Microsoft has released a security update through Windows Update that fixes CVE-2018-0986, a vulnerability in the Microsoft Malware Protection Engine used in Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, Windows Intune Endpoint Protection, and Microsoft Forefront Endpoint Protection. Users should install the latest updates to install the fixes.
On Jan 3 Microsoft released updates addressing these vulnerabilities for the following operating systems with more to come:
Windows Server 2008 R2
Windows Server 2012 R2
Windows Server 2016
Windows Server Core
We are not recommending you install these during business hours or without Technical assistance as there are reports of systems failing to boot patch as of today
Microsoft has released an out of out of band security update for Windows Defender found on Windows 7, 10 and Server 2008. If you are running a third Party Anti Virus solution your version of Windows Defender will be disabled. If not you should run Windows Update to ensure you apply the update ASAP.
Today security experts are warning of the continued spread of WCry and of numerous variants being released over the weekend.
Typical of Any Ransomware users should be vigilant with any emails that could be carrying a payload or be links to a payload. At this point Microsoft has not ruled out any attack vectors:
We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios we believe are highly possible for this ransomware family:
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines
Microsoft has released a patch for Operating systems going as far back as XP:
Windows update MS17-010
Mainstream support for Vista ended in April 2012, Extended support is ending April 11, 2017 which means no further security updates or paid support. With no updates the use of Windows Vista is not advices and we recommend all personal and business computers be updated to Windows 7 or Windows 10.
Microsoft’s Universal APP Remote Desktop has been updated with desktop scaling options. With high DPI notebooks and two in ones (Surface etc.) becoming more popular this is a welcome feature to help prevent your remote session from being barely readable. The new feature can be found in settings:
Microsoft Remote Desktop Preview is available here: Microsoft Store
Microsoft has announced the Windows 10 Anniversary Update to be released on August 2nd. Included in this update are a significant number of improvements and new features. With the free upgrade for Windows 10 ending on July 29th, it is recommended that all users of Windows 7 or Windows 8 register for the free Windows 10 license as they can perform the update at a later date.
A new cumulative update is beginning to rollout for Windows 10 The update comes with support number KB3118754, and contains some general improvements.
Two of the four critical vulnerabilities are for Windows operating systems, one affects the Office. The most severely addressed vulnerability in the Office bulletin could allow Remote Code Execution if a user opens a specially crafted Microsoft office file.
“An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user,” Microsoft wrote. “Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”
The final critical update is for the Edge web browser in Windows 10, The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
By default Windows 10 will gather updates to the OS not only from Microsoft but from other machines that have the updates. This is enabled by default and automatically adds your workstation as an updater of Windows 10 machines.
We recommend disabling this entirely or at least changing the setting to “PCs on my local network”.
The settings can be changed under Settings, Updates, Windows Updates, Choose how updates are delivered: