Author Topic: Technical  (Read 1477141 times)

0 Members and 6 Guests are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2940 on: April 23, 2020, 08:31:43 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2941 on: April 24, 2020, 10:53:22 AM »
"I'll ask your body": SMBGhost pre-auth RCE abusing Direct Memory Access structs
https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2942 on: April 25, 2020, 07:15:12 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2943 on: April 26, 2020, 07:50:43 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2944 on: April 27, 2020, 06:44:37 AM »
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: Technical
« Reply #2945 on: April 27, 2020, 11:07:45 AM »
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html

From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2946 on: April 27, 2020, 11:47:55 AM »
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981
Yes, but unfortunately the basic problem persists...

The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48512
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Technical
« Reply #2947 on: April 27, 2020, 02:07:42 PM »
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981
Yes, but unfortunately the basic problem persists...

The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.
This also doesn't mention the fact that Microsoft is very busy changing the whole way Windows will be updated in the future.
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO



Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2948 on: April 27, 2020, 02:19:15 PM »
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48512
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Technical
« Reply #2949 on: April 27, 2020, 02:40:40 PM »
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2950 on: April 27, 2020, 02:50:17 PM »
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
Well, if so, you should know that your comment "headline sensationalized to grab attention" is totally wrong.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48512
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Technical
« Reply #2951 on: April 27, 2020, 03:18:24 PM »
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
You're entitled to your opinion.
Well, if so, you should know that your comment "headline sensationalized to grab attention" is totally wrong.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: Technical
« Reply #2952 on: April 27, 2020, 04:06:46 PM »
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981
Yes, but unfortunately the basic problem persists...

The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.

Well that for me just confirms what I said, how can the problem still exist if the CVE-2020-0981 (that they have mentioned twice now) was released in the April 2020 updates. 

MS issued a fix(CVE-2020-0981) and your additional comments just conforms this (Forshaw reported this and confirms the same (CVE-2020-0981) fix. This is just sort of recycling old news, so that exploit shouldn't be possible if said browser sandboxes that use the win10 sandbox token/s. 

As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2953 on: April 28, 2020, 06:54:13 AM »
As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
There's also macOS/Linux/Android/iOS or even Win7/8/8.1 (if you prefer MS).
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2954 on: April 28, 2020, 06:56:04 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0