Topic: Windows Users Critical Security Update

Greetings Chordians!

For all you Windows users there is a critical update that you should all install at your earliest.  REALLY!!

https://support.microsoft.com/kb/3011780

The short of it is that if exploited it could be used to hijack your Admin Account and force your web administrator to completely recompile their web server.

Be Safe out there!

Doug

"what is this quintessence of dust?"  - Shakespeare

Re: Windows Users Critical Security Update

Doug_Smith wrote:

Greetings Chordians!

For all you Windows users there is a critical update that you should all install at your earliest.  REALLY!!

https://support.microsoft.com/kb/3011780

The short of it is that if exploited it could be used to hijack your Admin Account and force your web administrator to completely recompile their web server.

Be Safe out there!

Doug

I just received an update but this was  not included and begs the question why not?

"Growing old is not for sissies"

Re: Windows Users Critical Security Update

Russell_Harding wrote:
Doug_Smith wrote:

Greetings Chordians!

For all you Windows users there is a critical update that you should all install at your earliest.  REALLY!!

https://support.microsoft.com/kb/3011780

The short of it is that if exploited it could be used to hijack your Admin Account and force your web administrator to completely recompile their web server.

Be Safe out there!

Doug

I just received an update but this was  not included and begs the question why not?

Because the patch is only applicable to Windows servers, not workstations.

Someday we'll win this thing...

[url=http://www.aclosesecond.com]www.aclosesecond.com[/url]

4 (edited by Doug_Smith 2014-11-20 00:00:12)

Re: Windows Users Critical Security Update

jerome.oneil wrote:
Russell_Harding wrote:
Doug_Smith wrote:

Greetings Chordians!

For all you Windows users there is a critical update that you should all install at your earliest.  REALLY!!

https://support.microsoft.com/kb/3011780

The short of it is that if exploited it could be used to hijack your Admin Account and force your web administrator to completely recompile their web server.

Be Safe out there!

Doug

I just received an update but this was  not included and begs the question why not?

Because the patch is only applicable to Windows servers, not workstations.

That too Jerome, but if you scroll down the page of the link I provided, it is also applicable to Windows 8, 7, Vista, and several flavors of Server.
There are I think 3 links on the page, and one is for home users.  It was not included in the usual Tuesday patch schedule and came to my attention late last night.  This morning the IT Team (my oldest is one of them for the School District) started deployment on their 10 servers and 3800 workstations.  Although you may not knowingly use Kerberos, it is used in many web applications and "an ounce of prevention" etc..
For More Info:  http://www.zdnet.com/details-emerge-on- … 000035976/

"what is this quintessence of dust?"  - Shakespeare

Re: Windows Users Critical Security Update

Doug_Smith wrote:
jerome.oneil wrote:
Russell_Harding wrote:

I just received an update but this was  not included and begs the question why not?

Because the patch is only applicable to Windows servers, not workstations.

That too Jerome, but if you scroll down the page of the link I provided, it is also applicable to Windows 8, 7, Vista, and several flavors of Server.
There are I think 3 links on the page, and one is for home users.  It was not included in the usual Tuesday patch schedule and came to my attention late last night.  This morning the IT Team (my oldest is one of them for the School District) started deployment on their 10 servers and 3800 workstations.  Although you may not knowingly use Kerberos, it is used in many web applications and "an ounce of prevention" etc..
For More Info:  http://www.zdnet.com/details-emerge-on- … 000035976/

No, it's not applicable.  They list all their OS's on that sheet, but if you look at the detail for them

https://technet.microsoft.com/library/security/MS14-068

You'll find that the security impact for Vista, Win 7, Win 8, and Win 8.1 is "None."

This is a Kerberos weakness, and those platforms don't use Kerberos as they aren't multi-user.   Hence, no patch for those platforms.

Someday we'll win this thing...

[url=http://www.aclosesecond.com]www.aclosesecond.com[/url]

Re: Windows Users Critical Security Update

We have to take the innoculate everything path, if it does nothing at all, it takes less time than sorting the herd.  A lot of legacy stuff is still in use and all the logs had to be checked for incursion anyway.....  we are dealing with students (who can be stupid) and Facebook used Kerberos Authentication Protocol, so at least for us it seemed prudent. If not redundant.

"what is this quintessence of dust?"  - Shakespeare