Tag Archives: closed

August Patch Tuesday closes CPU bug, two zero-day exploits

Microsoft closed two zero-day vulnerabilities and released a fix for a new exploit for Intel processors on August Patch Tuesday.

Microsoft released an advisory (ADV-180018) on the latest speculative execution side channel vulnerability in Intel Core and Xeon processors called L1 Terminal Fault. Dubbed Foreshadow by security researchers, the vulnerability lets an attacker read data as it passes between a host and a virtual machine and a hypervisor.

The earlier Spectre and Meltdown variants allowed process-to-process interactions, but this latest hardware exploit allows a guest system to retrieve data from another guest system, said Brian Secrist, content manager at Ivanti, based in South Jordan, Utah.  

Once again, we have a bunch of hoops to jump through to get to full remediation… 2018 is keeping us real busy.
Brian Secristcontent manager, Ivanti

Full protection from Foreshadow (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) on Windows requires a registry change, Microsoft patch and Intel firmware update to close the vulnerability.

“Once again, we have a bunch of hoops to jump through to get to full remediation,” Secrist said. “2018 is keeping us real busy.”

Microsoft addresses two zero-day exploits

Microsoft also closed a pair of zero-day remote code execution vulnerabilities. The first (CVE-2018-8373), in the Microsoft Scripting Engine with known exploits that affect all versions of Internet Explorer, allows an attacker to run arbitrary code on unpatched machines in the context of users who visit a specially crafted website. Depending on the user’s rights, the attacker could install programs or view and delete data. The patch changes how the scripting engine handles objects in memory. This CVE is critical for Windows desktop systems and important for server versions.

Rated important, the second zero-day (CVE-2018-8414) uses a Windows Shell bug in Windows 10 and Windows Server SAC Server Core for remote-code execution attacks. This vulnerability requires the user to run a malicious file either from email or a web site, after which an attacker can run code at the privilege level of the current user. The patch makes Windows Shell validate file paths properly.

August Patch Tuesday closes more than 60 vulnerabilities

More than half of the 60 vulnerabilities disclosed in August Patch Tuesday affect browsers or the scripting engine. Administrators should prioritize patching workstations and servers for a critical remote code execution vulnerability (CVE-2018-8345) that triggers when viewed by a user. Microsoft resolved this exploit by correcting the processing of shortcut .LNK references.

“Because the user doesn’t have to click on the malicious .LNK file to actually exploit the vulnerability, compared to browser vulnerability, it’s more likely for a server admin to be browsing through files. If they see this shortcut and the system renders it, then that’s when the exploit runs,” said Jimmy Graham, director of product management at Qualys, based in Foster City, Calif.

Jimmy Graham, QualysJimmy Graham, Qualys

Almost every major third-party vendor released patches and updates between the July and August Patch Tuesday, said Secrist. Adobe released four updates, including fixes for Adobe Flash and Acrobat. Google Chrome released version 68, and Firefox released updates for Thunderbird.

“We haven’t seen any increase in attacks or anything, just an example of better research and better coverage of vulnerabilities,” Secrist said.

July Patch Tuesday issues anger IT workers

After the July Patch Tuesday releases, Microsoft warned customers of potential SQL Server startup problems on Windows desktop (7 and 8.1) and server (2008 R2 and 2012 R2) versions on July 26. The company released several hotfixes and recommended uninstalling the July patches. Such rollbacks of faulty Microsoft updates have become a recurring headache for administrators.

Microsoft security updates for July also caused problems for the .NET Framework. On July 16, Microsoft posted a blog that “encouraged” Exchange customers to delay applying the July 10 updates to avoid disruptions with mail delivery. Hotfixes for affected systems — all supported versions of Windows Server — did not arrive until July 17. Up until that point, the only remedy was to uninstall the .NET Framework 4.7.2 update.

“Clearly there is a quality assurance issue of some kind,” Secrist said. “There’s another .NET release this month. Hopefully they spend more time on this one. We always strongly recommend you run [patches] through a test group and make sure they are stable before you push them out.”

Jeff Guillet, CEO of EXPTA Consulting in Pacifica, Calif., reached out to the Exchange product group for more information when the disruptions first occurred and said it was a two-fold problem of “really bad patches and bad communication.”

“Nobody even acknowledged that there was a problem and then all of a sudden they said, ‘Oh, by the way, we fixed this.’ [Administrators] had to troubleshoot it themselves because there was no communication from Microsoft saying this was a problem,” said Guillet.

While the intent of Patch Tuesday is to protect systems from vulnerabilities, the recent spate of patching issues concerns some IT administrators.

“Everybody’s kind of come to terms with [monthly patching], but the expectation was that a patch isn’t going to break stuff,” said Guillet. “So if it’s going to start breaking things, now I need to worry about testing it and I don’t have time because the next patches are coming up next Tuesday.”

Not a cliché: When being ‘out and proud’ is a call to action – Microsoft Life

One of Microsoft’s directors of government affairs kept his authentic self quiet and closed off for too long. Now, he’s working to make that path easier and safer for fellow LGBTQ+ people.

