Jump to content

Search the Community

Showing results for tags 'windows'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. A war is going on in my house. Yes, that’s right. I call it “The War of O.S.’s.” My wife prefers Mac. My son is clan Microsoft. And I come from the foreign land of Linux. However, in recent years, we have called a truce. I don’t bring up why I think Linux is better and they don’t try to sell me on why it’s not. As long as we keep to the treaty, there is peace at the Catron household. Well, maybe it’s not quite that bad. We are, however, people who have strong opinions, preferences, and tastes. That’s pretty much universal. Most people have a favorite sport, favorite team, favorite TV show, or favorite topping on their pizza. Not everyone drives a Ford, Dodge, or Chevy. Nor do we all have the same choice in a restaurant or shop in the same store. Everyone has their own set of likes and dislikes, some more popular than others. And that’s okay. In fact, I believe that is a very good thing. How many of us would enjoy going to a restaurant that only served one thing on the menu? Sometimes it’s good; sometimes it’s not, but there are no other choices. Would we be okay with that? Would we come back? I suppose it depends on if we like what they are serving, but for the most part, we expect businesses to give us options that way we have the freedom to choose. Now I want to tell you why I fell in love with Linux. Back in the 1990s as a young boy, I discovered computers. My dad ran a construction company and bought a brand new Tandy Computer, which I thought was fascinating. Later we got a Personal Computer with Windows 3.1. It had icons and folders, all this neat stuff that I’d never seen before. I became an avid Windows user for many years clear through Windows XP and then straight to Windows 7. There were times when things went wrong; times when I’d get malware or a virus or I’d do something to mess up the registry and have to start all over – reinstall. But for the most part, I was satisfied. It was something I knew. I understood. It was comfortable. Then came Windows 8. Yes, the infamous game changer. In 2012 Microsoft released Windows 8 with a completely new interface called the Start Page, along with other things like an app store and newly designed settings menu. The main focus for these changes was to make it easier for touchscreen usability. At first, I was excited about the new release, and even though it seemed intimidating, I learned my way around. After a while, however, I became frustrated. I could no longer use my computer the way I was used to using it. So many changes made for slower productivity. I had trouble finding things and learning to jump through new hoops to find them. I was so used to a “Start Menu,” that getting used to a “Start Page” where I felt almost forced away from having a desktop, made it seem uncomfortable and stressful. On top of that, I found the app store hardly ever worked. It would take forever to load and many times wouldn’t. But the last straw that “broke the camel’s back” was when my system kept breaking down with the “blue screen of death.” I was stuck with a computer that I could no longer use and no installation disk to reinstall the software. What was I to do? What other options were there? All I’ve ever known is Windows and every PC I’ve ever bought came preinstalled with this Operating System. It was like going to a restaurant with only one thing on the menu and now I didn’t like what they were serving. So I began to search. What got me interesting in the first place was when I found out that Office was no longer included. It was a trial that eventually you’d have to pay for. Well, that made me a little upset. Here’s software that I’ve always used, it’s always been included with the purchase of the computer, and now it’s no longer free. I’ve got to buy it on top of what I’ve already spent? That began my search for something free-of-charge that I could use in place of Microsoft’s Office Suite. I came across OpenOffice and then discovered LibreOffice. I found it very similar to what I was used to using and (YES!) FREE. That sold me. That got me thinking, were there other options out there besides Windows, without “blue screens of death,” registry issues, malware and viruses, and FREE? The answer – Yes! I found something called Linux, specifically Fedora and then Linux Mint. I installed it on my laptop and became a Linux user ever since. I’ve never looked back. Linux set me free. You see, the common misconception with Linux is that it’s something only computer gurus, geeks, and coders can use. Many people think that the only reason you’d use a Linux based Operating System is for hacking purposes. The other misconception is that a Linux based Operating System is so much different than Windows or Mac that you’d spend all your time learning something new. All of this I’ve found to be untrue, by a long shot. Yet fear – fear of the unknown is what keeps many from trying it. What is truly interesting about the Linux Community is the vastness of options. When I discovered that I had a choice, that I wasn’t stuck with something I didn’t enjoy, it was like my eyes were opened to a brand new world that I never knew existed. Plus if I didn’t like one, I could just download another distro and try it out. If something wasn’t stable or fast enough, no problem. Why? Because I had options. The popular site DistroWatch.com lists the top 100 most popular Linux distros with ratings and details for each, but there are literally hundreds, if not thousands of options available. Now if that seems intimidating, it can be, just as it would be if you went to a new restaurant and needed a few minutes to look at the menu before making a decision. But you’ll never know if it tastes good if you don’t try it. The same goes with Linux. I’m not saying that you have to try it, especially if you are satisfied with your current Windows Operating System. But don’t feel like you are stuck with what you have. Most Linux distros follow the same similar layout as Windows 7, Windows XP, or Windows 10 with an application menu on the lower left of the screen. The system tray and time are on the right with your open applications in the middle, all on the taskbar (panel) at the bottom of your screen. You don’t need to know code to use Linux. It can’t hurt, but it’s not necessary. Currently, I use KDE Neon because it is the latest and most feature-rich desktop environment in my opinion and it operates very much like Windows with more ability to configure to my liking. In the past, however, I’ve tried several different options that are available. Coming from a former Windows user, I’d recommend Linux Mint Cinnamon, Zorin OS, Feren OS, or MXLinux. Any of these would feel very at home. Although, there are many other fine choices as well. Each distro provides detailed documentation and it’s own set of preinstalled software out of the box. If you’re looking for something with not a lot of bloatware, then I’d recommend KDE Neon. Neon provides only the essentials and the latest Plasma Desktop with all the features. And never forget, having options is a good thing. You have the freedom to choose your desktop experience. Use it wisely. As far as the war in my house, well, everyone is entitled to their opinion. Source
  2. vissha

    DroidKit 1.0.0.20210916

    Lost your precious photos, important WhatsApp messages, or other valued data? Your phone got frozen, stuck on black screen, touch screen not working, or suffered another system issue? Forgot your lock screen password? Stopped by the FRP lock on your Samsung device? Don't panic. DroidKit is an all-round Android savior that can not only get lost data back to your phone, but also bring your dead phone back to life. Reliable as a pro, yet easy as pie. Save You from Phone Disasters at The Very First Moment - Recover lost photos, WhatsApp chats, messages, and more without root. - Remove lock screen on Android devices and bypass Samsung FRP lock. - Fix system issues and reinstall/upgrade OS for Samsung phones & tablets. - Clear system junk and unneeded files to speed up your phone, all in a tap. - No skills required. Save your data and phone with simple clicks in minutes. Recover Lost Data from Your Phone Instantly without Root DroidKit understands how frustrating it can be when losing data, whether it's precious memories or information that can be used as evidence in court. With the innovative Quick Recovery technique, it performs a fast scan of your phone storage, and salvages photos, WhatsApp chats and files, messages, contacts, and more essential data up to 13 types, covering almost everything you need daily. All Android phones and tablets supported. No root of your device. No tech skills required. No need to wait for days. You can get back what's lost with a few simple clicks, immediately. Go to The Ultimate Solution - Deep Recovery Besides, DroidKit also has the Deep Recovery mode, which makes a more in-depth scan of every corner in your phone storage, to find out all the deleted data that's not been overwritten yet. Built on the unparalleled NO-DATA-LOSS technology, it guarantees the highest success rate in retrieving lost data among the industry. Apart from Phone, You Can Also Retrieve Data from: Google Account Scan and preview your data in Google backups, WhatsApp backups, Google Photos/Contacts/Calendar, and feel free to pick up what you need without full restore. Crashed Phone You can even extract data from a system broken Samsung phone, to your new Android phone or to a computer, at your choice. Formatted SD Card No matter you mistakenly deleted files or formatted the SD card completely, DroidKit can always recover your lost photos, videos, and other files without a hassle. Bring Your Dead Phone Back to Life Right Away More than just rescuing your data, DroidKit rescues your inaccessible device as well, no matter it's crashed or locked. No need to send your phone out for days or even months. Get back a nicely-working device in minutes. Remove Screen Locks of Any Kind Forgot your lock screen password? Fingerprint or face unlock does not work? Not able to enter PIN on a cracked screen? No matter why you're blocked, DroidKit can help you regain access to your phone immediately. It removes all types of screen locks, whether it's PIN, password, pattern, fingerprint, or facial recognition. Samsung, LG, Motorola, and all other Android devices supported. No root required. All you need to do is a couple of clicks. Bypass FRP Lock Easily and Instantly Purchased a second-hand phone with FRP lock on? Accidentally stuck in FRP lock after a factory reset, but forgot the account details? Just bypass it! With the customized solutions designed for each Android version and device model, DroidKit guarantees the highest success rate in the industry. As a non-tech friendly solution, it asks for no tech knowledge or skills at all. You can regain access to your phone instantly without a hitch. Fix All Android OS Issues without Root No matter which type of Android issues you came across, DroidKit can fix it, without rooting your device. It handles all system problems, including black screen, frozen, touch screen not working, apps crashing, camera failed, etc. To ensure you the highest success rate, DroidKit intelligently fixes the issue with a customized solution designed for each Android OS and device model. No technical skills needed. It's easy to revive your phone like a pro right at home. Free Up Space and Speed Up Your Phone in A Click Don't let your device be cluttered up with junk. If you used to spend hours searching for what's eating the phone storage, and decide what's safe to delete, then DroidKit saves all those tedious and risky tasks for you. It smartly finds and categorizes caches, background apps, APK files, and large files on your phone. You can then view the files clearly, and feel free to wipe them all with a click or only those you don't need. No risk of mistakenly deleting system files to cause app crashes or even Android crashes. All Android phones and tablets supported. You'll enjoy a faster device with enough storage for new photos or apps. Version: 1.0.0 - 05.27 2021 Provide 4 data recovery modes: WhatsApp Recovery, Quick Recovery from Device, Deep Recovery from Device, and Data Recovery from SD Card. Support to extract data from 3 types of sources: from a system crashed device, from Google account, and from an SIM card. Unlock all types of screen locks on Android devices, such as PIN, password, pattern, fingerprint ID, face recognition, etc. Bypass FRP lock on any Samsung device running Android 6-10. Fix all Android system issues on any Samsung device. Clear system junk from all Android devices, including cached files, background apps, apk files, and large files. Home: https://www.imobie.com/droidkit/ Changelog & Tech Specs: https://www.imobie.com/droidkit/specs.htm Download - Installer Free Trial: https://www.imobie.com/go/download.php?product=dk PreActivated EXE: Site: https://www.mirrored.to Sharecode [?]: /files/0JOKYMH1/DroidKit.1.0.0.20210916_PA.rar_links
  3. Winaero Tweaker - universal tweaker software which supports Windows 7, Windows 8, Windows 8.1, Windows 10 and Windows 11. The program includes tweaks for every version of operating system from Windows 7 to Windows 10. Winaero Tweaker automatically detects the version of Windows OS you’re running and shows tweaks and customization options accordingly. The software can be installed as a portable app so you can take it with you as you move from one computer to another. ? Note: the set of available options will depend on the operating system version you are running. Winaero Tweaker features the following set of options (and this is only the beginning as more will be added over time): Special Windows 10 tweaks: Change Windows Update behavior which is locked to "Install updates automatically" in Windows 10 Technical Preview. Enable the secret hidden experimental Date & Time pane which is not enabled by default in Windows 10 Technical Preview. Enable the secret hidden experimental Login Screen which is not enabled by default in Windows 10 Technical Preview. Here you can switch between the old resizable Start menu and the new "Continuum" Start menu in Windows 10 Technical Preview. Appearance options: Aero Colors These options are inherited from my famous AeroTuner application and available for Windows 7, Windows 8 and Windows 8.1. It allows changing many Aero related hidden secret parameters in Windows 7. You can also sync the Aero color and the Start screen color in Windows 8 and Windows 8.1. In Windows 8, it also includes "Enable Window Colorization" and "High Contrast Mode" hidden settings. Customize Shortcut Arrow Customize or remove the shortcut overlay icon in Explorer. This will restart Explorer automatically. Customize Window Borders Customize the size of the window frame. You can reduce or enlarge it. Slow down window animations When enabled, you can slow down window animations by pressing and holding the Shift key. This is the the animation you see when minimizing, maximizing or closing a window. Sync Metro/Aero Color (Windows 8/Windows 8.1) Apply the color of the Start Screen to window borders and vice versa. Operating system behaviour options: Disable "Look for an app in the Store" Notification(Windows 8/Windows 8.1) Disable "Look for an app in the Store" option when an unknown file type is opened. When disabled, Windows will only show a dialog with apps installed on your PC. Disable Aero Shake The Aero Shake feature minimizes all other background windows when you shake the active window. Here you can disable or enable it. Disable Aero Snap Disable the window snapping behavior, that is, the resizing and repositioning of a window that happens when you drag it and touch the pointer to the left, top or right edges of the screen. Disable New Apps Notification(Windows 8/Windows 8.1) Enable or disable the notification "You have new apps that can open this type of file" for newly installed apps. Boot and Logon options: Disable Lock Screen (Windows 8/Windows 8.1) Here you can disable the Lock Screen if you do not want it or need it. Don't display last login user name When enabled, Windows will not display the last user that successfully signed in on the Login screen. Enable CTRL + ALT + DEL logon requirement Enable or disable the CTRL + ALT + DELETE sequence for logging on in Windows. This can require users to press CTRL+ALT+DELETE before logging on. Verbose Logon Messages Enable or disable verbose sign-in status messages. Verbose status messages may be helpful when you are troubleshooting slow startup, shutdown, logon, or logoff behavior. User accounts: Disable or Enable UAC Enable or disable User Account Control (UAC) confirmations and prompts. Disabling UAC is not secure, but it makes Windows less annoying. Enable Built-in Administrator The default account named "Administrator" remains disabled and hidden since Windows Vista. Here you can enable or disable the built-in Administrator account. Pinning options (Windows 8/Windows 8.1): Enable "Pin To Start" for all files Enable or disable the "Pin To Start" context menu command for all files and folders. Network options: Enable Network Drives over UAC Enable access to mapped Network Drives from elevated apps. By default it is turned off, so any elevated app can't access your mapped network drive. Enable TCP/IP Router Enable or disable Transmission Control Protocol/Internet Protocol (TCP/IP) forwarding to use with apps like OpenVPN. By default, TCP/IP forwarding is not enabled in Windows OS. System information View information about your PC hardware and OS including WEI score. Home: https://winaero.com/ or https://winaerotweaker.com/ Changelog: 1.31.0.1 - Changes and fixes in this release. Download Page: https://winaero.com/download-winaero-tweaker/ or https://winaerotweaker.com/download/ Downloads: Official: https://winaerotweaker.com/download/winaerotweaker.zip Official Mirror: https://www.winaerotweaker.com/ Official Telegram Channel Download: https://t.me/winaero/4735
  4. Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw. In the wild exploitation of this vulnerability (tracked as CVE-2021-40444) began on August 18 according to the company, more than two weeks before Microsoft published a security advisory with a partial workaround. According to telemetry data analyzed by security analysts at the Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center (MSTIC), the small number of initial attacks (less than 10) used maliciously crafted Office documents. These attacks targeted the CVE-2021-40444 bug "as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders." Beacons deployed on the network of at least one victim communicated with malicious infrastructure connected with several cybercrime campaigns, including human-operated ransomware. Some of the Cobalt Strike infrastructure used in the August CVE-2021-40444 attacks was also used in the past to deliver BazaLoader and Trickbot payloads — activity overlapping with associated with the DEV-0193 activity cluster, tracked by Mandiant as UNC1878, aka WIZARD SPIDER / RYUK according to RiskIQ. Payloads delivered also overlapped with DEV-0365, an activity cluster associated with infrastructure possibly used as Cobalt Strike command-and-control (C2) service (CS-C2aaS) for other groups. CVE-2021-40444-attack-chain (Microsoft) Exploited by ransomware gangs after public disclosure Microsoft also observed a massive increase in exploitation attempts within 24 hours after the CVE-2021-40444 advisory was published. "Since the public disclosure, Microsoft has observed multiple threat actors, including ransomware-as-a-service affiliates, adopting publicly disclosed proof-of-concept code into their toolkits," the researchers added. "Microsoft continues to monitor the situation and work to deconflict testing from actual exploitation." MSTIC Threat Intelligence analyst Justin Warner added that other threat groups and actors will likely continue adding CVE-2021-40444 exploits to their arsenal in the coming days and weeks. CVE-2021-40444 exploitation (Microsoft) Microsoft recommends immediately applying the CVE-2021-40444 security updates released during the September 2021 Patch Tuesday to block incoming attacks. CVE-2021-40444 impacts systems running Windows Server 2008 through 2019 and Windows 8.1 or later, and it has a severity level of 8.8 out of the maximum 10. The security updates released by Microsoft address the vulnerability for all affected Windows versions and include a Monthly Rollup, a Security Only update, and an Internet Explorer cumulative update. BleepingComputer has independently confirmed that known CVE-2021-40444 exploits no longer work after applying the September 2021 security patches. To reduce the attack surface, customers who cannot apply the security updates should implement Microsoft's workarounds (disabling ActiveX controls via Group Policy and preview in Windows Explorer). Microsoft: Windows MSHTML bug now exploited by ransomware gangs
  5. malakai1911

    Comprehensive Security Guide

    Comprehensive Security Guide NOTE: As of 1/1/2019 this guide is out of date. Until parts are rewritten, consider the below for historical reference only. i. Foreword The primary purpose of this guide is to offer a concise list of best-of-breed software and advice on selected areas of computer security. The secondary purpose of this guide is to offer limited advice on other areas of security. The target audience is an intermediately skilled user of home computers. Computer software listed are the freeware versions when possible or have free versions available. If there are no free versions available for a particular product, it is noted with the "$" symbol. The guide is as well formatted as I could make it, within the confines of a message board post. ii. Table of Contents i. Foreword ii. Table of Contents 1. Physical Security a. Home b. Computer c. Personal 2. Network Security a. Hardware Firewall b. Software Firewall 3. Hardening Windows a. Pre-install Hardening b. Post-install Hardening c. Alternative Software d. Keep Windows Up-To-Date 4. Anti-Malware a. Anti-Virus b. HIPS / Proactive Defense c. Malware Removal 5. Information and Data Security a. Privacy / Anonymity b. Encryption c. Backup, Erasure and Recovery d. Access Control (Passwords, Security Tokens) 6. Conclusion 1. Physical Security I just wanted to touch on a few things in the realm of physical security, and you should investigate physical and personal security in places other than here. a. Home How would you break in to your own home? Take a close look at your perimeter security and work inwards. Make sure fences or gates aren't easy to climb over or bypass. The areas outside your home should be well lit, and motion sensor lights and walkway lights make nice additions to poorly lit areas. If possible, your home should have a security system featuring hardwired door and window sensors, motion detectors, and audible sirens (indoor and outdoor). Consider integrated smoke and carbon monoxide detectors for safety. Don't overlook monitoring services, so the police or fire department can be automatically called during an emergency. Invest in good locks for your home, I recommend Medeco and Schlage Primus locks highly. Both Medeco and Schlage Primus locks are pick-resistant, bump-proof, and have key control (restricted copying systems). Exterior doors should be made of steel or solid-core wood and each should have locking hardware (locking doorknob or handle), an auxiliary lock (mortise deadbolt) with a reinforced strike plate, and a chain. Consider a fireproof (and waterproof) safe for the storage of important documents and valuables. A small safe can be carried away during a robbery, and simply opened at another location later, so be sure and get a safe you can secure to a physical structure (in-wall, in-floor, or secured to something reasonably considered immovable). You may be able to hide or obscure the location of your safe in order to obtain some additional security, but don't make it cumbersome for yourself to access. b. Computer Computers are easy to just pick up and take away, so the only goal you should have is to deter crimes of opportunity. For desktop computers, you may bring your desktop somewhere and an attacker may not be interested in the entire computer, but perhaps just an expensive component (video card) or your data (hard drive), and for that I suggest a well-built case with a locking side and locking front panel. There are a variety of case security screws available (I like the ones from Enermax (UC-SST8) as they use a special tool), or you can use screws with less common bits (such as tamper resistant Torx screws) to secure side panels and computer components. There are also cable lock systems available for desktop computers to secure them to another object. For laptop computers, you are going to be primarily concerned about a grab-and-go type robbery. There are a variety of security cables available from Kensington, which lock into the Kensington lock slot found on nearly all laptops, which you can use to secure it to another object (a desk or table, for example). Remember though, even if it's locked to something with a cable, it doesn't make it theft-proof, so keep an eye on your belongings. c. Personal Always be aware of your surroundings. Use your judgment, if you feel an area or situation is unsafe, avoid it altogether or get away as quickly and safely as possible. Regarding hand to hand combat, consider a self-defense course. Don't screw around with traditional martial arts (Karate, Aikido, Kung-Fu), and stay away from a McDojo. You should consider self-defense techniques like Krav Maga if you are serious about self defense in a real life context. I generally don't advocate carrying a weapon on your person (besides the legal mess that may be involved with use of a weapon, even for self-defense, an attacker could wrestle away a weapon and use it against you). If you choose to carry any type of weapon on your person for self-defense, I advise you to take a training course (if applicable) and to check with and follow the laws within the jurisdiction you decide to possess or carry such weapons. Dealing with the Police Be sure to read Know Your Rights: What to Do If You're Stopped by the Police a guide by the ACLU, and apply it. Its advice is for within the jurisdiction of the US but may apply generally elsewhere, consult with a lawyer for legal advice. You should a;so watch the popular video "Don't talk to the police!" by Prof. James Duane of the Regent University Law School for helpful instructions on what to do and say when questioned by the police: (Mirror: regent.edu) Travelling Abroad Be sure and visit the State Department or Travel Office for your home country before embarking on a trip abroad. Read any travel warnings or advisories, and they are a wealth of information for travelers (offering guides, checklists, and travel advice): (US, UK, CA). 