No Image

USN-3343-1: Linux kernel vulnerabilities

2017-06-29 KENNETH 0

USN-3343-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3343-1 29th June, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel Details USN 3335-1 fixed a vulnerability in the Linux kernel. However, thatfix introduced regressions for some Java applications. This updateaddresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free vulnerability in the core voltageregulator driver of the Linux kernel. A local attacker could use this tocause a denial of service or possibly execute arbitrary code.(CVE-2014-9940) It was discovered that a buffer overflow existed in the trace subsystem inthe Linux kernel. A privileged local attacker could use this to executearbitrary code. (CVE-2017-0605) Roee Hay discovered that the parallel port printer driver in the Linuxkernel [ more… ]

No Image

USN-3342-1: Linux kernel vulnerabilities

2017-06-29 KENNETH 0

USN-3342-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3342-1 29th June, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details USN 3326-1 fixed a vulnerability in the Linux kernel. However, thatfix introduced regressions for some Java applications. This updateaddresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free flaw existed in the filesystemencryption subsystem in the Linux kernel. A local attacker could use thisto cause a denial of service (system crash). (CVE-2017-7374) Roee Hay discovered that the parallel port printer driver in the Linuxkernel did not properly bounds check passed arguments. A local attackerwith write access to the kernel command line arguments could use [ more… ]

No Image

Update on Petya malware attacks

2017-06-29 KENNETH 0

Update on Petya malware attacks As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release signatures to detect and protect against the malware. Based on our investigation, the malware was initially delivered via a Ukrainian company’s (M.E.doc) update service for their finance application, which is popular in Ukraine and Russia. Once the initial compromise took hold, the ransomware used multiple tools in its arsenal to spread across impacted networks. If unpatched, the malware uses vulnerabilities CVE-2017-0144 and CVE-2017-0145 to spread across networks. Microsoft released MS17-010 in March that addressed the vulnerabilities exploited by Petya. If [ more… ]

Announcing Windows 10 Insider Preview Build 16232 for PC + Build 15228 for Mobile

2017-06-29 KENNETH 0

Announcing Windows 10 Insider Preview Build 16232 for PC + Build 15228 for Mobile Hello Windows Insiders! Today we are excited to release Windows 10 Insider Preview Build 16232 for PC to Windows Insiders in the Fast ring! We are also releasing Windows 10 Mobile Insider Preview Build 15228 to Insiders in the Fast ring. Earlier this week, we announced new end-to-end security features coming with the Windows 10 Fall Creators Update and this build for PC includes some of those new security features. A note about app updates In order to provide Windows customers with the highest quality inbox apps possible, we will pause testing new versions of our inbox apps with Windows Insiders. This means that Insiders will not receive app updates from the Windows Store for our inbox apps that are newer than the apps included in [ more… ]

UWP App Diagnostics

2017-06-29 KENNETH 0

UWP App Diagnostics At Build this year, we gave a sneak preview of a set of new APIs designed to provide diagnostic information about running apps. You can see the videos here and here – but note that these were based on a pre-release implementation. So, while the Build videos are still correct on broad functionality, the final API names are almost all slightly different. Plus, we added a couple of extra features after Build. The final versions for the upcoming release are available in the Insider builds from Build 16226, along with the corresponding SDK. At a high level, these APIs allow an app to: Enumerate a list of running apps, including UWP apps, Win32 apps, system services and so on. For each app, get process-specific metrics on: Memory usage (private commit and working set). CPU usage. Disk reads [ more… ]