By Candace Whitney-Morris

John Galligan spent half of his adult life as a closeted gay man, a time he describes as not truly living. In fact, he said he didn’t start to live his life until his early thirties.

“I was trying to be something I wasn’t,” he said. “And that slow release of power and energy, it’s exhausting and was always affecting my work. Being very good at acting like something I wasn’t . . . it’s the art that I’d perfected.”

That all changed when Galligan met his partner, now husband, 20 years ago, who helped him accept who he was, to live as a gay man proudly, and to even confront some of his own prejudices about what he assumed people could or couldn’t handle. “I thought I was protecting people by not confronting them with who I was,” he said. “I was wrong.”

The past two decades with his husband have been a journey not only of love and fun, he said, but also in helping Galligan be more accepting of his own sexuality, who he is, and who he could become.

Galligan is now out and active in his community. He’s also a senior director for Microsoft’s global government affairs team, working to protect and advance the rights of all people, including those who are LGBTQ+ and who don’t feel safe or welcome.

Across the globe, the cultural views and tolerance around being gay still vary widely. Galligan’s team focuses in part on making sure LGBTQ+ employees are safe and supported within the walls of their workplace wherever they live.

“Microsoft can be a safe place for people to bring their authentic self, even if the outside world is hostile to them, even if their friends and family might not accept them,” he said. “They can come to a place that will accept them not just for who they are but also for who they can be.”

“I thought I was protecting people by not confronting them with who I was. I was wrong.”

Because Galligan knows what it’s like to not live his truth at work, he’s determined to help Microsoft support the rights of its employees and live up to its values of empowering every person on the planet—even when the outside culture is slow to adapt and when equality for LGBTQ+ people is lacking.

Before moving to Seattle, Galligan and his partner lived in Singapore, where there are still laws criminalizing homosexuality. And while these laws are rarely enforced, he did feel the discomfort of living in ambiguity. “The middle path is in some ways the most uncomfortable because it doesn’t challenge you to actually go out and confront systemic intolerance.”

That’s why it’s important to him that he doesn’t get too comfortable—that he remembers what some LGBTQ+ people and employees face and does what he can to help. Working in a company where the culture is attuned to human rights near and far reminds him of what inclusion feels like and what to strive for in his advocacy.

“Microsoft can be a safe place for people to bring their authentic self. They can come to a place that will accept them not just for who they are but also for who they can be.”

“I’ve never felt, in any way, excluded [at Microsoft]. I think that’s a tribute to the company, but I also think that’s a tribute to the tens of thousands of people who continue to move the company increasingly toward a diverse and inclusive environment.”

Galligan reminds himself all the time that there’s still so much to fight against. But when feelings of powerlessness threaten to steal momentum, he focuses on the power of individual contribution.

“I think the most weak and ineffectual thing we can do is to not think about what can be done on an individual level. I may not be able to change laws, but I can be proud of who I am and show others to be proud of who they are.”

He hopes that being a visible, comfortable, and confident gay man will inspire others to also be themselves and to take up the fight, because “being out and proud is not a cliché,” he said. “It’s a call to action.”

“Everyone can make a contribution, even if that contribution is to be yourself and use whatever influence you have to make the world and workplace more inclusive, more diverse, and more welcoming for everyone.”

Meet more Microsoft employees who are changing hearts and minds and advancing human rights.
https://news.microsoft.com/life/topic/pride/

See how Microsoft is celebrating Pride 2018 and how you an be an ally.
https://www.microsoft.com/pride

Learn how Microsoft and its LGBTQ+ employees push for change across borders.
https://news.microsoft.com/life/pride/

Not a cliché: When being ‘out and proud’ is a call to action – Microsoft Life

One of Microsoft’s directors of government affairs kept his authentic self quiet and closed off for too long. Now, he’s working to make that path easier and safer for fellow LGBTQ+ people.

By Candace Whitney-Morris

John Galligan spent half of his adult life as a closeted gay man, a time he describes as not truly living. In fact, he said he didn’t start to live his life until his early thirties.

“I was trying to be something I wasn’t,” he said. “And that slow release of power and energy, it’s exhausting and was always affecting my work. Being very good at acting like something I wasn’t . . . it’s the art that I’d perfected.”

That all changed when Galligan met his partner, now husband, 20 years ago, who helped him accept who he was, to live as a gay man proudly, and to even confront some of his own prejudices about what he assumed people could or couldn’t handle. “I thought I was protecting people by not confronting them with who I was,” he said. “I was wrong.”

The past two decades with his husband have been a journey not only of love and fun, he said, but also in helping Galligan be more accepting of his own sexuality, who he is, and who he could become.

Galligan is now out and active in his community. He’s also a senior director for Microsoft’s global government affairs team, working to protect and advance the rights of all people, including those who are LGBTQ+ and who don’t feel safe or welcome.

Across the globe, the cultural views and tolerance around being gay still vary widely. Galligan’s team focuses in part on making sure LGBTQ+ employees are safe and supported within the walls of their workplace wherever they live.

“Microsoft can be a safe place for people to bring their authentic self, even if the outside world is hostile to them, even if their friends and family might not accept them,” he said. “They can come to a place that will accept them not just for who they are but also for who they can be.”