2. Network Security As this is a guide geared towards a home or home office network, the central theme of network security is going to be focused around having a hardware firewall behind your broadband modem, along with a software firewall installed on each client. Since broadband is a 24/7 connection to the internet, you are constantly at risk of attack, making both a hardware and software firewall absolutely essential. a. Hardware Firewall A hardware firewall (router) is very important. Consider the hardware firewall as your first line of defense. Unfortunately, routers (usually) aren't designed to block outbound attempts from trojans and viruses, which is why it is important to use a hardware firewall in conjunction with a software firewall. Be sure that the firewall you choose features SPI (Stateful Packet Inspection). Highly Recommended I recommend Wireless AC (802.11ac) equipment, as it is robust and widely available. Wireless AC is backwards compatible with the earlier Wireless N (802.11n) G (802.11g) and B (802.11b) standards. 802.11ac supports higher speeds and longer distances than the previous standards, making it highly attractive. I generally recommend wireless networking equipment from Ubiquiti or Asus. Use WPA2/WPA with AES if possible, and a passphrase with a minimum of 12 characters. If you are really paranoid, use a strong random password and remember to change it every so often. Alternatives A spare PC running SmoothWall or IPCop, with a pair of NIC's and a switch can be used to turn a PC into a fully functional firewall. b. Software Firewall A software firewall nicely compliments a hardware firewall such as those listed above. In addition to protecting you from inbound intrusion attempts, it also gives you a level of outbound security by acting as a gateway for applications looking to access the internet. Programs you want can access the internet, while ones you don't are blocked. Do not use multiple software firewalls simultaneously. You can actually make yourself less secure by running two or more software firewall products at once, as they can conflict with one another. Check out Matousec Firewall Challenge for a comparison of leak tests among top firewall vendors. Leaktests are an important way of testing outbound filtering effectiveness. Highly Recommended Comodo Internet Security Comodo is an easy to use, free firewall that provides top-notch security. I highly recommend this as a first choice firewall. While it includes Antivirus protection, I advise to install it as firewall-only and use an alternate Antivirus. Alternatives Agnitum Outpost Firewall Free A free personal firewall that is very secure. Be sure to check out the Outpost Firewall Forums, to search, and ask questions if you have any problems. Online Armor Personal Firewall Free Online Armor Personal Firewall makes another great choice for those who refuse to run Comodo or Outpost. Online Armor 3. Hardening Windows Windows can be made much more secure by updating its components, and changing security and privacy related settings. a. Pre-install Hardening Pre-install hardening has its primary focus on integrating the latest available service packs and security patches. Its secondary focus is applying whatever security setting tweaks you can integrate. By integrating patches and tweaks, you will be safer from the first boot. Step 1 - Take an original Windows disc (Windows 7 or later) and copy it to a folder on your hard drive so you can work with the install files. Step 2 - Slipstream the latest available service pack. Slipstreaming is a term for integrating the latest service pack into your copy of windows. Step 3 - Integrate the latest available post-service pack updates. This can be done with a utility such as nLite or vLite, and post-service pack updates may be available in an unofficial collection (such as the RyanVM Update Pack for XP). Step 4 - Use nLite (Windows 2000/XP) or vLite (Windows Vista/7) to customize your install. Remove unwanted components and services, and use the tweaks section of nLite/vLite to apply some security and cosmetic tweaks. Step 5 - Burn your newly customized CD, and install Windows. Do not connect the computer to a network until you install a software firewall and anti-virus. b. Post-Install Hardening If you have followed the pre-install hardening section, then your aim will be to tweak settings to further lock down windows. If you hadn't installed from a custom CD, you will need to first update to the latest service pack, then install incremental security patches to become current. After updating, you'll then disable unneeded Windows services, perform some security tweaks, and use software such as xpy to tweak privacy options. Disable Services Start by disabling unneeded or unnecessary services. By disabling services you will minimize potential security risks, and use fewer resources (which may make your system slightly faster). Some good guides on disabling unnecessary services are available at Smallvoid: Windows 2000 / Windows XP / Windows Vista. Some commonly disabled services: Alerter, Indexing, Messenger, Remote Registry, TCP/IP NetBIOS Helper, and Telnet. Security Tweaks I highly recommend using a strong Local Security Policy template as an easy way to tweak windows security options, followed by the registry. Use my template (security.inf) to easily tweak your install for enhanced security (Windows 2000/XP/Vista/7): 1. Save the following attachment: (Download Link Soon!) 2. Extract the files. 3. Apply the Security Policy automatically by running the included "install.bat" file. 4. (Optional) Apply your policy manually using the following command: [ secedit /configure /db secedit.sdb /cfg "C:\<Path To Security.inf>\<template>.inf" ] then refresh your policy using the following the command:[ secedit /refreshpolicy machine_policy ] (Windows 2000), [ gpupdate ] (Windows XP/Vista/7) This template will disable automatic ("administrative") windows shares, prevent anonymous log on access to system resources, disable (weak) LM Password Hashes and enable NTLMv2, disable DCOM, harden the Windows TCP/IP Stack, and much more. Unfortunately my template can't do everything, you will still need to disable NetBIOS over TCP (NetBT), enable Data Execution Prevention (AlwaysOn), and perform other manual tweaks that you may use. Privacy Tweaks xpy (Windows 2000/XP) and vispa (Windows Vista/7) These utilities are great for modifying privacy settings. They supersede XP AntiSpy because they include all of XP Anti-Spy's features and more. You should use them in conjunction with the security tweaks I've listed above. c. Alternative Software Another simple way of mitigating possible attack vectors is to use software that is engineered with better or open security processes. These products are generally more secure and offer more features then their Microsoft counterparts. Highly Recommended Google Chrome (Web Browser) Mozilla Thunderbird (Email Client) OpenOffice.org (Office Suite) Alternatives Mozilla Firefox (Web Browser) Google Docs (Online) (Office Suite) Firefox Additions Mozilla has a Privacy & Security add-on section. There are a variety of add-ons that may appeal to you (such as NoScript). And although these aren't strictly privacy related, I highly recommend the AdBlock Plus add-on, with the EasyList and EasyPrivacy filtersets. d. Keep Windows Up-To-Date Speaking of keeping up-to-date, do yourself a favor and upgrade to at least Windows XP (for older PC's) and Windows 7 (or later) for newer PC's. Be sure to keep up-to-date on your service packs, they're a comprehensive collection of security patches and updates, and some may add minor features. Microsoft Windows Service Packs Windows 2000 Service Pack 4 with Unofficial Security Rollup Package Windows XP Service Pack 3 with Unofficial Security Rollup Package Windows XP x64 Service Pack 2 with Unofficial Security Rollup Package Windows Vista Service Pack 2 Windows 7 Service Pack 1 Microsoft Office Service Packs Office 2000 Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office XP (2002) Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office 2003 Service Pack 3 with the Office 2007 Compatibility Pack (SP3) and Office File Validation add-in. Office 2007 Service Pack 3 with the Office File Validation add-in. Office 2010 Service Pack 1 After the service pack, you still need to keep up-to-date on incremental security patches. Windows supports Automatic Updates to automatically update itself. However, if you don't like Automatic Updates: You can use WindowsUpdate to update windows periodically (Must use IE5 or greater, must have BITS service enabled), or you can use MS Technet Security to search for and download patches individually, or you can use Autopatcher, an unofficial updating utility. In addition to security patches, remember to keep virus definitions up-to-date (modern virus scanners support automatic updates so this should not be a problem), and stay current with latest program versions and updates, including your replacement internet browser and mail clients. 4. Anti-Malware There are many dangers lurking on the internet. Trojans, viruses, spyware. If you are a veteran user of the internet, you've probably developed a sixth-sense when it comes to avoiding malware, but I advocate backing up common sense with reliable anti-malware software. a. Anti-Virus Picking a virus scanner is important, I highly recommend Nod32, but there are good alternatives these days. Check out AV Comparatives for a comparison of scanning effectiveness and speed among top AV vendors. Highly Recommended Nod32 Antivirus $ I recommend Nod32 as a non-free Antivirus. Features excellent detection rates and fast scanning speed. Nod32 has a great heuristic engine that is good at spotting unknown threats. Very resource-friendly and historically known for using less memory than other AV's. There is a 30 day free trial available. Alternatives Avira AntiVir Personal I recommend Avira as a free Antivirus. Avira is a free AV with excellent detection rates and fast scanning speed. (Kaspersky no longer recommended, due to espionage concerns.) Online-Scanners Single File Scanning Jotti Online Malware Scan or VirusTotal These scanners can run a single file through a large number of different Antivirus/Antimalware suites in order to improve detection rates. Highly recommended. Whole PC Scanning ESET Online Scanner Nod32 Online Antivirus is pretty good, ActiveX though, so IE only. There is a beta version available that works with Firefox and Opera. b. HIPS / Proactive Defense Host-based intrusion prevention systems (HIPS) work by disallowing malware from modifying critical parts of the Operating System without permission. Classic (behavioral) HIPS software will prompt the user for interaction before allowing certain system modifications, allowing you stop malware in its tracks, whereas Virtualization-based HIPS works primarily by sandboxing executables. Although HIPS is very effective, the additional setup and prompts are not worth the headache for novice users (which may take to just clicking 'allow' to everything and defeating the purpose altogether). I only recommend HIPS for intermediate or advanced users that require a high level of security. Highly Recommended I highly recommend firewall-integrated HIPS solutions. Comodo Defense+ is a classic HIPS built into Comodo Internet Security, and provides a very good level of protection. Outpost and Online Armor provide their own HIPS solutions, and the component control features of the firewalls are powerful enough to keep unwanted applications from bypassing or terminating the firewall. If you want to use a different HIPS, you can disable the firewall HIPS module and use an alternative below. Alternatives Stand-alone HIPS solutions are good for users who either don't like the firewall built-in HIPS (and disable the firewall HIPS), or use a firewall without HIPS features. HIPS based on Behavior (Classic) ThreatFire ThreatFire provides a strong, free behavioral HIPS that works well in conjunction with Antivirus and Firewall suites to provide additional protection. HIPS based