patch for: J2SE JRE v 1.4.2_06
Available at: http://java.sun.com/j2se/1.4.2/download.html

The following article at CNET News.com was published about the flaw:

Java flaw could lead to Windows, Linux attacks
Published: November 23, 2004, 12:43 PM PST
By Robert Lemos
Staff Writer, CNET News.com

A flaw in Sun Microsystems' plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs.

...

-- Tom
 

Read other answers
RELEVANCY SCORE 42.8

I noticed that if I leave my PC on for a long time, and even if I don't open any application, that the RAM (Physical Memory) Usage, as reported by the "Performance" tab in Windows Task Manager, will increase as time progresses. I'm curious what will happen if I leave my PC turned on indefinitely without rebooting (several weeks, months), will the RAM usage eventually go to 100% or over, forcing windows to shut down? Is this a system design flaw inherent to Windows OS? Thanks.

A:Physical Memory Usage phenomenon, Windows design flaw?

What you're seeing is a "memory leak", an occurrence where a program claims more and more memory as it runs, but never releases it back to the OS. It's difficult to tell where it comes from, but have a look at the task manager, look for the memory usages of different programs and try to find one that increases memory consumption over time without going back.

But the problem itself may be located in a program you're running (even hidden), in a faulty driver, or even it may be a virus. I doubt that it's a problem with Windows itself, but it's not impossible of course. I leave my computer on for long periods (days, if not weeks) and never had a problem with RAM memory going short, and the few Windows-based servers that exist out there are in fact running always-on for years, with maybe a reboot once in a while, but generally no other problems.

As a routine, try a virus scan to see if you've got something nasty to discard the problem, or try safe mode and see if it repeats there.

Read other 8 answers
RELEVANCY SCORE 42.4

New Windows kernel mode flaw points to future attack vectors.

A new Windows flaw that allows all current, supported versions of Windows to be crashed was published on Friday by Israeli researcher Gil Dabah. The bug allows a local user to cause a system to suffer a blue-screen of death crash. In principle, this may also allow attackers to run code of their choosing with kernel privileges, though in practice, the looks as if it would be difficult due to the nature of the flaw.

-- Tom
 

A:New Windows kernel mode flaw points to future attack vectors

good read
 

Read other 2 answers
RELEVANCY SCORE 42.4

Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.
 
Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw.
 
"This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.
 
The search giant originally told Microsoft about the problem 10 days ago, on Oct. 21. It waited to say anything about it publicly so Microsoft could fix the problem first. But Google has a strict policy of giving vendors only seven days to either publish a patch or issue a warning about a flaw.
 
"Seven days is an aggressive timeline and may be too short for some vendors to update their products," Google said in a blog post in 2013. "But it should be enough time to publish advice about possible mitigations."
 

Article

 

A:Google reveals Windows flaw being exploited by hackers, angering Micros

That is a good find!  Thank you for sharing.  I think MS needs to up their game, things of this nature need not to be out in the wild IMO.

Read other 1 answers
RELEVANCY SCORE 42.4

Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.
 
Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw.
 
"This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.
 
The search giant originally told Microsoft about the problem 10 days ago, on Oct. 21. It waited to say anything about it publicly so Microsoft could fix the problem first. But Google has a strict policy of giving vendors only seven days to either publish a patch or issue a warning about a flaw.
 
"Seven days is an aggressive timeline and may be too short for some vendors to update their products," Google said in a blog post in 2013. "But it should be enough time to publish advice about possible mitigations."
 

Article

 

A:Google reveals Windows flaw being exploited by hackers, angering Micros

That is a good find!  Thank you for sharing.  I think MS needs to up their game, things of this nature need not to be out in the wild IMO.

Read other 2 answers
RELEVANCY SCORE 42.4

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.

However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:

www.epicurious.com (home page)
sports.yahoo.com (home page)

The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.

The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running Win 8 Pro 64-bit. Windows Experience sco... Read more

A:Windows 8 Flaw? Slow Web Browsing Chrome, Firefox, IE, Internet Problem?

Read other 6 answers
RELEVANCY SCORE 42

Company urges users to run single-click tool before hackers exploit 'decently wormable' SMB 2 flaw.
With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component.
The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7.



Source -
Microsoft unveils shield for critical Windows flaw as attack code looms | Security Central - InfoWorld

Read other answers
RELEVANCY SCORE 41.6

Other OSes will need an update, performance hits loom

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
 
Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.
 
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit.
 
Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder.
Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but c... Read more

A:'Kernel memory leaking' Intel processor flaw forces Linux,Windows redesign

What doesn't seem clear to me is that they say "Your Intel-powered machine will run slower as a result" and "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against."However if "The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI", is there going to be a different kernel architecture in the OS depending on whether it's running on Intel or AMD?

