Home Tags Microsoft Windows XP

Tag: Microsoft Windows XP

Why Windows 10? Microsoft stresses security

Microsoft really, really wants everyone to dump Windows XP, Windows 7, and Windows 8 in favor of Windows 10.
It's been aggressively urging users to upgrade to Windows 10, even preinstalling the Windows 10 update on PCs unasked.

This week, it provided a new incentive to encourage Windows 10 updates, especially in businesses: enhanced security. The company announced a new service built into Windows 10 called Windows Defender Advanced Threat Protection that helps IT detect and make suggestions on how respond to attacks that have made it into the network. Windows Defender ATP does not yet actually remediate any breaches that it detects, though Microsoft plans to add such capabilities in the future. (Don't confuse Windows Defender APT with Exchange Online ATP, a for-pay add-on to Office 365. Windows Defender APT complements Exchange Online ATP, not serves as an alternative to it.) Windows Defender APT is one of several security features that Microsoft has brought to Windows 10 in hopes of upping the appeal to enterprise IT departments. Others include: Credential Guard: Built into Windows 10 Enterprise and Education editions, this tool stores credentials (NTLM hashes and Kerberos tickets) with the LSASS process that manages them in an isolated Hyper-V virtualized container. Device Guard: This tool prevents untrusted apps from running on Windows 10 Enterprise PCs.
Via virtualization, it isolates the Code Integrity services from the Windows kernel.

For this to work, you have to go through and sign your apps and determine their trustworthiness.  Windows Hello: This is a biometric authentication feature built into Windows, using fingerprint matching and facial recognition. Enterprise Data Protection: This tool works with Microsoft's Intune and Configuration Manager servers, as well as with third-party mobile management servers, to encrypt enterprise data and remotely wipe enterprise data from devices. Other mobile management tools offer similar capabilities, but Microsoft's stands apart in its integration with Azure Active Directory for access management to cloud and other sevices.  Windows 10 also provides security tools included in previous Windows versions, such as a software firewall, BitLocker drive encryption, and the Windows Defender antimalware tool.

Malware on the Smart TV?