on Virtualization DefenseWall HIPS $ DefenseWall is a strong and easy-to-use HIPS solution that uses sandboxing for applications that access the internet. GeSWall Freeware GeSWall makes a nice free addition to the HIPS category, like DefenseWall it also uses sandboxing for applications that access the internet. Dealing with Suspicious Executables You can run suspicious executables in a full featured Virtual Machine (such as VMware) or using a standalone sandbox utility (such as Sandboxie) if you are in doubt of what it may do (though, you may argue that you shouldn't be running executables you don't trust anyway). A more advanced approach to examining a suspicious executable is to run it through Anubis, a tool for analyzing the behavior of Windows executables. It displays a useful report with things the executable does (files read, registry modifications performed, etc.), which will give you insight as to how it works. c. Malware Removal I recommend running all malware removal utilities on-demand (not resident). With a firewall, virus scanner, HIPS, and some common sense, you won't usually get to the point of needing to remove malware... but sometimes things happen, perhaps unavoidably, and you'll need to remove some pretty nasty stuff from a computer. Highly Recommended Anti-Spyware Spybot Search & Destroy Spybot S&D has been around a long time, and is very effective in removing spyware and adware. I personally install and use both Spybot & Ad-Aware, but I believe that Spybot S&D has the current edge in overall detection and usability. Anti-Trojan Malwarebytes' Anti-Malware Malwarebytes has a good trojan detector here, and scans fast. Anti-Rootkit Rootkit Unhooker RKU is a very advanced rootkit detection utility. Alternatives Anti-Spyware Ad-Aware Free Edition Ad-Aware is a fine alternative to Spybot S&D, its scanning engine is slower but it is both effective and popular. Anti-Trojan a-squared (a2) Free a-squared is a highly reputable (and free) trojan scanner. Anti-Rootkit IceSword (Mirror) IceSword is one of the most capable and advanced rootkit detectors available. 5. Information and Data Security Data can be reasonably protected using encryption and a strong password, but you will never have complete and absolute anonymity on the internet as long as you have an IP address. a. Privacy / Anonymity Anonymity is elusive. Some of the following software can help you achieve a more anonymous internet experience, but you also must be vigilant in protecting your own personal information. If you use social networking sites, use privacy settings to restrict public access to your profile, and only 'friend' people you know in real life. Don't use (or make any references to) any of your aliases or anonymous handles on any websites that have any of your personal information (Facebook, Amazon, etc..). You should opt-out from information sharing individually for all banks and financial institutions you do business with using their privacy policy choices. You should opt-out of preapproved credit offers (US), unsolicited commercial mail and email (US, UK, CA), and put your phone numbers on the "Do Not Call" list (US, UK, CA). Highly Recommended Simply install and use Tor with Vidalia to surf the internet anonymously. It's free, only downside is it's not terribly fast, but has fairly good anonymity, so it's a tradeoff. Keep in mind its for anonymity not for security, so make sure sites you put passwords in are SSL encrypted (and have valid SSL certificates), and remember that all end point traffic can be sniffed. You can use the Torbutton extension for Firefox to easily toggle on/off anonymous browsing. POP3/IMAP and P2P software won't work through Tor, so keep that in mind. Portable Anonymous Browsing The Tor Project now has a "Zero-Install Bundle" which includes Portable Firefox and Tor with Vidalia to surf anonymously from a USB memory stick pretty much anywhere with the internet. It also includes Pidgin with OTR for encrypted IM communications. Note: These won't protect you from Trojans/Keyloggers/Viruses on insecure public terminals. Never type important passwords or login to important accounts on a public computer unless it is absolutely necessary! Alternatives I2P functions similar to Tor, allowing you to surf the general internet with anonymity. IPREDator $ is a VPN that can be used to anonymize P2P/BitTorrent downloads. Freenet is notable, but not for surfing the general internet, it's its own network with its own content. b. Encryption For most people, encryption may be unnecessary. But if you have a laptop, or any sort of sensitive data (whether it be trade secrets, corporate documents, legal or medical documents) then you can't beat the kind of protection that encryption will offer. There are a variety of options available today, including a lot of software not listed here. A word to the wise, please, please don't fall for snake oil, use well established applications that use time tested (and unbroken) ciphers. Regardless of what software you use, the following "what to pick" charts will apply universally. If you have to pick an encryption cipher: Best: AES (Rijndael) (128-bit block size) Better: Twofish (128-bit block size), Serpent (128-bit block size) Good: RC6 (128-bit block size) Depreciated: Blowfish (64-bit block size), CAST5 (CAST-128) (64-bit block size), Triple-DES (64-bit block size) When encrypting large volumes of data, it is important to pick a cipher that has a block size of at least 128-bytes. This affords you protection for up to 2^64x16 bytes (264 exabytes) . 64-bit block ciphers only afford protection of up to 2^32x8 bytes (32 gigabytes) so using it as a full disk or whole disk encryption cipher is not recommended. The depreciated list is only because some of you might be stuck using software that only supports older encryption methods, so I've ordered it from what I feel is best to worst (though all three that are on there are pretty time tested and if properly implemented, quite secure). If you have to pick a hash to use: Best: Whirlpool (512-bit) Better: SHA-512 (512-bit), SHA-256 (256-bit) Good: Tiger2/Tiger (192-bit), RIPEMD-160 (160-bit) Depreciated: RIPEMD-128, SHA-1, MD-5. With all the recent advances in cryptanalysis (specifically with work on hash collisions) These days I wouldn't trust any hash that is less than 160-bits on principle. To be on the safe side, use a 192-bit, 256-bit, or 512-bit hash where available. There will be cases where your only options are insecure hashes, in which case I've ordered the "depreciated" list from best to worst (they are all varying levels of insecure). Many older hashes (MD4, MD2, RIPEMD(original), and others) are totally broken, and are not to be used. A quick software rundown, these applications are popular and trusted: Highly Recommended Freeware Whole Disk Encryption TrueCrypt Based upon E4M, TrueCrypt is a full featured disk encryption suite, and can even be run off a USB memory stick. TrueCrypt supports the whole disk encryption of Windows, with pre-boot authentication. Very nice. If you can't use whole-disk encryption (WDE), you can use the TCTEMP add-on to encrypt your swapfile, temp files and print spooler, and you can use the TCGINA add-on to encrypt your windows home directory. (Note: TCTEMP/TCGINA is less secure than WDE, and only preferable if WDE is not an option. WDE is highly recommended.) Freeware PKI Encryption GnuPG (GPG) GnuPG provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, and encryption and decryption of documents and email messages. Freeware Email Encryption Enigmail Enigmail is truly a work of art, it integrates with GnuPG and provides seamless support for encryption and decryption of email messages, and can automatically check PGP signed documents for validity. (Enigmail requires both Mozilla Thunderbird and GnuPG) Alternatives Encryption Suite (with Whole Disk and Email Encryption) PGP Full Disk Encryption $ PGP provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, encryption and decryption of documents and email messages, volume disk encryption, whole disk encryption, outlook integration, and instant messenger encryption support. c. Backup, Erasure and Recovery // This section is under construction. Backups Your data might be safe from prying eyes, but what if you are affected by hardware failure, theft, flood or fire? Regular backups of your important data can help you recover from a disaster. You should consider encryption of your backups for enhanced security. Local Backup Cobian Backup Cobian Backup is a fully-featured freeware backup utility. SyncBack Freeware, Macrium Reflect Free SyncBack Freeware and Macrium Reflect Free are feature-limited freeware backup utilities. Off-site Backup SkyDrive (25GB, filesize limited to 100MB), box.net (5GB) SkyDrive and box.net offer free online storage, useful for easy offsite backups. Be sure to utilize encrypted containers for any sensitive documents. Data Destruction It would be better to have your data residing in an encrypted partition, but sometimes that may not be possible. When sanitizing a hard drive, I recommend using a quality Block Erase tool like DBAN followed by a run-through with ATA Secure Erase if you really want a drive squeaky clean. Block erasing is good for data you can normally reach, but ATA secure erase can hit areas of the drive block erasers can't. As for multiple overwrite passes, there is no proof that data overwritten even one time can be recovered by professional data recovery corporations. For moderate security, a single pseudorandom block-erase pass (random-write) followed by an ATA Secure Erase pass (zero-write) is sufficient to thwart any attempts at data recovery. For a high level of security, a "DoD Short (3 pass)" block-erase pass followed by an ATA Enhanced Secure Erase will ensure no recovery is possible. Single-File/Free Space Erase If you are interested in just erasing single files or wiping free space, you can use the Eraser utility. Block Erase For hard drive block-erasure, use DBAN. ATA Secure Erase For ATA Secure Erasing, use the CMRR Secure Erase Utility. CMRR Secure Erase Protocols (.pdf) http://cmrr.ucsd.edu...seProtocols.pdf NIST Guidelines for Media Sanitation (.pdf) - http://csrc.nist.gov...800-88_rev1.pdf File Recovery Software This is kind of the opposite of data destruction. Keep in mind no software utility can recover properly overwritten data, so if it's overwritten there is no recovery. Highly Recommended Recuva Recuva is an easy to use GUI-based recovery utility. Alternatives TestDisk and PhotoRec These tools are powerful command-line recovery utilities. TestDisk can recover partitions, and PhotoRec is for general file recovery. Ontrack EasyRecovery Professional $ EasyRecovery is one of the best paid utilites for file recovery. d. Access Control (Passwords, Security Tokens) // This section is under construction. Secure Passwords //Section under construction. Your security is only as strong as its weakest password. There are a few basic rules to follow when creating a strong password. Length - Passwords should be at least 12 characters long. When possible, use a password of 12 or more characters, or a "passphrase". If you are limited to using less than 12 characters, you should try and make your password as long as allowable. Complexity - Passwords should have an element of complexity, a combination of upper and lowercase characters, numbers, and symbols will make your passwords much harder to guess, and harder to bruteforce. Uniqueness - Passwords should avoid containing common dictionary words, names, birthdays, or any identification related to you (social security, drivers license, or phone numbers for example). Secret - If you have a password of the utmost importance, do not write it down. Do not type them in plain view of another person or share them with anyone. Avoid use of the same password in multiple places. Security Tokens Security Tokens are cryptographic devices that allow for two-factor authentication. Google Titan Yubikey 5 Series 6. Conclusion And here we are at the end! I would like to thank all of you for taking the time to read my guide, it's a few (slow) years in the making and I've kept it up to date. This guide is always changing, so check back from time to time. Revision 1.10.020 Copyright © 2004-2012 Malakai1911, All Rights Reserved The information contained within this guide is intended solely for the general information of the reader and is provided "as is" with absolutely no warranty expressed or implied. Any use of this material is at your own risk, its authors are not liable for any direct, special, indirect, consequential, or incidental damages or any damages of any kind. This guide is subject to change without notice. Windows_Security_Template__1.10.015_.zip
