• Welcome to SC4 Devotion Forum Archives.

Major flaw in Windows systems... make sure you've patched it.

Started by mgb204, May 13, 2017, 07:51:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mgb204

I know a number of the people playing SC4 are still using older O/S's, but this may apply to you, even if using a more modern system.

You may have heard about a big flaw in Windows systems that's been affecting many corporations and allegedly even the Russian government this weekend. What is the problem? In short, there is a flaw (security risk) that's been inside Windows for a very long time. The NSA/US security agencies knew about this a long time ago, but kept it quiet and used it for their own nefarious purposes. They made some special software tools, known as rootkits, that allowed them to use this vulnerability to access affected systems. A few months back, hackers managed to get hold of these tools and swiftly worked out how they worked. This weekends problems which downed Telefonica in Spain, the NHS in the UK and DB in Germany amongst others, are all related to this vulnerability.

Microsoft patched the issue for supported Windows systems, that's 7 and up, back in March. Of course you are only safe, if you have installed said updates.

After this weekends calamities though, MS took the unprecedented step of issuing a patch for older, out of support systems. That's as far back as Windows XP, Vista and Server 2003 editions. If that doesn't tell you how serious this flaw is, nothing further I say will help. Anyhow, please, please, please, if you are using an affected system, take the time to download and install the patch from here. If you are using a supported system (Win 7 onwards), you should just run Windows Update and ensure you've all the latest security patches from the Monthly Roll-Ups.

Failure to patch your system could lead to infection in the form of a blackmail scam, where your entire hard drive's files are encrypted, so you can no longer access them. The scammers are then demanding between $300-$600 to "unlock" these files for your PC. Of course, being scammers, they can't be trusted. Almost certainly your computer would be compromised in other ways. There is also no real guarantee you'll get your files back. The only solution that's safe is to fully wipe your drive and restore from a backup, assuming you have one. So you could loose all your data if you get caught out.

Wiimeiser

I only just started using my Win10 laptop again yesterday, though I got an update then; am I at risk? I wouldn't think so, if I'm receiving updates automatically...

And I assume this is no regular encryption, they can only be restored with the program that encrypted them, correct?
Pink horse, pink horse, she rides across the nation...

mgb204

The bulk of the spread of the infection is halted for now. But that doesn't mean a new attack based on the flaw won't appear.

Windows 10 handles updates for you, provided it's been connected to the internet, you are going to have the update.

As for the encryption, all encryption requires the key to decrypt the information, which you are right in saying, you won't have access too. Sometimes it's possible to work around such hacks, but as of now no information points to this possibility. Even if you could decrypt the files, having been caught, it would be safe to assume that other problems would be present. So you are pretty much looking at a full system restore to be safe if this has affected you.

Nanami

I'm not an IT but from what I read today about this treat is because of a flaw in SMBv1 feature which mostly about local area connection (LAN) stuff like printer and file sharing. The malware took advantage to spread using this flaw and it's rather fast to infect whole computers in a network once it done infecting just one in that LAN system.

aside from the march patch (MS17-010 issue) as mgb post above, there are several workaround to prevent it (taken from indonesian government announcement translated). First is about disabling SMBv1 which can easily done in Windows 8.1 and 10 from the disable/enable windows feature and can be done by using power shell as demonstrated by microsoft here. Second is by blocking the TCP port 139, 445, and 3383 which can be done from firewall configuration. After that try not to enable Macros and update good ol antivirus. Correct me if I wrong but, hopefully this kinda help to prevent the infection.

mgb204

The patch as I understand it takes care of those issues. Win10 users shouldn't have SMBv1 in the first place.

The cause of the spread is most likely to be booby-trapped e-mails or websites. But yes, once on a LAN, all computers connected will end up infected. The issue was down to something called a buffer overflow, fixed by the patch, so even if you keep SMBv1 running as before, it's no longer possible to use the flaw to get full access of a machine to install the malware.

All that technically stuff about blocking ports and disabling SMBv1 couldn't hurt if you are tech savvy enough to handle it. In fact, if Sysadmins had followed this advice in March, those systems affected, even unpatched would have been safe. But for the average person, using the patches and being up to date with Windows updates is sufficient to protect against the known threats.

Nanami

Ah thank you for the information.. Its kinda relieve to find that the patch alone should be enough to keep secure. I mean maybe I'm too paranoid about this, but yeah I've done like everything from backup my whole laptop documents, do the step above even until plug off my personal data hdd at home pc.

well I just hope that Windows 7 SP1 will keep receiving updates like 10 until the end of support time and then I might think to migrate. My problem about newer windows above 8 mostly about compatibility with older programs including sc4 which is very glitchy graphic and unplayable in 8.1 and 10. Downgrading with downgrade right to 7 is the only step I can done when windows 8 end of support reached back in 2016 instead of upgrading to 8.1 to ensure problem solved in my laptop. I hope windows 10 in future will solve these problem..

mgb204

I have plenty of issues with using Windows 10. However, to resolve the "compatibility" issues you mention, it's not an OS problem. It's related to the hardware, specifically your Graphics Card and it's drivers. Both must be able to support the legacy modes that are used for DX7 for SC4. This is becoming a problem for newer cards/driver revisions. However, software rendering is always there as a fail safe.

Many changes with WDDM (a driver component of Windows) for Win10, actually make compatibility even better for many. But in the end it will always depend somewhat on your system.