Tag Archives: shut

Microsoft shuts down zero-day exploit on September Patch Tuesday

Microsoft shut down a zero-day vulnerability launched by a Twitter user in August and a denial-of-service flaw on September Patch Tuesday.

A security researcher identified by the Twitter handle SandboxEscaper shared a zero-day exploit in the Windows task scheduler on Aug. 27. Microsoft issued an advisory after SandboxEscaper uploaded proof-of-concept code on GitHub. The company fixed the ALPC elevation of privilege vulnerability (CVE-2018-8440) with its September Patch Tuesday security updates. A malicious actor could use the exploit to gain elevated privileges in unpatched Windows systems.

“[The attacker] can run arbitrary code in the context of local system, which pretty much means they own the box … that one’s a particularly nasty one,” said Chris Goettl, director of product management at Ivanti, based in South Jordan, Utah.

The vulnerability requires local access to a system, but the public availability of the code increased the risk. An attacker used the code to send targeted spam that, if successful, implemented a two-stage backdoor on a system.

“Once enough public information gets out, it may only be a very short period of time before an attack could be created,” Goettl said. “Get the Windows OS updates deployed as quickly as possible on this one.”

Microsoft addresses three more public disclosures

Administrators should prioritize patching three more public disclosures highlighted in September Patch Tuesday.

Microsoft resolved a denial-of-service vulnerability (CVE-2018-8409) with ASP.NET Core applications. An attacker could cause a denial of service with a specially crafted request to the application. Microsoft fixed the framework’s web request handling abilities, but developers also must build the update into the vulnerable application in .NET Core and ASP.NET Core.

Chris Goettl of IvantiChris Goettl

A remote code execution vulnerability (CVE-2018-8457) in the Microsoft Scripting Engine opens the door to a phishing attack, where an attacker uses a specially crafted image file to compromise a system and execute arbitrary code. A user could also trigger the attack if they open a specially constructed Office document.

“Phishing is not a true barrier; it’s more of a statistical challenge,” Goettl said. “If I get enough people targeted, somebody’s going to open it.”

This exploit is rated critical for Windows desktop systems using Internet Explorer 11 or Microsoft Edge. Organizations that practice least privilege principles can mitigate the impact of this exploit.

Another critical remote code execution vulnerability in Windows (CVE-2018-8475) allows an attacker to send a specially crafted image file to a user, who would trigger the exploit if they open the file.

September Patch Tuesday issues 17 critical updates

September Patch Tuesday addressed more than 60 vulnerabilities, 17 rated critical, with a larger number focused on browser and scripting engine vulnerabilities.

“Compared to last month, it’s a pretty mild month. The OS and browser updates are definitely in need of attention,” Goettl said.

Microsoft closed two critical remote code execution flaws (CVE-2018-0965 and CVE-2018-8439) in Hyper-V and corrected how the Microsoft hypervisor validates guest operating system user input. On an unpatched system, an attacker could run a specially crafted application on a guest operating system to force the Hyper-V host to execute arbitrary code.

Microsoft also released an advisory (ADV180022) for administrators to protect Windows systems from a denial-of-service vulnerability named “FragmentSmack” (CVE-2018-5391). An attacker can use this exploit to target the IP stack with eight-byte IP fragments and withholding the last fragment to trigger full CPU utilization and force systems to become unresponsive.

Microsoft also released an update to a Microsoft Exchange 2010 remote code execution vulnerability (CVE-2018-8154) first addressed on May Patch Tuesday. The fix corrects the faulty update that could break functionality with Outlook on the web or the Exchange Control Panel. 

“This might catch people by surprise if they are not looking closely at all the CVEs this month,” Goettl said.

Cheap laptops, HP and Samsung

I have the above laptops for sale.