  6. Today is Microsoft's September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 60 flaws. Microsoft has fixed 60 vulnerabilities (86 including Microsoft Edge) with today's update, with three classified as Critical, one as Moderate, and 56 as Important. Of the total 86 vulnerabilities (including Microsoft Edge): 27 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 16 Remote Code Execution Vulnerabilities 11 Information Disclosure Vulnerabilities 1 Denial of Service Vulnerabilities 8 Spoofing Vulnerabilities For information about the non-security Windows updates, you can read about today's Windows 10 KB5005565 & KB5005566 cumulative updates. Microsoft fixes Windows MSHTML zero-day Microsoft has released a security update for the Windows MSHTML remote code execution vulnerability tracked as CVE-2021-40444. Last Tuesday, Microsoft disclosed a new zero-day Windows MSHTML remote code execution vulnerability that threat actors actively used in phishing attacks. These attacks distributed malicious Word documents that exploited the CVE-2021-40444 to download and execute a malicious DLL file that installed a Cobalt Strike beacon on the victim's computer. This beacon allows a threat actor to gain remote access to the device to steal files and spread laterally throughout the network. Soon after Microsoft disclosed the vulnerability, threat actors and security researchers began sharing guides on exploiting the vulnerability, which allowed anyone to start using it in attacks, as demonstrated below. With the September 2021 Patch Tuesday updates, Microsoft has released a security update for this vulnerability. As researchers discovered numerous ways to exploit the bug, including a bypass to mitigations, it is not clear if the security update fixes all of the techniques. Two zero-days fixed, with one actively exploited September's Patch Tuesday includes fixes for two zero-day vulnerabilities, with the MSHTML bug actively exploited in the wild. Microsoft classifies a vulnerability as a zero-day if publicly disclosed or actively exploited with no official security updates released. The publicly disclosed, but not actively exploited, zero-day vulnerability is: CVE-2021-36968 - Windows DNS Elevation of Privilege Vulnerability The only actively exploited vulnerability is the Windows MSHTML remote code execution vulnerability, as previously discussed: CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability Recent updates from other companies Other vendors who released updates in July include: Adobe released security updates for two products. Android's September security updates were released last week. Apple released security updates for iOS and macOS yesterday that fix two zero-day vulnerabilities exploited in the wild. One of the vulnerabilities was used to install the NSO Pegasus spyware on activists's devices. Cisco released security updates for numerous products this month. SAP released its September 2021 security updates. The September 2021 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities and released advisories in the September 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here. Tag CVE ID CVE Title Severity Azure Open Management Infrastructure CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability Important Azure Open Management Infrastructure CVE-2021-38645 Open Management Infrastructure Elevation of Privilege Vulnerability Important Azure Open Management Infrastructure CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability Critical Azure Open Management Infrastructure CVE-2021-38649 Open Management Infrastructure Elevation of Privilege Vulnerability Important Azure Sphere CVE-2021-36956 Azure Sphere Information Disclosure Vulnerability Important Dynamics Business Central Control CVE-2021-40440 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Important Microsoft Accessibility Insights for Android CVE-2021-40448 Microsoft Accessibility Insights for Android Information Disclosure Vulnerability Important Microsoft Edge (Chromium-based) CVE-2021-30606 Chromium: CVE-2021-30606 Use after free in Blink Unknown Microsoft Edge (Chromium-based) CVE-2021-30609 Chromium: CVE-2021-30609 Use after free in Sign-In Unknown Microsoft Edge (Chromium-based) CVE-2021-30608 Chromium: CVE-2021-30608 Use after free in Web Share Unknown Microsoft Edge (Chromium-based) CVE-2021-30607 Chromium: CVE-2021-30607 Use after free in Permissions Unknown Microsoft Edge (Chromium-based) CVE-2021-38641 Microsoft Edge for Android Spoofing Vulnerability Important Microsoft Edge (Chromium-based) CVE-2021-38642 Microsoft Edge for iOS Spoofing Vulnerability Important Microsoft Edge (Chromium-based) CVE-2021-38669 Microsoft Edge (Chromium-based) Tampering Vulnerability Important Microsoft Edge (Chromium-based) CVE-2021-36930 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important Microsoft Edge (Chromium-based) CVE-2021-30632 Chromium: CVE-2021-30632 Out of bounds write in V8 Unknown Microsoft Edge (Chromium-based) CVE-2021-30610 Chromium: CVE-2021-30610 Use after free in Extensions API Unknown Microsoft Edge (Chromium-based) CVE-2021-30620 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink Unknown Microsoft Edge (Chromium-based) CVE-2021-30619 Chromium: CVE-2021-30619 UI Spoofing in Autofill Unknown Microsoft Edge (Chromium-based) CVE-2021-30618 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools Unknown Microsoft Edge (Chromium-based) CVE-2021-30621 Chromium: CVE-2021-30621 UI Spoofing in Autofill Unknown Microsoft Edge (Chromium-based) CVE-2021-30624 Chromium: CVE-2021-30624 Use after free in Autofill Unknown Microsoft Edge (Chromium-based) CVE-2021-30623 Chromium: CVE-2021-30623 Use after free in Bookmarks Unknown Microsoft Edge (Chromium-based) CVE-2021-30622 Chromium: CVE-2021-30622 Use after free in WebApp Installs Unknown Microsoft Edge (Chromium-based) CVE-2021-30613 Chromium: CVE-2021-30613 Use after free in Base internals Unknown Microsoft Edge (Chromium-based) CVE-2021-30612 Chromium: CVE-2021-30612 Use after free in WebRTC Unknown Microsoft Edge (Chromium-based) CVE-2021-30611 Chromium: CVE-2021-30611 Use after free in WebRTC Unknown Microsoft Edge (Chromium-based) CVE-2021-30614 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip Unknown Microsoft Edge (Chromium-based) CVE-2021-30617 Chromium: CVE-2021-30617 Policy bypass in Blink Unknown Microsoft Edge (Chromium-based) CVE-2021-30616 Chromium: CVE-2021-30616 Use after free in Media Unknown Microsoft Edge (Chromium-based) CVE-2021-30615 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation Unknown Microsoft Edge (Chromium-based) CVE-2021-26436 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important Microsoft Edge for Android CVE-2021-26439 Microsoft Edge for Android Information Disclosure Vulnerability Moderate Microsoft MPEG-2 Video Extension CVE-2021-38644 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability Important Microsoft Office CVE-2021-38657 Microsoft Office Graphics Component Information Disclosure Vulnerability Important Microsoft Office CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability Important Microsoft Office CVE-2021-38650 Microsoft Office Spoofing Vulnerability Important Microsoft Office CVE-2021-38659 Microsoft Office Remote Code Execution Vulnerability Important Microsoft Office Access CVE-2021-38646 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2021-38655 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2021-38660 Microsoft Office Graphics Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability Important Microsoft Office SharePoint CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability Important Microsoft Office Visio CVE-2021-38654 Microsoft Office Visio Remote Code Execution Vulnerability Important Microsoft Office Visio CVE-2021-38653 Microsoft Office Visio Remote Code Execution Vulnerability Important Microsoft Office Word CVE-2021-38656 Microsoft Word Remote Code Execution Vulnerability Important Microsoft Windows Codecs Library CVE-2021-38661 HEVC Video Extensions Remote Code Execution Vulnerability Important Microsoft Windows DNS CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability Important Visual Studio CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability Important Visual Studio CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability Important Visual Studio CVE-2021-26437 Visual Studio Code Spoofing Vulnerability Important Windows Ancillary Function Driver for WinSock CVE-2021-38628 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important Windows Ancillary Function Driver for WinSock CVE-2021-38638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important Windows Authenticode CVE-2021-36959 Windows Authenticode Spoofing Vulnerability Important Windows Bind Filter Driver CVE-2021-36954 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important Windows BitLocker CVE-2021-38632 BitLocker Security Feature Bypass Vulnerability Important Windows Common Log File System Driver CVE-2021-38633 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2021-36963 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2021-36955 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Event Tracing CVE-2021-36964 Windows Event Tracing Elevation of Privilege Vulnerability Important Windows Event Tracing CVE-2021-38630 Windows Event Tracing Elevation of Privilege Vulnerability Important Windows Installer CVE-2021-36962 Windows Installer Information Disclosure Vulnerability Important Windows Installer CVE-2021-36961 Windows Installer Denial of Service Vulnerability Important Windows Kernel CVE-2021-38626 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2021-38625 Windows Kernel Elevation of Privilege Vulnerability Important Windows Key Storage Provider CVE-2021-38624 Windows Key Storage Provider Security Feature Bypass Vulnerability Important Windows MSHTML Platform CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability Important Windows Print Spooler Components CVE-2021-38667 Windows Print Spooler Elevation of Privilege Vulnerability Important Windows Print Spooler Components CVE-2021-38671 Windows Print Spooler Elevation of Privilege Vulnerability Important Windows Print Spooler Components CVE-2021-40447 Windows Print Spooler Elevation of Privilege Vulnerability Important Windows Redirected Drive Buffering CVE-2021-36969 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability Important Windows Redirected Drive Buffering CVE-2021-38635 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability Important Windows Redirected Drive Buffering CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Important Windows Redirected Drive Buffering CVE-2021-38636 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability Important Windows Scripting CVE-2021-26435 Windows Scripting Engine Memory Corruption Vulnerability Critical Windows SMB CVE-2021-36960 Windows SMB Information Disclosure Vulnerability Important Windows SMB CVE-2021-36972 Windows SMB Information Disclosure Vulnerability Important Windows SMB CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability Important Windows Storage CVE-2021-38637 Windows Storage Information Disclosure Vulnerability Important Windows Subsystem for Linux CVE-2021-36966 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important Windows TDX.sys CVE-2021-38629 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability Important Windows Update CVE-2021-38634 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important Windows Win32K CVE-2021-38639 Win32k Elevation of Privilege Vulnerability Important Windows Win32K CVE-2021-36975 Win32k Elevation of Privilege Vulnerability Important Windows WLAN Auto Config Service CVE-2021-36965 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability Critical Windows WLAN Service CVE-2021-36967 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability Important Microsoft September 2021 Patch Tuesday fixes 2 zero-days, 60 flaws