In a comment on Reddit this week, user “moeburn” raised the possibility of new malware circulating for Smart TVs: My sister got a virus on her TV. A VIRUS ON HER GODDAMN TV.It was an LG Smart TV with a built in web browser, and she managed to get a DNS Hijacker that would say “Your computer is infected please send us money to fix it” any time she tried to do anything on the TV.iff The Reddit post included this image: We immediately got to work trying to figure out if this threat was targeting connected televisions specifically or whether this was an accidental infection. Trying to connect to the webpage mentioned in the URL from the photo does not work — the domain name does not resolve to an IP at the moment. We used our favorite search engine and found many hits while looking for the domain. Besides the host “ciet8jk” (ciet8jk.[maliciousdomain].com), 27 other hosts have been assigned to that domain name and pointed to same IP address. The domain ***-browser-alert-error.com was registered on August 17th 2015. Two days later, an IP address was assigned: It appears that there were just a few days when this scam was online and thus, we’re sure the image from the TV is at least four months old. These kind of attacks are nothing new, so we started looking for a server which is currently online to see what exactly the page tries to do. Unfortunately, we weren’t able to find a live page from that very source, but while searching for the alert message shown in the photo, we found similar domains used for the same scam. A few examples: ***sweeps-ipadair-winner2.com ***-browser-infection-call-now.com The last domain listed is still online but there is no reply from the server.All the domain names mentioned have been blocked by Kaspersky Web Protection for several months. Interestingly, all the IPs belong to Amazon’s cloud (54.148.x.x, 52.24.x.x, 54.186.x.x). Although they used different providers to register the domain, they decided to host the malicious pages in the cloud. This could be because if offers another layer of anonymization, because it’s cheaper than other providers or because they were unsure about the traffic and needed something scaleable. Still unable to find a live page, we kept searching for parts of the alert message and one hit took us to HexDecoder from ddecode.com. This is a webpage that de-obfuscates scripts or entire web pages. To our surprise, all previous decodings were saved and are publically viewable. This led to a decoded script and the original HTML file. The script checks the URL parameters and displays different phone numbers based on the location of the user. Phone numbers: DEFAULT (US)          : 888581****France                         : +3397518****Australia                      : +6173106****UK                               : +44113320****New Zealand               : +646880****South Africa                : +2787550**** The JavaScript selecting the phone number was uploaded to Pastebin on July 29th 2015 and it includes all the comments that were also present in the sample we got from HexDecoder. This is another indicator that this is not a new threat. Now having the right sample, we took a look on a test machine and got this result, which is quite close to what we can see on the image from the SmartTV: The page loads in any browser and displays a popup dialog. As you can see above, it even works on Windows XP. If you try to close the dialog or the window, it will pop up again. We also ran the file on a LG Smart TV and got the same result. It was possible to close the browser, but it did not change any browser or DNS settings. Turning it off and on again solved the problem as well. It is possible that other malware was involved in the case reported on Reddit, that changed the browser or network settings. Keep in mind that you should never call those numbers! You might get charged per minute or someone at the end of the line might instruct you to download and install even more malware onto your device. So in this case, it’s not a new type of malware specifically targeting Smart TVs, but a common threat to all internet users. There are also reports that this scam has hit users on Apple MacBooks; and since it runs in the browser, it can run on Smart TVs and even on smartphones. These kinds of threats often get combined with exploits and may take advantage of vulnerabilities in the browser, Flash Player or Java. If successful, they may install additional malware on the machine or change DNS settings of your system or home router which may lead to similar symptoms. Such behaviour could not be observed in this case, since they malicious pages have been removed already.Keep in mind, there might be vulnerabilities in the software on your TV! Therefore it’s important to check if your device is up to date. Make sure you installed the latest updates for your Smart TV! Some vendors apply updates automatically, while others leave it to the user to trigger the update manually. There is malware that works on Smart TV, but it’s not really “in the wild” at the moment. There are several reasons why criminals focus on PC and smartphone users instead of Smart TVs: Smart TVs are not often used to surf the web and users seldom install any app from web pages other than the vendor’s App Store – as it is the case with mobile devices Vendors are using different operating systems: Android TV, Firefox OS, Tizen, WebOS. Hardware and OS may even change from series to series, causing malware to be incompatible. There are by far fewer users surfing the web or reading email on the TV compared to PCs or mobile devices. But remember, for example, that it’s possible to install an app from a USB stick. If your TV runs Android, a malicious app designed for an Android smartphone might even work on your TV. In a nutshell, this case isn’t malware specifically targeting Smart TVs, but be aware that such websites, as with phishing generally, work on any OS platform you’re using.Keep your eyes open!

Navy re-ups with Microsoft for more Windows XP support

$9.1M contract extension includes support for Office and Exchange 2003 as well.

Migration pains cause businesses to buy custom support for Windows XP...

In spite of support officially ending on 8 April 2014, large businesses are still running Microsoft's Windows XP operating system (OS). A new survey by systems management company, Adaptiva, found that many companies with over 10,000 PCs had yet to mig...

Biffa still using Windows XP across the company, ‘no business case’...

