Windows 10 Cumulative Updates

[Wheels-Of-Fire]

I was most interested to see that they are decoupling local search from Cortana. Maybe search will go back to finding local programs before you type the last “e” of .exe ?

Giving Sart its own host process is probably a good idea too.

[Wheels-Of-Fire]

https://insider.windows.com/en-gb/community-news/windows-insiders-vote-for-their-favorite-features-19H1/?utm_source=newsletter&utm_medium=email&utm_campaign=201904-NL45&utm_content=WIP_Body_19H1FavoriteFeatures

More Windows insiders news for those not on the list. A few more interesting bits this time.

[Richard]

Thank you for the posting @WoF, but every time that I hear the bugler call that there is a new wonder package, I fail to find much if anything to quicken my pulse. Perhaps the ability to remove some of the passenger junk such as Groove and its pals will be welcome, but the new features in the last few builds have apparently passed me by. The likes of emojis never knowingly come into my orbit and the last look at the wonderful new stuff show left me wondering why I was not slain by the excitement.

That said, I am happy that it remains stable and reliable, though for example the snipping tool continues to do all I need and is easier to use than the snip and sew or what ever it is now called.

[Wheels-Of-Fire]

I would quite like to try the Windows sand box but I can’t because it uses virtualisation so its for Pro and Enterprise only.

May be I will buy a new Pro key.

[Wheels-Of-Fire]

And they have added a new setting to focus assist, which is nice because I didn’t know such a thing existed ?

You can now block all notifications except alarms when you are using an app full screen, on top of when you are gaming or duplicating your display.

Well you will be able to when its rolled out to everyone ?

[Ed P]

I would assume that anyone reading this thread keeps their updates current. Good for you as it looks like the sky is falling. According to this link not only should you update Windows but also all your software and drivers as well!

[Wheels-Of-Fire]

Hmm. Not sure how this malware could work. To take that sort of control over a system you must instal a kernel mode driver because that is the only way that user mode code can gain access to kernel mode. Nothing much to do with permissions but you will also need admin rights to instal a kernel mode driver.

64 bit Windows is REALLY picky about what drivers it will allow and they must be signed at the very least.

[Wheels-Of-Fire]

If you happen to be a hobbyist trying to write a driver then that would be a pain but Visual Studio offers an option to turn off driver signing for one boot only and if you really want you can add an entry to the BCD that makes it permanent. You will not be able to play any protected media like that though ?

[Dave Rice]

Well the exploit tools are available so there must be a way of doing it.

Way above my knowledge.

[Ed P]

Graham it is a user level privilege escalation to kernel level (where drivers operate) via previously unknown bugs in some 40+ Microsoft signed drivers. The list of companies with badly written drivers is on the original link but includes obscure companies such as Intel, Realtek and nVidia!.

The malware need only get access to user level e.g. one of the common browser exploits.

[Wheels-Of-Fire]

I didn’t read the original post and link properly. It does say that this works by exploiting a bug in existing drivers that are already signed.

[Ed P]

Off thread a bit, but Kaspersky is good at giving a flag when updates to non-Kaspersky software  and drivers are needed.

[Ed P]

Windows 10 has such a huge security flaw that the NSA issued a warning and M$ have patched it.

Update asap obviously!

Link

[Wheels-Of-Fire]

I suppose its for security reasons but it is annoying that they never say what the flaw actually is. A flaw in the cryptographic API could be anything.

[Ed P]

Graham, there are more details here,

‘According to a security advisory published today, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.”‘

but if you know your way around elliptic curve encipherment and how you can use this to spoof Crypt32.dll you are a much better man than I. It sounds like rounding errors, but that does not get me much further in my understanding.

I think I prefer the Wired article as the more detailed article falls into my ‘too hard’ bucket.

[Ed P]

The NSA bulletin is here. I think you would need to read it in conjunction with how elliptic curves are used to generate keys in order to understand the vulnerability. If you do this and understand it then please post a synopsis of your findings.

[Ed P]

Now looks like it has little/nothing to do with the workings of elliptic curves. The Washington Post delelved into it and found the real issue is much simpler – a handshake verification failure as revealed in this blog.

the real threat was “an error in the software code that fails to properly check the authenticity [of network communications]”, in other words cryptographic certificate spoofing; a failure in the trust chain that ensures your computer is talking to who it thinks it’s talking to (or is about to install software that was actually written by those who you believe wrote it).”

[Richard]

One to watch for and it may or may not affect others is that after updating, my machine demanded a change of the ‘expired’ password. It took a little while to sort out the no_expiry_please option. As a stop gap, I changed it to something really Noddy, and then changed it back once more. The better fix was then applied, after I had a good old root of the internet.

[Ed P]

Thanks – I have updated two machines but no sign of the expired password glitch. It maybe because I do not use M$ addresses/passwords in the Admin account.

[Bob Williams]

Updated this desktop and will update SWMBO’s asap. Also came with 2 other updates:

.net framework 3.5 & 4.8 (KB4532938)

Windows Malicious Software Removal Tool for January 2020 (KB890830)

No problems so far. After my last post regarding SWMBO’s laptop, I think I will carry out a fresh install of 10 on this desktop. After backup of course.

 

When the Thought Police arrive at your door, think -
I'm out.

[Author]

Posts