No more Windows security updates for devices with incompatible antiviruses

Microsoft says that Windows users will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor doesn’t change a special registry key in the system registry. The presence of this registry key tells the Windows OS the AV product is compatible and Meltdown and Spectre patches are available for installation.

Performance impact of Spectre and Meltdown patching on Windows Systems

Terry Myerson wrote in a blog post the summary of what Microsoft has found so far. With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU) they expect most users to notice a decrease in system performance. That’s because older versions of Windows have more user-kernel transitions, such as font rendering taking place in the kernel.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show “more significant slowdowns”, but with Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU) Microsoft doesn’t expect most users to notice a change because these percentages are reflected in milliseconds.

Intel identified several security vulnerabilities in Management Engine, Server Platform Services and Trusted Execution Engine

The company’s engineers identified several security vulnerabilities in Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE). According to Intel, among the affected products are some of the Core, Xeon, Atom, Pentium and Celeron processors. Intel has released a downloadable detection tool that allows users to analyze their system for the vulnerabilities identified in security advisory. Link to download the tool is posted in the report.

New attack scheme on Office 365 corporate users

KnockKnock is discovered by Skyhigh Networks experts, who noted that the key distinction of this new attack is the nature of the accounts that are being targeted. The attack targets on system accounts that are not assigned to any one individual user. System accounts have more privileges and, in addition, they have a more loyal password policy. Having access to the account, it is easier for hackers to continue attacking the corporate network.

Researchers found a new method to bypass protection against Rowhammer attack

A group of scientists from Adelaide, Pennsylvania, Maryland and Graz University of Technology published a study that describes a new way to bypass the defense against Rowhammer attacks.

To launch an attack, hacker need to narrow down the Rowhammer data bombardment to one single row of memory cells, instead of multiple locations. According to the test results, the revised Rowhammer attack may take between 44 to 138 hours, but this shouldn’t be a problem if an attacker targets online servers and cloud providers.

Positive Technologies’ researchers detected a way that partially disables the functionality of Intel ME

During the study of internal architecture of Intel Management Engine (ME) 11, Positive Technologies experts discovered an undocumented mode that allows to partially disable the functionality of the technology. Experts remind that Intel ME has access to almost all data on the computer and the ability to execute third-party code allows to completely compromise the platform.

In their blog researchers describe how they discovered undocumented mode and how it is connected with High Assurance Platform (HAP) program.

PCs with Skype under serious threat: vulnerability CVE-2017-9948

Critical vulnerability CVE-2017-9948 –  stack buffer overflow bug that makes Skype vulnerable, allowing an attacker to remotely cause the application to crash and execute malicious code on the victim’s computer. The vulnerability exists in Skype 7.2, 7.35 and 7.36.

Microsoft has already patched the bug in Skype version 7.37.178 and users are recommended to install this version as soon as possible to make sure that they’re not targeted by attacks based on this vulnerability.

Microsoft Edge vulnerable to cookie and password theft

The Microsoft Edge browser seems to have a severe password vulnerability. Recent reports reveal that attackers or hackers could easily obtain user password and cookie files for online accounts, a vulnerability that was discovered by security expert Manuel Caballero, someone with vast experience of unearthing Edge and Internet Explorer bugs and flaws. It also seems that attacks can be customized to dump the passwords or cookies of more online services such as Amazon, Facebook, and more.