Migration planned, but firewalls are enough for now says David Gooding

Microsoft warns against hack that allows Windows XP updates

Microsoft has warned against using a hack that enables Windows XP to continue to receive security updates even though Microsoft officially ended support for the operating system in April. A "simple registry tweak" allows those who have not migrated to a newer version of Windows to receive updates from Microsoft, according to Betanews. The tweak pulls in the updates Microsoft is releasing for embedded versions of the 13-year-old Windows XP, which Betanews notes would be "essentially" the same as the standard version of the OS. But Microsoft has warned that Windows XP customers may face problems if they install the updates. “The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers,” Microsoft said in a statement. “Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP,” the statement said. Security experts also warned that companies should be wary of the registry hack as it could potentially have an adverse effect on their environment. “Microsoft will not be testing the patches on the full version of XP and so these updates could lead to downtime and have a negative effect on user experience,” said Andrew Avanessian, vice-president of global professional services at Windows privilege management firm Avecto. “Another consideration is system bloat. XP machines will tend be to running on older hardware, which is most likely at the end of its life, and as number of the updates will not be needed it could result in increased disk footprint,” he said. Several government have negotiated deals with Microsoft to extend support for Windows, giving them more time to migrate to a more modern operating system. The UK government won an extra year with a £5.5m deal with Microsoft. Security experts have urged all other users of Windows XP to migrate to newer operating systems or at the very least switch to a browser like Google’s Chrome or Firefox that is actively supported. Avanessian said companies unable to migrate to Windows 7 or 8 should strongly consider removing unnecessary admin and power user rights. They should also ensure staff members cannot implement the registry hack to reduce vulnerabilities to attack as much as possible. When Microsoft ended support for Windows XP, the Information Commissioner’s Office estimated that 30% of all PCs were still using Windows XP. Research by UK software firm AppSense indicated that around 77% of UK organisations were running XP somewhere in their IT estate. While Gartner estimated that up to 25% of enterprise systems was still running XP, and that a third of large organisations had more than 10% of their systems still on XP. Read more about Windows XP support Government signs £5.5m Microsoft deal to extend Windows XP support Barking and Dagenham Council swaps XP desktops for Chromebooks Computer Weekly Buyer’s Guide to Windows XP support Windows XP end of support: What to do next Microsoft urges businesses on Windows XP to migrate Failure to migrate from Windows XP could torpedo your business Windows XP support will end this year – are you prepared? Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

Microsoft’s decision to patch Windows XP is a mistake

There will always be one more emergency.

Microsoft Updates Windows XP Users for IE Zero-Day

Microsoft releases an emergency update for the Internet Explorer vulnerability. Microsoft isn't quite yet ready to abandon its Windows XP users to security threats. Today Microsoft is releasing an emergency out-...

No ‘immediate risk’ in still running Windows XP – Kingfisher

Windows XP might now no longer be supported by Microsoft, but that doesn't create an immediate risk for Kingfisher - Europe's largest DIY retailer - which has implemented a number of strategies to ensure the group isn't vulnerable due to lack of suppo...

Bug in Microsoft Security Essentials Crashes Windows XP Machines

Microsoft pushed out a bad update to its Security Essentials software, crashing Windows XP machines and underscoring the fragility of the Windows XP ecosystem. An update to Microsoft Security Essentials, the software company's free anti-malware software, crashed Windows XP computers last week, causing business disruptions to customers still relying on the outdated—and, in many cases, now-unsupported—operating system. The update caused a variety of Microsoft operating systems to restart and then fail to reboot, displaying an arcane "MsMpEng.exe application error" message, according to online posts by affected users. Many point-of-sale systems, which some businesses are protecting using Microsoft Security Essentials (MSE) as a way to meet the antivirus requirement of the Payment Card Industry PCI), still use Windows XP or related operating systems, including Windows XP Professional for Embedded Systems and Windows Embedded POSReady 2009. Those systems were affected by the update as well, according to one New England value-added reseller with more than 500 clients in the hospitality industry. While Microsoft corrected the issue within days, the bug crashed at least hundreds of machines. For the New England firm, the issue affected more than 250 machines at 50 customers who relied on the systems, a consultant at the company said on condition of anonymity. "This affected about one half of our customers running Windows XP," he told eWEEK. "This brought their business to a 100 percent standstill until we could resolve the situation. In a pinch, the only solution we could determine was to uninstall MS Essentials to get them running their business again." While uninstalling Microsoft Security Essentials worked around the issue, it also caused an additional problem: Even though Microsoft later fixed the update, MSE could not be reinstalled on Windows XP computers because the systems are no longer supported by Microsoft, the source said. The problems came just over a week after Microsoft's scheduled end of support for its 12-year-old Windows XP operating system. Standard desktop users will no longer receive updates for their systems, and Microsoft urged businesses and consumers to upgrade. However, the Windows XP versions for embedded and point-of-sale systems continue to be supported, according to the software giant. The incident shows, however, that there are holes in such support. "We were all told that Microsoft Security Essentials would be updated through July 15, 2015, no problem," one IT administrator stated on Microsoft's Community forum. "Now there are constant nag messages about your operating system not being supported, a red antivirus taskbar icon so you can't tell if you are being nagged or have a virus. And now this bug, which even caused me to pause and wonder if XP machines are actually in the process of being attacked." Microsoft declined to comment specifically on the issues, except to confirm that a problem did exist with the update to Microsoft Security Essentials and it had been fixed. The company's statement, however, did not acknowledge any major support issues caused by the update. "On April 15, 2014, Microsoft released an Antimalware Engine update that may have caused interrupted service for customers using affected Microsoft security products," the company stated in an April 21 email to eWEEK. "Microsoft corrected the issue via signature update, which automatically resolved the issue, and customers do not need to take any action." While business customers have long been urged to end their reliance on Windows XP, many cost-conscious firms are trying to avoid upgrading. "One can say the customers got what they paid for, as MS Essentials has no charge and is bundled with the operating systems," the New England technology provider said. "Our customers are small, overly cost-conscious folks that use the lowest-cost solutions available to them when possible."

