Mediaboss Marketing

The unusual decision Microsoft made to release patches on Tuesday for unsupported versions of Windows was prompted by three NSA exploits that remained unaddressed from Aprils ShadowBrokers leak.

The worst of the bunch, an attack called ExplodingCan (CVE-2017-7269), targets older versions of Microsofts Internet Information Services (IIS) webserver, version 6.0 in particular, and enables an attacker to gain remote code execution on a Windows 2003 server.

All three attacks allow an adversary to gain remote code execution; one is EsteemAudit, a vulnerability in the Windows Remote Desktop Protocol (RDP) (CVE-2017-0176), while the other is EnglishmanDentist (CVE-2017-8487), a bug in OLE (Object Linking and Embedding). Microsoft said the patches are available for manual download.

ExplodingCan merits a closer look because of the wide deployment of IIS 6.0.

Generally, when you put a Windows machine on the internet, its going to be a server and its going to run a webserver, so there are production machines on the internet running IIS 6.0 right now, said Sean Dillon, senior analyst at RiskSense and one of the first to analyze the NSAs EternalBlue exploit that spread WannaCry ransomware on May 12.

Its probably already been exploited for months now, Dillon said. At least now theres a fix thats publicly available.

Microsoft released a hefty load of patches for supported products and services on Tuesday as part of its normal Patch Tuesday update cycle. Normally, patches for unsupported versions of Windows are available only for Microsoft customers on an expensive extended support contract. The companys decision to make all of those fixes public on Tuesday, it said, was prompted by an elevated risk for destructive cyber attacks.

Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt, said Adrienne Hall, general manager of Microsofts Cyber Defense Operations Center.

In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations, Hall said. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available toallcustomers, including those using older versions of Windows.

The ShadowBrokers leak in April unleashed a number of powerful Windows attacks into the public, allegedly belonging to the Equation Group, which is widely believed to the U.S. National Security Agency. Criminals and other nation states have already been leveraging the attacks to spread not only WannaCry ransomware, but also crytpocurrency mining utilities and other types of malware.

Microsoft said customers should not expect this type of patch release for unsupported products to become the norm. Some experts have been critical of Microsot, which also made a similar update available for unsupported products hours after the WannaCry outbreak.

I wish MS would stop releasing patches for xp/2003 it really harms efforts to get rid of legacy in the corporates

Quentyn Taylor (@quentynblog) June 13, 2017

Oh no. Take Windows XP off life support. Though it cannot die with dignity, it must be allowed to die. It will be messy. But this is cruel. https://t.co/euZVdTLC0z

Katie Moussouris (@k8em0) June 13, 2017

It was the right move by Microsoft, Dillon said. We saw the damage it can cause with WannaCry. Some of the most-used infrastructure, like SCADA systems, still run on XP whether theyre getting patches or not. When you have critical things [running on XP], its a good thing they released, but it should only be looked at as a temporary solution and people should look to upgrade off of legacy versions.

Some third-party services such as 0patch have provided micro-patches for some of these vulnerabilities on legacy versions, even before the ShadowBrokers leak, Dillon said. Hopefully people who are running legacy systems have looked into other means of patching beside official fixes, he said. Although, this is great that theres an official fix.

The remaining two vulnerabilities are a lesser severity but should be patched nonetheless on legacy systems.

EsteemAudit affects RDP, but only on XP and did not require a patch for modern versions of Windows. According to Microsoft, the vulnerability exists if the RDP server has smart card authentication enabled.

EnglishmanDentist, meanwhile, is triggered because Windows OLE fails to properly validate user input, Microsoft said.

Theres a whole wide assortment of exploits that were leaked, and weve only seen a few of them actively used at a mass scale. This is just plugging a hole before it becomes a bigger problem, Dillon said.

See the original post here:
Rare XP Patches Fix Three Remaining Leaked NSA Exploits - Threatpost

Fridays, when driving home from the airport, I sometimes drive by the seven NSA concrete fortress abominations in Draper, Utah.

Are the employees inside utilizing supercomputers to vacuum up billions of e-mails, social media posts and phone calls from American heroes or deplorable violators of our rights? Without oaths and warrants based on probable cause that a crime has been committed to justify their vacuuming of our private information dont they continuously and daily violate the 4th Amendment prohibitions against such a vast collection of private data from Americans?

Are we all comfortable with their vast fishing expedition seeking information that could be used against any one of us by a federal government that has long ago escaped its Constitutional cage?

The collected data, stored in the 702 database (Section 702, 2008 Amendment Act of the 1978 Foreign Intelligence Surveillance Act) awaits the mining and use of bureaucrats who make up their own rules, doesnt it?

Your political observations, financial information, or complaints about politicians made in your e-mail, phone call, or on social media are there awaiting some future use you cant predict arent they?

Bliss W. Tew, Orem

Read the original post:
Tew: NSA site troubling for personal freedom - Daily Herald

On Tuesday, Microsoft took the highly unusual step of issuing security patches for XP and other unsupported versions of Windows. The company did this in a bid to protect the OSes against a series of "destructive" exploits developed by, and later stolen from, the National Security Agency.

Tuesday's updates, this updated Microsoft post shows, include fixes for three other exploits that were also released by the Shadow Brokers. A Microsoft blog post announcing the move said the patches were prompted by an "elevated risk of destructive cyberattacks" by government organizations.

"In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations," Adrienne Hall, general manager of crisis management at Microsoft, wrote. "To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows."

The down-level patches come in addition to the normal Patch Tuesday releases. Normal releases are delivered automatically through the Windows Update mechanism to devices running supported Windows versions, including 10, 8.1, 7, and post-2008 Windows Server releases. The down-level patches, by contrast, must be manually downloaded and installed. They are available in the Microsoft Download Center or, alternatively, in the Update Catalog and can be found here.

