All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,626
    Messages:
    27,223
    Likes Received:
    50,691
    Trophy Points:
    931
    Vasudev and Dr. AMK like this.
  2. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,626
    Messages:
    27,223
    Likes Received:
    50,691
    Trophy Points:
    931
  3. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    9,695
    Messages:
    10,924
    Likes Received:
    8,264
    Trophy Points:
    931
    jclausius and Dr. AMK like this.
  4. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,626
    Messages:
    27,223
    Likes Received:
    50,691
    Trophy Points:
    931
    Warning: 0-day vulnerability in Internet Explorer (1/17/2020)
    Published on January 18, 2020 by Günter Born Borncity.com
    [​IMG][ Deutsch ] Microsoft released a security advisory for a 0-day vulnerability in Internet Explorer on January 17, 2020, which affects practically all versions of Windows (since Internet Explorer is available as a browser). There is a problem in the JScript part that could be used to execute remote code. Here is some information, including how to defuse it with a workaround.
    I test different drivers. I avoid Nvidia's DCH drivers and I don't use drivers from Clevo.
     
    Vasudev, Mr. Fox and Dr. AMK like this.
  5. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    34,882
    Messages:
    37,332
    Likes Received:
    62,972
    Trophy Points:
    931
    I suspect that the Redmond Retards are either crafting or funding the development of vulnerabilities so they can crow about Windoze OS X and Edge being supposedly "safer" products.

    In other breaking news: All people that have a pulse, regardless of the year they were born, are vulnerable to death.
     
    Vasudev, Papusan and Dr. AMK like this.
  6. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,626
    Messages:
    27,223
    Likes Received:
    50,691
    Trophy Points:
    931
    AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers techpowerup.com | Today, 08:35

    If you haven't updated your AMD Radeon drivers in a while, here's one major reason to. The company secretly patched four major security vulnerabilities affecting Radeon GPUs, in its recent Adrenalin 20.1.1 drivers, with no mention of doing so in its changelog. Talos Intelligence reports four vulnerabilities, which are are chronicled under CVE-2019-5124, CVE-2019-5146, CVE-2019-5147 and CVE-2019-5183. This class of attacks exploits a vulnerability in the AMD Radeon driver file ATIDXX64.dll, which can lead to denial of service or even remote code execution. What makes things much more serious is that this attack vector can be used to exploit the host machine from a VM (tested with VMWare). It even seems possible to trigger the vulnerability from a web page, through WebGL (which allows running 3D applications on a remote website). The vulnerabilities were tested on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guest VM, but there is no reason to assume that the issue is limited to just RX 550 as the AMD shader compiler shares a common code basis for all recent DirectX 12 GPUs.

    All vulnerabilities rely on a common attack vector: specially crafted shader code that exploits bugs in the shader compiler. Even though HLSL shader code looks similar to assembly, it actually is a relatively high-level language that gets optimized and compiled by the graphics driver. VMWare's graphics acceleration lets you run 3D graphics in virtual machines, by passing along rendering info to the host GPU and then funneling the output back into the VM. Since the shader code gets compiled using the graphics driver of the host OS, this creates interesting opportunities for attacks.

    All four vulnerabilities have been patched with Adrenalin 20.1.1 drivers. AMD rival NVIDIA also battles security vulnerabilities in secret, but the company tends to be more transparent in mentioning vulnerabilities patched in its driver release-notes. AMD's release notes for 20.1.1, in contrast omit any mention of the vulnerabilities, so most people aren't even aware that they should update their drivers to fix a security issue.

    Yeah, very nice by AMD try hide it:)
     
    Last edited: Jan 24, 2020
    Vasudev, Dr. AMK and hmscott like this.
  7. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,089
    Messages:
    20,398
    Likes Received:
    25,150
    Trophy Points:
    931
    To be fair, it's so rare for AMD to have a security issue to patch, AMD aren't used to the constant daily, weekly, monthly drone of constantly needing to warn their customers about security patches like their less secure competitors - Intel and Nvidia - and Microsoft of course, the king of security patches.

    This is a VMware vulnerability, I doubt AMD will end up reporting this to the average Windows User, that's why it isn't in the Adrenaline driver release notes. Why confuse their Windows users listing a VMware vulnerability? VMware users get their security warnings through VMware.

    The patch released through AMD's Radeon driver update is to work around holes in VMware, not holes in Windows or AMD's product's - the driver update is only for VMware vulnerabilities, so really it's up to VMware to make notice to VMware users, and they do:

    Security updates AMD Radeon Display Driver – CVE-2019-5124, CVE-2019-5146, CVE-2019-5147, & CVE-2019-5183
    Praveen Singh Posted 27 minutes ago
    https://blogs.vmware.com/security/2...ve-2019-5146-cve-2019-5147-cve-2019-5183.html

    "Greetings from VMware Security Response Center!

    We wanted to make you aware of multiple AMD security issues tracked by CVE-2019-5124, CVE-2019-5146, CVE-2019-5147, & CVE-2019-5183.

    These issues exist in AMD Radeon Display Drivers and have been shown to affect VMware Workstation running on Windows.

    Therefore, we wanted to make sure you were informed of these issues so that necessary actions can be taken to resolve them appropriately.