Windows XP Support Expiration Not End of the World for Users

NEWS ANALYSIS: The last remaining OS that predates Microsoft's Trustworthy Computing Initiative needs to go, but the danger is no different this week than last week. The end of support for Microsoft's 12-year-ol...

Microsoft Patches Windows XP for Last Time, Along With Other Fixes

Microsoft Word and Internet Explorer get attention in this month's Patch Tuesday update, but some unpatched flaws remain. Microsoft today released its April Patch Tuesday update, providing four security bulletins, including the final updates for the Windows XP operating system. Among the most critical bulletins is MS14-017,  which details three remote code execution vulnerabilities in Microsoft Word and Office applications. Microsoft first became aware of one of the issues, identified as CVE-2014-1761, on March 24 and issued Security Advisory 2953095 to provide guidance to users. "A remote code execution vulnerability exists in the way that Microsoft Word parses specially crafted files," Microsoft explains in its security advisory on CVE-2014-1761. "An attacker who successfully exploited this vulnerability could run arbitrary code as the current user." The other two remote execution flaws patched in the MS14-017 update include CVE-2014-1758, a Microsoft Word stack overflow issue, and CVE-2014-1757, a Microsoft Office File Format converter vulnerability. The fact that it took Microsoft two weeks to patch the CVE-2014-1761 vulnerability is not surprising to Karl Sigler, manager at security vendor Trustwave.  "There were two other client-side patches released today for Internet Explorer and MS Publisher, both of which could also result in arbitrary code execution," Sigler told eWEEK. "Avoiding out-of-cycle patches and keeping these patches together helps admins in the end and makes the process a little less painful." Internet Explorer The other critical bulletin released today by Microsoft is MS14-018, which includes fixes for six privately reported vulnerabilities in the Internet Explorer Web browser. None of those vulnerabilities, however, fix any of the IE issues reported at the Pwn2own hacking event in March. IE was exploited twice during the Pwn2own 2014 event. Apple's Safari Web browser, as well as Mozilla's Firefox, were also exploited during the Pwn2own event. Apple patched Safari for its Pwn2own flaws on April 1 and Mozilla patched Firefox on March 18. "Microsoft works with the security community to protect our customers against all threats, and we are investigating possible issues identified by researchers during the Pwn2Own competition," Dustin Childs, group manager for Microsoft Trustworthy Computing, told eWEEK. "We are not aware of any attacks and the issues should not affect our customers, as Pwn2Own organizers do not publicly disclose the competition's findings." Windows XP The April Patch Tuesday update is also very noteworthy in that it is the last time that Microsoft's patches will provide fixes for the Windows XP operating system. Of the critical bulletins released this month, only the MS14-018 bulletin for IE impacts Windows XP users. Trustwave's Sigler noted that XP is 13 years old, and today's end-of-support date has been known for seven of those 13 years. "Microsoft has done more than most companies to support what should be considered legacy software by now," Sigler said. "It lacks not just the functionality but also the security features of newer OSes like Windows 7 and 8. Sigler added that in his view risk reduction is done not just through patching, but also by not continuing to use obsolete legacy software. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.