Microsoft releases emergency patch for Windows 7
Click here to post a comment for Microsoft releases emergency patch for Windows 7 on our message forum
Fox2232
And they forgot to mention that attacker may as well flash BIOS (unless flash protected form OS), to have full list of "popular" exploits these days...
...as it seems that flashing BIOS is most important thing attacker wants to do once he has control over system.
Picolete
If I secure my BIOS with a password, shouldn't i be secure from some of this exploits?
Fox2232
It was a joke from my side. Writing code which works at boot time and still allows normal system operation is not that easy in limited space of BIOS flash. So it is one of last targets attacker has on list. (If it even gets to list as each MB requires different BIOS and has different kinks which may prevent system from being operational and therefore lost even to attacker himself.)
Meltdown/spectre and similar are not spawning from BIOS therefore password on BIOS does not protect against them. (OS level attacks.)
But in case they allow attacker to gain control over your system, you do not need BIOS-Admin-Password. You need settings preventing BIOS flashing from OS.
Rich_Guy
Link to the patch in the catalog ?
vonSternberg
Has anyone even been affected by it? I haven't updated my Windows 7 since 2012 and have never had any issues.
Rich_Guy
Think ive found it, is this it ?
EDIT: (Yep this is it).
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4100480
Applies if you have any of these ones installed.
https://support.microsoft.com/en-gb/help/4100480/windows-kernel-update-for-cve-2018-1038
Info :-
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-1038
glutto
Such a tiny little patch.
Rich_Guy
Yep, all 22mb of it! 😀
TheDeeGee
No updates since 2012 means you're perfectly safe.
chronek
It was not a bug, it was a feature.. They released backdoor update
warlord
Like Windows 7 era. Windows 7 are not safe and sound yet, back to XP with no updates no internet stuff. Windows 10 era. Windows 10 are spying, back to Windows 7 with some patches only not a lot of internet activity to keep it under control.
RealNC
Eh, no.
This reminds of old-school mainboards having jumpers to physically shut off write access to the BIOS. What happened to that? It was a good solution.
Turanis
Tim Sneath,ex-Microsoft:
https://medium.com/@timsneath/from-windows-to-the-cloud-89d5ae28a95f
"The recent shift to the cloud has proven immensely profitable, with Microsoft stock growing to levels that seemed unfathomable just a few years ago.
The shift away from the client and Windows is clearly working as a business strategy — but it’s a seismic shift for the company and its culture.
If you’re an ecosystem partner of Microsoft, the lesson is clear — in the same way as Windows is no longer a core business, unless you’re focused on the cloud, you’re not a strategic partner."
jaggerwild
So Windows 7 is still supported?
Lebon30
Huh. I'll wait a bit to patch for this because I wanna be sure there's no issues in patching.
Until April 2020.