  7. Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly. In June, a zero-day Windows print spooler vulnerability dubbed PrintNightmare (CVE-2021-34527) was accidentally disclosed. This vulnerability exploits the Windows Point and Print feature to perform remote code execution and gain local SYSTEM privileges. While Microsoft released two security updates to fix various PrintNightmare vulnerabilities, another vulnerability publicly disclosed by security researcher Benjamin Delpy still allowed threat actors to quickly gain SYSTEM privileges simply by connecting to a remote print server. As demonstrated below, Delpy's vulnerability abused the CopyFiles directive to copy and execute malicious DLL using SYSTEM privileges when a user installed a remote printer. Once the exploit launched the DLL, it would open a console Window where all commands are executed with SYSTEM privileges. To make matters worse, ransomware gangs, such as Vice Society, Magniber, and Conti, began utilizing the bug to gain elevated privileges on compromised devices. This remaining PrintNightmare vulnerability is tracked as CVE-2021-36958 and is attributed to Victor Mata of FusionX, Accenture Security, who privately disclosed the bug to Microsoft in December 2020. New security update fixes PrintNightmare bug In today's September 2021 Patch Tuesday security updates, Microsoft has released a new security update for CVE-2021-36958 that fixes the remaining PrintNightmare vulnerability. Delpy, who tested his exploit against the new security update, confirmed to BleepingComputer that the bug is now fixed. In addition to fixing the vulnerability, Delpy told BleepingComputer that Microsoft has disabled the CopyFiles feature by default and added an undocumented group policy that allows admins to enable it again. This policy can be configured in the Windows Registry under HKLM\Software\Policies\Microsoft\Windows NT\Printers key and by adding a value named CopyFilesPolicy. When set to '1', CopyFiles will be enabled again. However, even when enabled, Delpy told BleepingComputer that it would only allow Microsoft's C:\Windows\System32\mscms.dll file to be used with this feature. Checking the Windows Registry for the CopyFilesPolicy Source: Benjamin Delpy As this change will affect the default behavior of Windows, it is unclear what issues it will cause when printing in Windows. Microsoft has not released any information on this new group policy at this time, and it is not available in the Group Policy Editor. In addition to the PrintNightmare vulnerability, today's updates also fix an actively exploited Windows MSHTML zero-day vulnerability. As both of these vulnerabilities are known to be abused by the threat actors in attacks, it is critical to install today's Patch Tuesday security updates as soon as possible. Microsoft fixes remaining Windows PrintNightmare vulnerabilities
  8. Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers. The remote code execution (RCE) security flaw, tracked as CVE-2021-40444, was found in the MSHTML Internet Explorer browser rendering engine used by Microsoft Office documents. According to Microsoft, CVE-2021-40444 impacts Windows Server 2008 through 2019 and Windows 8.1 or later, and it has a severity level of 8.8 out of the maximum 10. "Microsoft has released security updates to address this vulnerability," the company said today in an advisory update published as part of this month's Patch Tuesday. "Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately." Security updates released after built-in defenses bypassed The targeted attacks detected by Microsoft tried to exploit the vulnerability by sending specially-crafted Office documents with malicious ActiveX controls to potential victims. Luckily, these attacks were thwarted if Microsoft Office ran with the default configuration, which opens untrusted documents in Protected View mode (or with Application Guard for Office 365 customers). However, as CERT/CC vulnerability analyst Will Dormann later told BleepingComputer, this built-in protection against CVE-2021-40444 exploits would likely be bypassed either by users ignoring Protected View warnings or by attackers delivering the malicious documents bundled within 7Zip archives or ISO containers. If the document is in a container that is processed by something that is not MotW-aware, then the fact that the container was downloaded from the Internet will be moot. For example, if 7Zip opens an archive that came from the Internet, the extracted contents will have no indication that it came from the Internet. So no MotW, no Protected View. Similarly, if the document is in a container like an ISO file, a Windows user can simply double-click on the ISO to open it. But Windows doesn't treat the contents as having come from the Internet. So again, no MotW, no Protected View. This attack is more dangerous than macros because any organization that has chosen to disable or otherwise limit Macro execution will still be open to arbitrary code execution simply as the result of opening an Office document. - Will Dormann Furthermore, Dormann also found that threat actors could exploit this vulnerability using maliciously-crafted RTF files, which don't benefit from Office's Protected View security feature. Word document opened in Protected View How to apply the security updates Today's security updates address the vulnerability for all affected versions of Windows and include a Monthly Rollup, a Security Only update, and an Internet Explorer cumulative update. "Customers running Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 can apply either the Monthly Rollup or both the Security Only and the IE Cumulative updates," according to Microsoft. "The Monthly Rollup for Windows 7, Windows Server 2008 R2, and Windows Server 2008 includes the update for this vulnerability. Customers who apply the Monthly Rollup do not need to apply the IE Cumulative update. "Customers who only apply Security Only updates need to also apply the IE Cumulative update to be protected from this vulnerability." BleepingComputer independently confirmed that known CVE-2021-40444 exploits no longer work after applying today's patches. Those who cannot immediately apply today's security updates should implement Microsoft's workarounds (disabling ActiveX controls via Group Policy and preview in Windows Explorer) to reduce the attack surface. Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
  9. Microsoft has acknowledged a Windows zero-day vulnerability in MSHTML that allows for remote code execution when exploited. The issue affects all versions from Windows 7 through Windows 10 and the corresponding Windows Server releases. The company is tracking the vulnerability under CVE-2021-40444 in MSRC and adds that it is aware of “targeted attacks” that are achieved by creating malicious Office documents that exploit the vulnerability. The issue has been given a score of 8.8. The firm adds in the details that an attacker could create an ActiveX control to be used by Office’s MSHTML browser rendering engine, which when opened by the user could allow for remote code execution. However, those that use the default option to open files from the internet in Protected View or via Application Guard for Office will be able to fend off the attack. Additionally, Microsoft Defender Antivirus and Defender for Endpoint can successfully detect the threat. The Defender for Endpoint alert displayed for this threat is “Suspicious Cpl File Execution”. Another workaround posted by the firm involves disabling the installation of all ActiveX controls via the registry. The firm notes that the change will not affect controls that were already installed but will still be protected. You can head to the workarounds section in the MSRC post for the detailed workaround and the resulting impacts. As for a permanent fix or mitigation, Microsoft says that it will take an “appropriate action” on completion of its investigation. This might come in the way of fixes during next week’s Patch Tuesday updates or via an out-of-band security update before the scheduled monthly patches. A researcher from one of the cybersecurity organization that helped uncover this vulnerability, Haifei Li, said in a statement to BleepingComputer that the attach method is “100% reliable”, making it a significant risk. EXPMON researches could also reproduce the attack on Windows 10 running the latest Office 365 build. Another Office-related issue reported this week involved a bug in Outlook that allowed suspicious email IDs seem genuine, opening users to potential phishing attacks. While the firm denied fixing the vulnerability, it reportedly did so in the latest version. Microsoft acknowledges Windows zero-day that leverages Office files for attacks
  10. Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat. According to a security advisory from Redmond, the security hole CVE-2021-40444 affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. IE been slowly abandoned for more recent Windows browsers like Edge, but the same vulnerable component also is used by Microsoft Office applications for rendering web-based content. “An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” Microsoft wrote. “The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” Microsoft has not yet released a patch for CVE-2021-40444, but says users can mitigate the threat from this flaw by disabling the installation of all ActiveX controls in IE. Microsoft says the vulnerability is currently being used in targeted attacks, although its advisory credits three different entities with reporting the flaw. On of the researchers credited — EXPMON — said on Twitter that it had reproduced the attack on the latest Office 2019 / Office 365 on Windows 10. “The exploit uses logical flaws so the exploitation is perfectly reliable (& dangerous),” EXPMON tweeted. Windows users could see an official fix for the bug as soon as September 14, when Microsoft is slated to release its monthly “Patch Tuesday” bundle of security updates. This year has been a tough one for Windows users and so-called “zero day” threats, which refers to vulnerabilities that are not patched by current versions of the software in question, and are being actively exploited to break into vulnerable computers. Virtually every month in 2021 so far, Microsoft has been forced to respond to zero-day threats targeting huge swaths of its user base. In fact, by my count May was the only month so far this year that Microsoft didn’t release a patch to fix at least one zero-day attack in Windows or supported software. Many of those zero-days involve older Microsoft technologies or those that have been retired, like IE11; Microsoft officially retired support for Microsoft Office 365 apps and services on IE11 last month. In July, Microsoft rushed out a fix for the Print Nightmare vulnerability that was present in every supported version of Windows, only to see the patch cause problems for a number of Windows users. On June’s Patch Tuesday, Microsoft addressed six zero-day security holes. And of course in March, hundreds of thousands of organizations running Microsoft Exchange email servers found those systems compromised with backdoors thanks to four zero-day flaws in Exchange. Microsoft: Attackers Exploiting Windows Zero-Day Flaw
  11. OpenAudible is a cross-platform open source desktop application for managing, downloading and converting Audible audiobooks. Note: a license is required to use most program features. It is available for $16 and includes 1-year of updates. If you have an Audible account, you may use Audible applications or the website to download and listen to audiobooks that you have purchased. Audible is available for desktop and mobile systems, and these programs may be enough for most users. However, if you require extra functionality, such as the automatic downloading of purchased audiobooks or the conversion into different formats, then you need to look elsewhere as this is not supported by any of the apps or desktop programs. OpenAudible Once you have installed OpenAudible on a supported system, you may start it right away. The first thing you may want to do is connect it to an Audible account. Select Controls > Connect to Audible to do so. The commercial version of the tool supports up to 5 Audible accounts. You need to supply the Audible username and password. OpenAudible retrieves all audiobooks of the user's library and displays them in its interface. Use the Controls menu to run a quick or full audiobook sync with Audible at any time, e.g. after a purchase that you have made. You may download individual books or all books from Audible. To download them all, select Controls > Download All From Audible. Individual audiobooks are downloaded with a right-click on the book and the selection of the download option. Download books can be converted individually or all at once. The program supports other features, including the splitting of audiobooks; this may be useful if a book is particularly large in size. Audiobooks may also be joined, useful if a book is provided as many individual audio files and not a single large file. OpenAudible features a search that you may use to find audiobooks in the library quickly. The main interface displays information about the library status. Some of the information that is presented there acts as a filtering option. You may click on links to display audiobooks that have not been downloaded yet, audiobooks that can be converted, or audiobooks that are available in specific formats after conversion. Closing Words If you want more control over your Audible audiobooks, then OpenAudible may be an option. Especially the options to download and convert all audiobooks at once, to split and join books, and to access specific pages about the author, series or narrator are welcome additions. Granted, you may download books directly from Audible and use third-party tools to convert, split or join them as well. One downside of the program is that it does not display (free) podcasts that you subscribed to on Audible. Landing page: https://openaudible.org/ Manage, download and convert Audible Audiobooks with OpenAudible
  12. vissha

    DroidKit 1.0.0.20210528