The HP has started to shut down unexpectedly from time to time easy fix for someone.
HP CQ58
15.6”
i5 cpu
4GB ram
500gb hdd
HDMI
DVD drive
Windows 10
Office 2007
Comes with charger

SOLD

Samsung Notebook NP530U3B (marks from keyboard on screen, but does not affect viewing)
500GB hard drive
6GB ram
USB3.0
Windows 10
Office 2010
Comes with charger

SOLD

Price and currency: Individually priced
Delivery: Delivery cost is included within my…

Cheap laptops, HP and Samsung

Cheap laptops, Toshiba, HP and Surface RT

I have the above laptops for sale.

The HP has started to shut down unexpectedly from time to time easy fix for someone.
HP CQ58
15.6”
i5 cpu
4GB ram
500gb hdd
HDMI
DVD drive
Windows 10
Office 2007
Comes with charger

£70.00 delivered

Toshiba also an older model
Satellite C670D
17”
AMD cpu
DVD drive
4GB ram
320GB hard drive
Windows 10
Office 2007
Comes with charger

£55.00

Samsung Notebook NP530U3B (marks from keyboard on screen, but does not affect viewing)
500GB hard drive
6GB ram
USB3.0…

Cheap laptops, Toshiba, HP and Surface RT

Cheap laptops, Toshiba, HP and Surface RT

I have the above laptops for sale.

The HP has started to shut down unexpectedly from time to time easy fix for someone.
HP CQ58
15.6”
i5 cpu
4GB ram
500gb hdd
HDMI
DVD drive
Windows 10
Office 2007
Comes with charger

£70.00 delivered

Toshiba also an older model
Satellite C670D
17”
AMD cpu
DVD drive
4GB ram
320GB hard drive
Windows 10
Office 2007
Comes with charger

£65.00

Samsung Notebook NP530U3B (marks from keyboard on screen, but does not affect viewing)
500GB hard drive
6GB ram
USB3.0…

Cheap laptops, Toshiba, HP and Surface RT

Cheap laptops, Acer, Toshiba, HP and Samsung

I have the above laptops for sale.

The HP has started to shut down unexpectedly from time to time easy fix for someone.
HP CQ58
15.6”
i5 cpu
4GB ram
500gb hdd
HDMI
DVD drive
Windows 10
Office 2007
Comes with charger

£70.00 delivered

The Acer is an older model, but works perfectly.
15.6”
Acer Aspire 5552
AMD Phenom II x3 Mobile Processor
ATI Mobility Radeon HD 4250
DVD drive
320gb Hard Drive
4GB Ram
Windows 10
Office 2007
Comes with charger

£55.00 delivered

Toshiba also an older model…

Cheap laptops, Acer, Toshiba, HP and Samsung

For Trade – v2 saphire fury x. for gtx980ti

getting shut of my free-sync monitor so would like a swap for a 980ti. no coil whine as its the 2nd version,runs quite and cool.

Delivery: Delivery cost is included within my country
Payment method: paypal gift
Location: bradford.west yorkshire.
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Code42 CrashPlan for Home ending, Carbonite seeks its users

Code42, which started out selling backup to consumers, will shut down its consumer cloud backup product in 2018 to focus on data protection for the enterprise, small business and education sectors.

Code42 CrashPlan for Home will reach its end of life on Oct. 22, 2018, the company said Tuesday. The vendor will refer CrashPlan for Home customers to online backup rival Carbonite. Code42 will also try to convert small businesses using its Home product to CrashPlan for Small Business.

Code42’s consumer business has dwindled to about 10% of its total customer base.

Code42 ‘sad to move on,’ but ready for next step

Minneapolis-based Code42 originated 16 years ago selling exclusively to consumers, said president and CEO Joe Payne. The vendor’s business mix has shifted over the years, and it now claims 47,000 business and university customers — including Duke, Stanford, Adobe and Samsung — and more than 2.4 million users.

Payne said about 40% of Code42 consumer customers are actually small businesses.

“We’ve been proud to serve all those consumers,” Payne said. “We’re a little bit sad to move on even though we know it’s the right thing.”

Code42’s move to leave the consumer backup business reflects a trend in online backup toward commercial use. Early online backup vendors such as Mozy, Carbonite and Code42 focused on consumer backup, but analyst Phil Goodwin points out growth is much faster in the commercial sector now.