In a separate blog post, Eric Doerr, general manager of the Microsoft Security Response Center, said the move was designed to fix "vulnerabilities that are at [heightened] risk of exploitation due to past nation-state activity and disclosures." He went on to urge users to adopt new Microsoft products, which are significantly more resistant to exploits, and not to expect regular security fixes in the future.

"Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies," he wrote. "Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly."

The only other time in recent memory Microsoft has patched an unsupported version of Windows was in 2014, when it issued a critical update for Windows XP during the same week it decommissioned the version. Tuesday's move suggests Microsoft may have good reason to believe attackers are planning to use EsteemAudit, ExplodingCan, and EnglishmanDentist in attacks against older systems. Company officials are showing that, as much as they don't want to set a precedent for patching unsupported Windows versions, they vastly prefer that option to a potential replay of the WCry outbreak.

See the article here:
Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers - Ars Technica

Yul Williams is the technical director for the National Security Agency/Central Security Service, working with computer scientists, mathematicians and engineers to develop new technologies in the cybersecurity field that will assist the agency in its intelligence operations. In a conversation with Tom Fox, Williams described an NSA idea incubation technique that has led to many innovations. Fox is a guest writer for On Leadership and the vice president for leadership and innovation at the nonprofit, nonpartisan Partnership for Public Service. The conversation has been edited for length and clarity.

What is your main area of focus at the National Security Agency?

My work is centered on cybersecurity, and its mostly of a defensive nature. We are trying to gather ideas from the workforce that we can develop and implement to enhance our overall mission. Our CYBERx incubation model provides a venue where anyone in the workforce can present concepts to an audience of senior leaders that may have the potential to affect the manner in which we conduct business.

This post was originally featured on The Washington Posts website.

Wake up to the day's most important news.

Read this article:
Yul Williams on fostering innovation at the NSA - HuffPost

Americas top intelligence official is reneging on a promise made under the Obama administration to estimate how many Americans have been spied on using a warrant-less surveillance law intended to target foreigners. The decision to abandon that commitment isnt sitting well with civil liberties advocates who formed a coalition this week in protest.

Director of National Intelligence Dan Coats told a Senate panel last week that it was infeasible to generate an exact, accurate, meaningful, and responsive methodology to show how many Americans have been spied on under Section 702 of the Foreign Intelligence Surveillance Actthe law which enables intelligence agencies to spy on the communications of foreigners with the help of American companies such as AT&T.

Coats said the National Security Agency had already undergone a Herculean effort to determine the number, but somehow failed miserably.

Given that the NSA claims to be the largest employer of mathematicians in the country (the exact number is classified), Coatss explanation that counting is really hard seemed fairly absurd. One can only conclude that the number of Americans being spied on incidentally under 702 is so shockingly high that announcing it would endanger any chance of renewing 702's authority before it expires on January 1, 2018.

Either way, the official President Trump appointed to lead the Intelligence Community seems to have thrown his hands in the air with regard to this simple accountability request. Its astonishing, really, that the White House was able to find someone who is less inclined to be straightforward with the American public than James Clapper, the former director, whose New York Times obituary will undoubtedly contain an accusation of perjury.

Late Monday, the American Civil Liberties Unionalong with more than two dozen other digital and civil rights groupssigned a letter [PDF] criticizing Coats decision to leave the public in the dark, and with justifiable and significant concerns about the effect of Section 702 surveillance on Americans privacy and civil liberties. The letter was sent to Office of the Director of National Intelligence and then forwarded [PDF] to the chairman and ranking member of the House Judiciary CommitteeRepresentatives Bob Goodlatte and John Conyers, respectively.

Members of Congress should be outraged that the NSA has reneged on its commitment to provide an estimate of the number of Americans that the NSA spies on under Section 702, and should use every tool at their disposal to demand that this information be provided, Neema Singh Guliani, ACLU legislative counsel, said in a statement.

The executive branch has provided no credible explanation for their abrupt reversal in position, which comes after months of discussions with Congressional staff on methodologies to obtain the exact information that they now claim is impossible to determine, Guliani continued. This decision is not rooted in practicalities, but rather part of an overall effort to withhold key information about Section 702 while the program is being debated in Congress.

Aside from the ACLU, 32 other groups signed on to the letter, including the Brennan Center for Justice, the Electronic Frontier Foundation, Demand Progress, and the Sunlight Foundation. The groups charge Coats with backtracking specifically for political reasons (as opposed to practical ones). It is critical to allow the American people and their representatives to fully understand the impact Section 702 has on their privacy and civil liberties as Congress considers reauthorization of the law, they said.

Rep. Conyers did not immediately respond to a request for comment. An aide to Rep. Goodlatte referred questions to a Judiciary Committee spokesperson, who likewise did not return a request for comment.

Update, 1:56pm: A Republican House Judiciary Committee aide provided Gizmodo the following comment:

As the House Judiciary Committee seeks to reauthorize and reform FISA Section 702, it is imperative that Members of Congress understand the impact of this intelligence-gathering program on U.S. persons. While Director Coats has indicated that it is not feasible to provide this information, the Committee will continue to explore with the agencies various options for obtaining the desired information. Chairman Goodlatte looks forward to working with Director Coats and others on efforts to reauthorize this critical intelligence-gathering program and to ensure it protects Americans civil liberties.

See the original post here:
Intel Chief Says He Cannot Reveal How Many Americans the NSA Spied On Because He Cannot Count Them All - Gizmodo