“I thought I was protecting people by not confronting them with who I was. I was wrong.”

Because Galligan knows what it’s like to not live his truth at work, he’s determined to help Microsoft support the rights of its employees and live up to its values of empowering every person on the planet—even when the outside culture is slow to adapt and when equality for LGBTQ+ people is lacking.

Before moving to Seattle, Galligan and his partner lived in Singapore, where there are still laws criminalizing homosexuality. And while these laws are rarely enforced, he did feel the discomfort of living in ambiguity. “The middle path is in some ways the most uncomfortable because it doesn’t challenge you to actually go out and confront systemic intolerance.”

That’s why it’s important to him that he doesn’t get too comfortable—that he remembers what some LGBTQ+ people and employees face and does what he can to help. Working in a company where the culture is attuned to human rights near and far reminds him of what inclusion feels like and what to strive for in his advocacy.

“Microsoft can be a safe place for people to bring their authentic self. They can come to a place that will accept them not just for who they are but also for who they can be.”

“I’ve never felt, in any way, excluded [at Microsoft]. I think that’s a tribute to the company, but I also think that’s a tribute to the tens of thousands of people who continue to move the company increasingly toward a diverse and inclusive environment.”

Galligan reminds himself all the time that there’s still so much to fight against. But when feelings of powerlessness threaten to steal momentum, he focuses on the power of individual contribution.

“I think the most weak and ineffectual thing we can do is to not think about what can be done on an individual level. I may not be able to change laws, but I can be proud of who I am and show others to be proud of who they are.”

He hopes that being a visible, comfortable, and confident gay man will inspire others to also be themselves and to take up the fight, because “being out and proud is not a cliché,” he said. “It’s a call to action.”

“Everyone can make a contribution, even if that contribution is to be yourself and use whatever influence you have to make the world and workplace more inclusive, more diverse, and more welcoming for everyone.”

Meet more Microsoft employees who are changing hearts and minds and advancing human rights.
https://news.microsoft.com/life/topic/pride/

See how Microsoft is celebrating Pride 2018 and how you an be an ally.
https://www.microsoft.com/pride

Learn how Microsoft and its LGBTQ+ employees push for change across borders.
https://news.microsoft.com/life/pride/

MacBook 12″ screen protector

This is a screen protector for the 12″ MacBook Retina. Place it over the keyboard when closed to stop marks getting on the screen from the keyboard. Cures a common problem on MacBooks due to very tight tolerances between the screen and the base when closed.

It had to be imported from the US which was quite expensive. I bought it at the same time as one for another MacBook but didn’t end up using this one.

Full details here:…

MacBook 12″ screen protector

MacBook 12″ screen protector

This is a screen protector for the 12″ MacBook Retina. Place it over the keyboard when closed to stop marks getting on the screen from the keyboard. Cures a common problem on MacBooks due to very tight tolerances between the screen and the base when closed.

It had to be imported from the US which was quite expensive. I bought it at the same time as one for another MacBook but didn’t end up using this one.

Full details here:…

MacBook 12″ screen protector

MacBook 12″ screen protector

This is a screen protector for the 12″ MacBook Retina. Place it over the keyboard when closed to stop marks getting on the screen from the keyboard. Cures a common problem on MacBooks due to very tight tolerances between the screen and the base when closed.

It had to be imported from the US which was quite expensive. I bought it at the same time as one for another MacBook but didn’t end up using this one.

Full details here:…

MacBook 12″ screen protector

MacBook 12″ screen protector

This is a screen protector for the 12″ MacBook Retina. Place it over the keyboard when closed to stop marks getting on the screen from the keyboard. Cures a common problem on MacBooks due to very tight tolerances between the screen and the base when closed.

It had to be imported from the US which was quite expensive. I bought it at the same time as one for another MacBook but didn’t end up using this one.

Full details here:…

MacBook 12″ screen protector

MacBook 12″ screen protector

This is a screen protector for the 12″ MacBook Retina. Place it over the keyboard when closed to stop marks getting on the screen from the keyboard. Cures a common problem on MacBooks due to very tight tolerances between the screen and the base when closed.

It had to be imported from the US which was quite expensive. I bought it at the same time as one for another MacBook but didn’t end up using this one.

Full details here:…

MacBook 12″ screen protector

MacBook 12″ screen protector

This is a screen protector for the 12″ MacBook Retina. Place it over the keyboard when closed to stop marks getting on the screen from the keyboard. Cures a common problem on MacBooks due to very tight tolerances between the screen and the base when closed.

It had to be imported from the US which was quite expensive. I bought it at the same time as one for another MacBook but didn’t end up using this one.

Full details here:…

MacBook 12″ screen protector

MacBook 12″ screen protector

This is a screen protector for the 12″ MacBook Retina. Place it over the keyboard when closed to stop marks getting on the screen from the keyboard. Cures a common problem on MacBooks due to very tight tolerances between the screen and the base when closed.

It had to be imported from the US which was quite expensive. I bought it at the same time as one for another MacBook but didn’t end up using this one.

Full details here:…

MacBook 12″ screen protector