Read other 6 answers
RELEVANCY SCORE 41.6

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.

However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:

Epicurious.com: Recipes, Menus, Cooking Articles & Food Guides (home page)
sports.yahoo.com (home page)

The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.

The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running... Read more

Read other answers
RELEVANCY SCORE 41.6

Microsoft has updated the Malicious Software Removal Tool, a free security tool the company is offering Windows users to fight specific malware, in order to defend themselves agaist a prevalent worm that targets a Critical Windows vulnerability. Back in October 2008, the Redmond company made available an out-of-band security bulleting (MS08-067) designed to resolve a Critical flaw in the Windows Server service (SVCHOST.EXE) affecting all supported versions of Windows. At that time, Microsoft warned that even Windows Vista SP1, Windows Server 2008 and Windows XP SP3 were vulnerable, and also released a patch for the pre-release version of Windows 7.



Free Microsoft Security Tool Kills Worm Targeting Critical Windows Flaw - The Win32/Conficker - Softpedia


You can download the Malicious Software Removal Tool from here:
I ran the 64 bit tool without any problems.

32 bit:

Download details: Windows Malicious Software Removal Tool

64 bit:

Download details: Windows Malicious Software Removal Tool x64

A:Free Microsoft Security Tool Kills Worm Targeting Critical Windows Flaw

Thanks for the post. Ran the tool. All clear

Read other 4 answers
RELEVANCY SCORE 41.6

PowerPoint flaw hits Mac and Windows
Second major Microsoft vulnerability in two weeks
http://mail.vnunet.com/cgi-bin1/flo/y/evPr0KA1Kc0UKn0DQlQ0Ao

Experts warn of 'severe risk' email worm
Win32.Warezov.at spreading in the wild
http://mail.vnunet.com/cgi-bin1/flo/y/evPr0KA1Kc0UKn0DQO10An

Stration worm masquerades as security patch
Users must resist the temptation of opening unsolicited attachments
http://mail.vnunet.com/cgi-bin1/flo/y/evPr0Hd7VN0UKn0DQOw0AR
Golf sites fall into malware sand trap
Spyware, adware and Trojan authors tap Ryder Cup zeitgeist
http://mail.vnunet.com/cgi-bin1/flo/y/evPr0Hd7VN0UKn0DQFh0A2
 

Read other answers
RELEVANCY SCORE 36.4

A German mathematician called Martin von Gagern found a bug in GnuTLS , an open-source library that implements TLS...http://www.malwarecity.com/blog/devil-in-t...etails-287.html

Read other answers
RELEVANCY SCORE 36.4

Microsoft Corp., a worldwide leader in operating systems and Internet technologies, announced that it has found a major flaw in Windows XP operating system that is related to the JPEG image format.

An attacker could infiltrate the user's computer by tricking the user into opening a specially coded JPEG file. Microsoft has released a patch and a specialized tool that will scan for the aforementioned vulnerability. The software giant stated that this flaw does not affect users with Windows XP Service Pack 2.

The flaw affects Windows XP, Windows 2003 Server Edition, and later versions of Microsoft Office. Some users with older Microsoft operating systems may also be affected only if they are running specialized image editing software such as Digital Image Pro and Visio 2002.

Here is a link to a plethora of information on this flaw.
 

A:Another Flaw With MS?

Deke said:

The software giant stated that this flaw does not affect users with Windows XP Service Pack 2. Click to expand...

So the moral is - get SP2 !
 

Read other 1 answers
RELEVANCY SCORE 36.4

Zero day IE7 security flaw:

http://threatpost.com/en_us/blogs/new-zero-day-flaw-discovered-ie7-112209
 

Read other answers
RELEVANCY SCORE 36.4

I found it in my startup through msconfig. I have no idea what it is.
Loads from the c:\docume~1\admini~1\applic~1\find01~1\dvd flaw.exe

A:Dvd Flaw.exe What Is It?

to BC easye35Googling on this name came up empty. The single flaw.exe was reckognized as malware. If you do CTRL ALT DEL do you see it running under processes?Please downloadProcessExplorer and see where it is refering to by selecting the process and post it here

Read other 4 answers
RELEVANCY SCORE 36

Here's another beauty - JavaVM is at it again
Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077)
http://www.microsoft.com/technet/security/bulletin/MS02-052.asp

------
Just noticed it's been rolled into the security post at the top - mod should delete this one.
 

A:JavaVM flaw

That's ok, the additional heads-up can't hurt. They really should provide another download link for the patch other than the update site, as not everyone can get there; it's not on any of their other download sites yet that I can see.
 

Read other 1 answers