    AMD has issued an update to address these issues. Please see the below link:
    https://www.amd.com/en/support/kb/release-notes/rn-rad-win-20-1-1 (Radeon Software Adrenalin 2020 Edition 20.1.1 Driver for Windows)

    Customers should review the available documentation and direct technical inquiries to VMware Support for further assistance."

    Direct technical inquiries to VMware Support, not to AMD!

    If you look at the author of the VMware CVE's they all discuss this as from the point of view of being a VMware vulnerability - which would have nothing to do with a normal Windows user:

    CVE-2019-5146 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). This type of attack can be triggered from from VMware guest usermode to cause an out-of-bounds read in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).

    CVE-2019-5147 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). Such attack can be triggered from from VMware guest usermode to cause an out-of-bounds read in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).

    CVE-2019-5183 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest operating system). Such attack can be triggered from VMware guest usermode. The vulnerability will be triggered in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website), leading to potential code execution (through a vtable type-confusion).

    CVE-2019-5124 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). Such attack can be triggered from VMware guest usermode to cause a NULL pointer dereference in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).

    Getting into this detail it's clear your post doesn't belong here - it's OT to a Windows vulnerability - no Windows user running Windows on their own hardware is affected.

    This belongs in a VMware Vulnerability thread, for those running Windows as Guest on VMware.

    And, in the past I've seen these kind of VMware Guest Windows Vulnerabilities listed as such only in regards to VMware users communications - as Windows users would simply be confused by all of this - just like you. :)
     
    Last edited: Jan 24, 2020
    Vasudev and Dr. AMK like this.
  8. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,626
    Messages:
    27,223
    Likes Received:
    50,691
    Trophy Points:
    931
    Say what you want, but security patches should be listed in released notes. If one company starts to hide every security flaws they have patched all others will follow paths. Relying on other companies to know what’s fixed is pretty sweet:)

    I wonder what they hoped to gain with this.... I’m sure I know. But not a proper way to do it whatsoever what you try to say.

    For the records. I myself determine what I want to update on my machines. Not knowing what I’ll get from new patches isn’t the way I prefer. Not at all! Maybe it’s ok for others but that’s up to them.
     
    Last edited: Jan 24, 2020
    Vasudev likes this.
  9. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,089
    Messages:
    20,398
    Likes Received:
    25,150
    Trophy Points:
    931
    You've gotten all worked up about it for no reason. There's nothing nefarious going on, and it's as simple as I explained earlier.

    The patch is only needed when you are building a VMware Guest Windows 10 image, and if you are the VMware administrator and you or your company pay for VMware support - you will be getting VMware security alerts and patch alerts just like the one I posted from VMware in my last response.

    Those VMware patch alerts that are only for VMware host OS's and VMware guest OS's are only sent to the administrators that will use the information.

    The regular Windows users on a VMware cluster aren't going to be building their own Guest OS image to run on VMware, they will have a selection of pre-configured (pre-patched) images to choose from, or more likely they'll just be given a Windows login and an IP address to connect to using a remote client.

    Only a small fraction of the millions of VMware users will need to see those security and patch updates. Regular / Normal Windows users on VMware will never need or see those VMware security and patch updates.

    The only people that need to know are the VMware administrators that create the images or the DevOp's team that supports their VMware servers.

    A normal Windows user (like you) that doesn't use VMware, administrate VMware, or even know boo about any of this - that downloads Radeon Adrenaline drivers from AMD doesn't need to see the 4 VMware CVE's resolved with the latest Radeon Adrenaline driver. The 4 CVE's would be completely useless to you or any normal Windows user, and a complete waste of time.

    No one would want the millions of Windows users that download this AMD Adrenaline driver now and in the future to be subjected to reading these 4 VMware CVE's that will never apply to them.

    I'm trying to help you understand - sorry if it's not clear yet, but for me I've known about these kind of "hidden" patches and security alerts for many decades, since before VMware or Windows even existed - it's a very standard way of compartmentalizing information so as to not waste people's time that have no direct interest in the information.

    It's not hidden, it's very available to the people that need it and we know where it is and have for many years.

    If you want this sort of information from VMware, you can buy VMware Workstation Pro for about $295 (last time I checked), or get VMware Workstation Player for free (it's a limited VMware Workstation):
    https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html

    Then as a VMware Administrator you would want and need to know, but until then, it's useless information.

    I prefer recommending Virtualbox to Windows users, there's no cost and it's fully functional - hopefully it will remain that way.
    https://www.virtualbox.org/wiki/Downloads

    And, for Virtualbox users there is also no need for them to see or get alerted to the VMware CVE's, as it only applies to Administrators of VMware.

    Are you starting to understand what I am explaining? There's nothing being hidden by anyone, it's a matter of not wasting the time of people that have no interest in someone else's problems that in no way impact their lives.
     
    Last edited: Jan 24, 2020
    Vasudev likes this.
  10. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    9,695
    Messages:
    10,924
    Likes Received:
    8,264
    Trophy Points:
    931
    Oh that makes sense! I switched from Vmware to VBox since I couldn't test and install Insider release custom ISO and VBox read them perfectly and worked for wide variety of Insider releases and custom Linux ISO I made but VMware didn't.
     
    hmscott likes this.
Loading...

Share This Page