    Lost your precious photos, important WhatsApp messages, or other valued data? Your phone got frozen, stuck on black screen, touch screen not working, or suffered another system issue? Forgot your lock screen password? Stopped by the FRP lock on your Samsung device? Don't panic. DroidKit is an all-round Android savior that can not only get lost data back to your phone, but also bring your dead phone back to life. Reliable as a pro, yet easy as pie. Save You from Phone Disasters at The Very First Moment - Recover lost photos, WhatsApp chats, messages, and more without root. - Remove lock screen on Android devices and bypass Samsung FRP lock. - Fix system issues and reinstall/upgrade OS for Samsung phones & tablets. - Clear system junk and unneeded files to speed up your phone, all in a tap. - No skills required. Save your data and phone with simple clicks in minutes. Recover Lost Data from Your Phone Instantly without Root DroidKit understands how frustrating it can be when losing data, whether it's precious memories or information that can be used as evidence in court. With the innovative Quick Recovery technique, it performs a fast scan of your phone storage, and salvages photos, WhatsApp chats and files, messages, contacts, and more essential data up to 13 types, covering almost everything you need daily. All Android phones and tablets supported. No root of your device. No tech skills required. No need to wait for days. You can get back what's lost with a few simple clicks, immediately. Go to The Ultimate Solution - Deep Recovery Besides, DroidKit also has the Deep Recovery mode, which makes a more in-depth scan of every corner in your phone storage, to find out all the deleted data that's not been overwritten yet. Built on the unparalleled NO-DATA-LOSS technology, it guarantees the highest success rate in retrieving lost data among the industry. Apart from Phone, You Can Also Retrieve Data from: Google Account Scan and preview your data in Google backups, WhatsApp backups, Google Photos/Contacts/Calendar, and feel free to pick up what you need without full restore. Crashed Phone You can even extract data from a system broken Samsung phone, to your new Android phone or to a computer, at your choice. Formatted SD Card No matter you mistakenly deleted files or formatted the SD card completely, DroidKit can always recover your lost photos, videos, and other files without a hassle. Bring Your Dead Phone Back to Life Right Away More than just rescuing your data, DroidKit rescues your inaccessible device as well, no matter it's crashed or locked. No need to send your phone out for days or even months. Get back a nicely-working device in minutes. Remove Screen Locks of Any Kind Forgot your lock screen password? Fingerprint or face unlock does not work? Not able to enter PIN on a cracked screen? No matter why you're blocked, DroidKit can help you regain access to your phone immediately. It removes all types of screen locks, whether it's PIN, password, pattern, fingerprint, or facial recognition. Samsung, LG, Motorola, and all other Android devices supported. No root required. All you need to do is a couple of clicks. Bypass FRP Lock Easily and Instantly Purchased a second-hand phone with FRP lock on? Accidentally stuck in FRP lock after a factory reset, but forgot the account details? Just bypass it! With the customized solutions designed for each Android version and device model, DroidKit guarantees the highest success rate in the industry. As a non-tech friendly solution, it asks for no tech knowledge or skills at all. You can regain access to your phone instantly without a hitch. Fix All Android OS Issues without Root No matter which type of Android issues you came across, DroidKit can fix it, without rooting your device. It handles all system problems, including black screen, frozen, touch screen not working, apps crashing, camera failed, etc. To ensure you the highest success rate, DroidKit intelligently fixes the issue with a customized solution designed for each Android OS and device model. No technical skills needed. It's easy to revive your phone like a pro right at home. Free Up Space and Speed Up Your Phone in A Click Don't let your device be cluttered up with junk. If you used to spend hours searching for what's eating the phone storage, and decide what's safe to delete, then DroidKit saves all those tedious and risky tasks for you. It smartly finds and categorizes caches, background apps, APK files, and large files on your phone. You can then view the files clearly, and feel free to wipe them all with a click or only those you don't need. No risk of mistakenly deleting system files to cause app crashes or even Android crashes. All Android phones and tablets supported. You'll enjoy a faster device with enough storage for new photos or apps. Version: 1.0.0 - 05.27 2021 Provide 4 data recovery modes: WhatsApp Recovery, Quick Recovery from Device, Deep Recovery from Device, and Data Recovery from SD Card. Support to extract data from 3 types of sources: from a system crashed device, from Google account, and from an SIM card. Unlock all types of screen locks on Android devices, such as PIN, password, pattern, fingerprint ID, face recognition, etc. Bypass FRP lock on any Samsung device running Android 6-10. Fix all Android system issues on any Samsung device. Clear system junk from all Android devices, including cached files, background apps, apk files, and large files. Home: https://www.imobie.com/droidkit/ Changelog & Tech Specs: https://www.imobie.com/droidkit/specs.htm Download - Installer Free Trial: https://www.imobie.com/go/download.php?product=dk PreActivated EXE: Site: https://www.mirrored.to Sharecode: /files/6ZAQ23TS/DroidKit.1.0.0.20210528_PA.rar_links
  13. JRiver Media Center 28 is the all-in-one media management app turns any Windows PC into an entertainment hub for complete control of your digital media: Audio, Video, Images, and Television. It connects PC to stereo, TV, remote control devices, digital cameras, scanners, and portable MP3 players. It plays all media, rips, burns, and organizes all your music, images, and video. JRiver Media Center encodes and plays all popular media formats. Powerful utilities include Media Server for streaming music and images to remote PCs. JRiver Media Center is more than a world class media player. It’s also a Media Network, a whole house music, movie, TV, and photo solution. The leader in audiophile quality sound. The most powerful media database available; an essential tool for large collections. JRiver Media Center is a DirectShow player. Obsessive taggers will be delighted with cover art and metadata options. And MC backs up your work. JRiver Media Center supports more cell phones, MP3 players, DLNA, and other devices. Powers an HTPC to entertain your family. Even different playback in multiple zones. And it can record high definition TV, and provide a replacement for cable TV. It has a Theater View interface, controllable by a MC Remote, an iPad, iPhone, Android, a Windows netbook or Touchscreen. JRiver Media Center has a streamlined user interface designed to make it even easier to organize, find and play your digital files, and to connect to hardware devices. Make a CD of music for your car. Record your favorite shows and watch them on your TV. Play different music simultaneously in different rooms. MC’s Media Server can even stream your music to your PC at work!JRiver Media Center Features: Audio Audiophile – WASAPI exclusive output using high-end USB DACs. Native support of DirectShow DSP filters. Audiophile – Added ability to play files from memory instead of disk. Headphone DSP makes listening more natural and comfortable. Audiophile – Support for high end USB DAC’s with WASAPI. SoundcardSwitch command for the launcher, allows soundcard selection. 3D album view adjusts text size to display more tracks when necessary. 3D album view allows playing, adding, shuffling, and adding as next to play. Images Image Preview allows zoom from a thumbnail to rotate, delete, compare, edit, and more. Image thumbnail frames (optional). Photoshop PSD file support. Single command copy/send to an editor like Photoshop, and stack new image with original. Video Video tagging using sidecar files. Chapter Support for MKV and MP4. Chapters added to On Screen Display. Info Panel displays metadata. Television Added new “watched” column to metadata. EPG can automatically retrieve XMLTV data. Automatic correlation of XML channel names and MC channel names. Info Panel displays metadata, including TV program art. TV program art from YADB. Theater View Watch Hulu and YouTube from Theater View Customizable nested views in Theater View Customizable File Info panel to display metadata Speed and quality enhancements Custom backgrounds Touch screen support On screen clock Remotes and Servers Wiki articles: Remotes and Servers Remote Relay using IR transceivers for controlling a set top box or receiver Remote Setup Wizard Media Center Remote learning and blasting Media Center can connect to another Media Center to act as a remote (TRemote) New HID remote control plug-in supports shortcuts with keyboard, mouse and gamepad Remote control with REST based Web Service Interface in Library Server Library Server supports read and write to allow for shared, multi-user database access DLNA added to the UPnP Server Library Server clients can write changes back to server Library Server connections allow playback on server as Playing Now zones JRiver Media Center plays more file formats than any other player. Connected media from Netflix, Hulu, Last.fm, Youtube, Facebook, Twitter, Wikipedia. And it sends to Flickr, Facebook, and Twitter. Changes in JRiver Media Center 28.0.29 (2021-06-24): Fixed: The Edge Web component was not being properly installed on Windows 7. NEW: Added the new S-Curve cross-fade modes. Fixed: When playing videos, the player could return to the previous size and position as it advanced tracks. Fixed: Equalizer presets would not fully upgrade to the new 20 band approach. NEW: When bitstreaming DSD at a higher rate than bitstreaming supports, it will just down convert the DSD so it will still be a DSD bitstream. Changed: Using a smaller VST block size to avoid latency that could happen with some visualizers. Fixed: DLNA Conversion to DSF was setting the header of the DSF file to an incorrect number of samples (2x the real amount) resulting in odd or no playback on some devices. Supported Operating Systems: Windows 7 Windows 8/8.1 Windows 10. Homepage –https://www.jriver.com download 32 bit https://files.jriver.com/mediacenter/channels/v28/latest/MediaCenter280032-x32.exe download 64 bit. https://files.jriver.com/mediacenter/channels/v28/latest/MediaCenter280032-x64.exe
  14. WhatsApp has long had beta versions of the apps available for iOS and Android, which allowed the company to test new features before releasing them to the general public. Now for the first time, the company has made the beta versions of their desktop app available on iOS and Android Windows and MacOS. Version 2.2133.1 of the company’s WhatsApp desktop app is now available in beta. WhatsApp is expected to soon release multi-device support for their service, but the new beta app only includes a new voice message recording experience, which allows you to preview the message before you send it. WhatsApp will however automatically update the app with new features, and with big things coming it is certainly worth an install. Find the apps at the links below: WhatsApp Beta | Download for Windows WhatsApp Beta | Download for macOS via Windows Blog Italy , WABetaInfo WhatsApp Desktop Beta apps now available for Windows and macOS
  15. WinX HD Video Converter Deluxe, all-in-one video software as an UHD video converter/compressor, video downloader, and video editor, gives you an ultimate control over any SD, HD and 4K resolution video files on your PC. With Level-3 Hardware Acceleration tech, it makes the utmost of Intel QSV and Nvidia CUDA/NVENC to encode and decode videos, which can speed up video processing 16x over software acceleration! This software perfectly supports SD, 1080p multi-track HD and 4K UHD videos in HEVC, H.264, MPEG-4, MKV, M2TS, AVCHD, MOD, Blu-ray videos, content filmed by various camcorders / drones, MP4, AVI, MPEG, WMV, MOV, VOB, FLV, RMVB, WebM, Google TV, etc. It has 420+ preset profiles to convert SD/HD/UHD movies and videos (e.g. MKV to MP4) for playing on Apple (iPhone, iPad, Apple TV, iTunes), Android (Samsung, Huawei, LG), Microsoft (Xbox, Surface), Chromecast, Sony device, etc offline anywhere anytime. Home page: https://www.winxdvd.com/hd-video-converter-deluxe/convert-4k-mp4-hevc.htm Download: https://www.winxdvd.com/download/winx-hd-converter-deluxe.exe Fix