“Thus, it is likely a good move for Code42, while giving Carbonite additional economy of scale in its core business,” Goodwin, IDC research director for data protection, wrote in an email.

All existing CrashPlan for Home subscriptions will be honored and receive a complimentary 60-day extension at the end of their subscription term. For the consumer customers transitioning to Code42’s small business product, Code42 is offering a 75% discount in the first year. For those customers, the small business service will be free while they pay off their old consumer contract, and then the discount kicks in. Code42 has built an instant migration wizard for consumers moving to CrashPlan for Small Business.

We’re a little bit sad to move on even though we know it’s the right thing.
Joe Paynepresident and CEO, Code42

Compared to CrashPlan for Home, the small business product has more administrative control, a compliance capability and no long-term contracts, Payne said. Small businesses pay for the number of devices connected, month to month, while most consumers had an annual subscription.

The needs of consumers were diverging from the needs of businesses, Payne said. He expects the move to allow Code42 to innovate faster for business and education customers.

Code42 recognized that there is a third option for their consumer customers: choosing an entirely different vendor. Payne noted that Twitter had lit up Tuesday with vendors offering their services to Code42 CrashPlan for Home customers. IDrive and Backblaze were among those vendors touting their products in the wake of the news.

“We knew that would happen,” Payne said.

Carbonite: From competitor to partner

Code42 approached Carbonite because of its solid products and a “strong ability to execute,” Payne said.

“We were their first choice,” said Norman Guadagno, Carbonite’s senior vice president of marketing.

The companies were the two largest providers of cloud backup for consumers and small businesses, Guadagno said. Carbonite claims more than 1.5 million customers.

“They’ve been great competition,” Guadagno said.

For each Code42 CrashPlan for Home customer, Carbonite will recommend one of its plans, based on the customer’s information. Carbonite is also providing a 50% discount on its products for the first year for those former Code42 customers, according to Payne.

“It’s not exactly apples to apples, but they do provide an excellent cloud backup service,” Payne said, noting, for example, that all Code42 plans offer unlimited usage, while not all Carbonite plans provide unlimited usage.

If a CrashPlan for Home customer switches to Carbonite, Code42 will securely delete the customer’s data. Then the customer will start fresh with Carbonite.

Guadagno said Carbonite has built a scalable cloud infrastructure that is capable of taking on an influx of new customers. Customers will transition at varied times, as subscriptions run out on different dates spread out over the next 14 months.

Like Code42, Carbonite has also accepted the reality that some customers will move elsewhere, Guadagno said.

Carbonite’s main competition will be Dell EMC’s MozyHome, IDrive and Acronis, Goodwin said.

While Carbonite has a smooth onboarding experience for new customers, Goodwin wrote, “there is really nothing concrete to compel Code42 customers to transition to Carbonite. They can choose any other competitor or do nothing. There is no automatic transfer of data from Code42 to Carbonite; Code42 [customers] will go through the onboarding process just like any other new Carbonite user. Thus, Carbonite’s challenge will be [to] incentivize CrashPlan customers to not only take action at the end of their contract but to do so with Carbonite.”

Carbonite has increased its data protection portfolio in recent years. Earlier this year, it bought Double-Take Software to improve its high availability technology. In 2015, it purchased Seagate’s EVault cloud backup and disaster-recovery-as-a-service business.

Code42 looking to grow

According to Code42, the transition does not affect any existing relationships or technology offerings with business customers, and the company is not selling or transitioning any proprietary technology, software or other intellectual property.

Payne stressed that it’s not a cost-saving measure.

“It’s a way for the business to grow,” he said.

Code42 does not plan to lay off any employees. The team supporting the Code42 CrashPlan for Home customers will transition over to the education, enterprise and small business customers.

“We made a commitment to every one of those people that they will have a job at Code42,” Payne said.

In addition, Code42 has brought in help from a third-party firm for the next 12 months, essentially doubling its support team to aid the transition.

“Nobody likes change. It’s not going to be a walk in the park,” Payne said. “We want people to know we’re trying our best.”