Dynadot

security Critical Security Vulnerability in Windows - Protect Your Domains!

Spaceship Spaceship

How often do you update your computer?

  • This poll is still running and the standings may change.
  • Daily

  • Weekly

  • Monthly

  • Only when I'm bored

  • Never

  • This poll is still running and the standings may change.

Results are only viewable after voting.
With all the recent web-related security vulnerabilities in Mac and Linux, it's finally Microsoft's turn to take the blame. Make sure you protect your computer so you don't lose any domains!

A patch for Windows 7 and higher released April 14, 2015 fixed a vulnerability known as as HTTP.sys.vuln, or more formally MS15-034. The vulnerability most likely exists on earlier versions of Windows, including XP and Vista, but those versions will not be receiving patches. If you're on Windows 7 or 8.1, update! If you're still on XP, it might just be time to get a new computer. Note that antivirus software probably isn't going to help you this time, though a good firewall could mitigate some attacks. Web accounts are often targeted by widespread attacks, so make sure you enable two-factor authentication where possible. Many registrars and e-mail providers support 2FA, including Uniregistry, GoDaddy, Namecheap, Dynadot, and Google.

HTTP.sys was introduced alongside IIS 6 in the Windows XP/2003 era. It's used by many networking-related services that run on typical desktop and laptop computers, even if IIS isn't installed. I also found a variety of common third-party programs on my computers that were using it. Web servers running Windows are at the greatest risk because the web service, IIS, is deliberately exposed to the Internet; however, that doesn't mean personal computers are in the clear.

Remember the Heartbleed vulnerability that gained a lot of publicity not too long ago? HTTP.sys.vuln is similar in effect to that. The first known Proof-of-Concept exploit is able to scan for vulnerable systems, and optionally induce the infamous Blue Screen of Death with a minor modification. Since then, other researchers have been able to read arbitrary memory from insecure systems. This memory could theoretically contain confidential information, such as encryption keys, passwords, or credit card numbers. If you're a domainer, this compromises the security of your entire portfolio.

Microsoft has indicated that the vulnerability may even allow remote code execution; in this case, that would mean an attacker could run anything on your computer at the most privileged level, bypassing all permissions and security software. As of April 26, there don't seem to be any attacks of this type in the wild yet, but they'll inevitably surface in the near future.

This is a good reminder that it's important to install all operating system updates at least once per week, no matter what platform you're on. It's also important to stay on a recent version of your platform of choice. This means that if you're a Windows fan, you're not using anything prior to Windows 7. Hackers typically go for low-hanging fruit, and users with software that has reached End-Of-Life are in that category. Antivirus software can't adequately protect a system that is out-of-date. Chances are you conduct a fair amount of business on the Internet, which is all the more reason to invest a little extra time in the security of your computer.
 
16
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
https://www.malwarebytes.org/ <-- I use and would recommend this program
(not affiliated with them in any way whatsoever, just free info for the community )
free sprware,adware, etc remover
 
0
•••
2
•••
With all the domain theft lately, this is great advice that is often overlooked: computer updates improve our security, and improved security helps protect our domains!
 
0
•••
I switched to Mac long time ago:roll:
 
0
•••
I have stop doing updates since updates did crash my pc and my friend's pcs. No problem since then!
 
0
•••
I switched to Mac long time ago:roll:

Mac isn't any more secure than Windows or Linux. The security news just doesn't make the headlines because large enterprises don't use Mac. For example, there was a pretty big security vulnerability with SSL about a year ago that Apple left unpatched for far too long; it was a result of a typo in the source code. Of course, nobody cared to talk about it, because Apple is perfect. ;)

Mac is becoming an increasingly easy target for malware and hackers simply because Mac users tend to believe they're immune to such things. This makes them a bit careless, so they're more likely to fall for the typical array of click-to-install malware that historically plagued Windows users. This problem is only going to get worse as more people switch to Mac.

I have stop doing updates since updates did crash my pc and my friend's pcs. No problem since then!

It's important to follow the directions when you update and not turn off or unplug your computer. If you have a laptop, don't close the lid and leave it plugged in. This goes for any operating system. It's also important that you install all available updates, not just a few. If your'e on Windows, make sure you manually check for and install optional updates as well; these often fix hardware issues that could result in your computer crashing.

I'd recommend updating your computer at least this one time, because you're going to be vulnerable if you don't.
 
0
•••
I received the following error:

The Update is not applicable to your system. :(
 
0
•••
Exactly where is the link to the patch?
 
0
•••
Windows auto updates on my computer.
Have never had a single problem.

Daughter has mac.
Granddaughter clicked on link in facebook.
Took 4 days to get the computer back to normal.
And cost something like $150 to have someone do the cleaning.
 
1
•••
Back