Massive security hole discovered in Windows-all versions

Discussion in 'Computers, Hardware, and Operating Systems' started by KX4OM, Jun 17, 2016.

ad: L-HROutlet
ad: l-rl
ad: MessiPaoloni-1
ad: L-Geochron
ad: abrind-2
ad: L-MFJ
ad: Left-2
ad: Left-3
ad: HRDLLC-2
  1. KX4OM

    KX4OM Ham Member QRZ Page

    "The vulnerability could give attackers a way to set up man-in-the-middle attacks against victims by getting them to click on a link, open a Microsoft Office document or plug in a USB drive.

    "In an interview with Dark Reading, Yang Yu, who earned a whopping $50,000 bug bounty for the discovery he’s nicknamed BadTunnel, described the impact in grandiose terms:

    "This vulnerability has a massive security impact – probably the widest impact in the history of Windows.

    "Microsoft released a fix for the vulnerability on Tuesday in security bulletin MS16-077. Users of unsupported Windows versions such as Windows XP should disable NetBIOS over TCP/IP."

    More info at the source of the quoted material:

    https://nakedsecurity.sophos.com/20...ulnerability-all-windows-users-need-to-patch/

    Ted, KX4OM
     
    KB3VWG likes this.
  2. WF9Q

    WF9Q XML Subscriber QRZ Page

    Thank you for the post.
     
    KB3VWG likes this.
  3. KC9ZHR

    KC9ZHR Ham Member QRZ Page

  4. KK4NSF

    KK4NSF Ham Member QRZ Page

    users of any version of WIN should disable NetBIOS. That particular protocol is so full of holes that hackers specifically look for it.... and have been exploiting it for decades. The really shocking thing is that it took so long for Microsoft to develop a patch for it.
     
  5. KA9JLM

    KA9JLM Ham Member QRZ Page

    It should be disabled by default.

    No Patch should be needed. MS says that they made a patch that you need to Blow Your Skirt Up.

    You should not use software that enables it without you knowing. :eek:
     
    KK4NSF likes this.
  6. KK4NSF

    KK4NSF Ham Member QRZ Page

    Actually.... Win10 should be disabled by default! ;)
     
    K5PHW and KA9JLM like this.
  7. AF6LJ

    AF6LJ Ham Member QRZ Page

    If you are not using file sharing; there is no reason to have WinBOIS installed in the first place.
     
  8. K8MHZ

    K8MHZ Ham Member QRZ Page

    I tried following the directions to disable NetBIOS on my Vista machine. The 'instructions' are useless. So I gave up.
     
    AF6LJ likes this.
  9. AF6LJ

    AF6LJ Ham Member QRZ Page

    NETBIOS.png
    To do this, open the Network and Sharing Center, select Change Adapter Settings, right-click the network connection, and select Properties. Select Internet Protocol Version 4 (TCP/IPv4) and click the Advanced button in the displayed dialog. Select the WINS tab and select the Disable NetBIOS over TCP/IP.Dec 30, 2009

    See attached picture....

     
    N6HCM likes this.
  10. K8MHZ

    K8MHZ Ham Member QRZ Page

    Thanks, Sue, but there is no 'Change Adapter Settings' in my Network and Sharing Center 'page'.
     

Share This Page

ad: elecraft