  16. System Information for Windows - SIW 2020 v10.0.0128 SIW is an advanced System Information for Windows tool that analyzes your computer and gathers detailed information about system properties and settings (Software Information, Hardware Information, Network Information and Tools) and displays it in an extremely comprehensible manner. SIW can create a report file (HTML, JSON, CSV, TEXT or XML), and you can run it in batch mode (for Computer Inventory, Hardware, Software and Network Information, Software License Management, Security Audit, Server Configuration Management). The System Information is divided into few major categories: Software Information Operating System, Software Licenses (Product Keys / Serial Numbers), Passwords Recovery, Installed Programs, Applications, Security, Accessibility, Environment, Regional Settings, File Associations, Running Processes, Loaded DLLs, Drivers, NT Services, Autorun, Scheduled Tasks, Databases, Audio and Video Codecs, Shared DLLs, ActiveX, MMC Snap-Ins, Shell Extensions, Event Viewer, Certificates, etc. Hardware Information System Summary, Motherboard, BIOS, CPU, Memory, Sensors, Devices, Chipset, PCI/AGP, USB and ISA/PnP Devices, System Slots, Network Adapters, Video Card, Monitor, Sound Devices, Storage Devices, Logical Disks, Disk Drives, CD/DVD Devices, SCSI Devices, S.M.A.R.T., Ports, Battery and Power Policy, Printers, etc. Network Information Basic/Extended Information about Configuration, Statistics, Connections, Active Directory (Computers, Groups and Users), Shares, Open Ports, etc. Tools Network Tools: MAC Address Changer, Wake On LAN, Remote Licenses (from Windows Folder, Remote Computer or Registry Hive), Hosts Scan, Ping, Trace, etc. Miscellaneous Tools: Eureka! (Reveal lost passwords hidden behind asterisks), Shutdown / Restart, Monitor Test, MUICache Viewer, URL Explorer, Open Files, etc. SIW (Technician's Version) is a standalone utility that does not require installation (Portable Application) - one less installed program on your PC as well the fact that you can run the program directly from an USB flash drive, from a network drive or from a domain login script. SIW is periodically updated (usually once per quarter) in order to provide most accurate results. Client Platform: Windows 10 / Windows 8.1 / Windows 8 / Windows 7 / Vista / Windows XP SP3 / WinPE / WinRE / Winternals ERD Commander Server Platform: Windows 2019 / Windows 2016 / Windows 2012 (R2) / Windows SBS 2011 / Windows Server 2008 (R2) / Windows Server 2003 (R2) Homepage: https://www.gtopala.com Changelogs Updated CPU module: AMD Ryzen Threadripper 3960X, 3970X and 3990X and TRX40 chipset. Intel Core 10xxx Comet Lake processors. Updated Operating System module: Windows 10, version 2004. Added support for detecting Windows 10 "Active Development Branch". Fixed CTreeCtrl Copy&Paste. Improved support for High Contrast themes. Improved support for Right-to-Left languages. Improved Storage Devices S.M.A.R.T. support. Added Properties for CD-ROM. Renamed few fields: System Directories: Key -> Source NT Services: Start -> Startup Type Drivers: Start -> Startup Type Scheduled Tasks: Status: Enabled/Disabled -> Enabled:Yes/No State -> Status ActiveX: Class -> Class Name Updated Devices database. Minor enhancements and compatibility fixes. https://www.gtopala.com/siw/changelog.php Download: Site: https://www.mirrored.to Sharecode: /files/SVAQORDT/ Included: Home, Technician and Enterprise Editions
  17. Microsoft has released a new Office Insider Preview Build 14405.20002 for Windows users registered in the Beta Channel of the Office Insider program. The new build adds an important new feature for those who collaborate with others on Word. The new feature adds some improvements to the Track Changes feature, giving you the power to turn on Track Changes only to yourself. Prior to this, on turning on the Track Changes feature, everyone’s changes were automatically tracked. This will no longer be the case if you select the Just Mine option by going to the Review tab and opening the dropdown menu on the Track Changes button. Moreover, the new Office build also includes fixes for issues found in Word, Excel, and Outlook. You can read the full official changelog below to know more. Changelog Word Track just your changes Collaborating with others is a key part of producing great content in Word, and the Track Changes feature is an essential part of that process. Previously, when you turned on Track Changes, everyone’s changes were automatically tracked. But sometimes you only want your own changes to be tracked, without forcing this setting on others. Now we’ve given you the power to turn on Track Changes only for yourself. To do so, go to the Review tab and open the dropdown menu on the Track Changes button; then select Just Mine. Learn more > Notable Fixes We fixed an issue where the Repeat as Header Row feature in a table was disabled in some cases. Excel Notable Fixes We fixed an issue that caused the trend line on charts with logarithmic data to not be smooth. Outlook Notable Fixes We fixed an issue related to replying to a message from an external user with a sensitivity label and we do not apply our sensitivity label default. To update to the latest Microsoft Office Insider Preview Build, open any Office program and go to File> Account> Update Options> Update Now. Windows Office Insider Preview Build 14405.20002 brings an important new feature for those who collaborate on Word
  18. DNSLookupView is a new portable application by Nirsoft, which logs all DNS activity on Windows devices. DNS is a cornerstone of the Internet, as it translates domain names such as ghacks.net into IP addresses. Communication on the Internet needs DNS, and DNS may reveal a lot about a user's activity on the Internet. While DNS does not reveal the actual pages a user visits, it does reveal the domain names that are accessed on a device. Recently, several initiatives have been started to make DNS more secure by encrypting the communication. DNS over HTTPS is probably the most popular option right now, as it is implemented in several web browsers (see Firefox and Chrome) and Microsoft's Windows 10 operating system. Alternatives, such as DNS Crypt exist as well. DNS communication happens in plain text by default, and that leaves the door wide open for network snooping and other forms of spying on user communcations. DNSLookupView DNSLookupView is a portable program for Microsoft Windows devices. It is compatible with Windows 8.1 and up, and can be downloaded free of charge from the Nirsoft website. Just extract the archive it is supplied as after the download finishes and run the program to use it. Nir Sofer describes how the program works on the official webpage. This tool uses the event tracing of Windows operating system with the 'Microsoft-Windows-DNS-Client' provider ( 1C95126E-7EEA-49A9-A3FE-A378B03DDB4D ). The captured event ID is 3008, which contains the information about every DNS query handled by the DNS Client service of Windows. Activate the play button in the program's toolbar to start the recording. DNS queries are added to the program interface as they happen from that moment on. For each query, information such as the host name, query type and result, process or process folder is listed. Sort the data with a click on a table header, e.g. by process name or host. Select the stop button to stop the logging. Nirsoft applications come with export functionality; select the HTML report options under the View menu, or use File > Save Selected Items to save a selection (or all) to various formats including txt or csv. You may also run the program from the command line to capture and save logs without user interface. Positive DNSLookupView is a free portable program that requires no installation The program logs all DNS queries that happen on the system. Negative No filter to display only errors / certain types of queries. Closing Words DNSLookupView is a straightforward application, just like many other Nirsoft programs. It is useful if you want to monitor DNS traffic, e.g. to spot programs that communicate with the Internet without your consent, for troubleshooting purposes, or just for getting an overview of the communication. Landing Page: https://www.nirsoft.net/utils/dns_lookup_view.html Log all DNS activity on your Windows PCs with DNSLookupView
  19. Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. Microsoft has fixed 44 vulnerabilities (51 including Microsoft Edge) with today's update, with seven classified as Critical and 37 as Important. Of the 44 vulnerabilities, 13 are remote code execution, eight are information disclosure, two are denial of service, and four are spoofing vulnerabilities. For information about the non-security Windows updates, you can read about today's Windows 10 KB5005033 & KB5005031 cumulative updates. Microsoft fixes PrintNightmare and PetitPotam attacks Microsoft has released security updates for two eagerly anticipated zero-day vulnerabilities that were discovered over the past month. One of the security updates fixes the PrintNightmare vulnerabilities that allow threat actors to gain SYSTEM level privileges simply by connecting to a remote print server under their control. Microsoft has fixed this vulnerability by requiring users have administrative privileges to install printer drivers using the Point and Print Windows feature. You can find more detailed information about the PrintNightmare vulnerability and the Point and Print mitigations in a dedicated article published today. Microsoft also fixed the PetitPotam NTLM relay attack vector that uses the MS-EFSRPC API to force a device to negotiate with a remote relay server under an attacker's control. A threat actor with low privileges could use this attack to take over a domain controller and thus the entire Windows domain. Three zero-days fixed, with one actively exploited August's Patch Tuesday includes three zero-day vulnerabilities, with one actively exploited in the wild. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official security updates or released. The two publicly disclosed, but not actively exploited, zero-day vulnerabilities are: CVE-2021-36936 - Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-36942 - Windows LSA Spoofing Vulnerability The CVE-2021-36942 vulnerability is associated with the PetitPotam NTLM relay attack vector that allows the take over of domain controllers. Finally, one actively exploited elevation of privileges vulnerability was discovered by the Microsoft Security Response Center (MSRC) and Microsoft Threat Intelligence Center (MSTIC). CVE-2021-36948 - Windows Update Medic Service Elevation of Privilege Vulnerability It is unknown how threat actors used this vulnerability in attacks at this time. Recent updates from other companies Other vendors who released updates in July include: Adobe released security updates for two products. Android's August security updates were released last week. Cisco released security updates for numerous products this month. SAP released its August 2021 security updates. VMware released security updates for VMware Workspace ONE The August 2021 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities and released advisories in the August 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here. Tag CVE ID CVE Title Severity .NET Core & Visual Studio CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability Important .NET Core & Visual Studio CVE-2021-26423 .NET Core and Visual Studio Denial of Service Vulnerability Important ASP.NET Core & Visual Studio CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability Important Azure CVE-2021-36943 Azure CycleCloud Elevation of Privilege Vulnerability Important Azure CVE-2021-33762 Azure CycleCloud Elevation of Privilege Vulnerability Important Azure Sphere CVE-2021-26428 Azure Sphere Information Disclosure Vulnerability Important Azure Sphere CVE-2021-26430 Azure Sphere Denial of Service Vulnerability Important Azure Sphere CVE-2021-26429 Azure Sphere Elevation of Privilege Vulnerability Important Microsoft Azure Active Directory Connect CVE-2021-36949 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability Important Microsoft Dynamics CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability Important Microsoft Dynamics CVE-2021-36950 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important Microsoft Dynamics CVE-2021-34524 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important Microsoft Edge (Chromium-based) CVE-2021-30591 Chromium: CVE-2021-30591 Use after free in File System API Unknown Microsoft Edge (Chromium-based) CVE-2021-30592 Chromium: CVE-2021-30592 Out of bounds write in Tab Groups Unknown Microsoft Edge (Chromium-based) CVE-2021-30597 Chromium: CVE-2021-30597 Use after free in Browser UI Unknown Microsoft Edge (Chromium-based) CVE-2021-30594 Chromium: CVE-2021-30594 Use after free in Page Info UI Unknown Microsoft Edge (Chromium-based) CVE-2021-30596 Chromium: CVE-2021-30596 Incorrect security UI in Navigation Unknown Microsoft Edge (Chromium-based) CVE-2021-30590 Chromium: CVE-2021-30590 Heap buffer overflow in Bookmarks Unknown Microsoft Edge (Chromium-based) CVE-2021-30593 Chromium: CVE-2021-30593 Out of bounds read in Tab Strip Unknown Microsoft Graphics Component CVE-2021-34530 Windows Graphics Component Remote Code Execution Vulnerability Critical Microsoft Graphics Component CVE-2021-34533 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability Important Microsoft Office CVE-2021-34478 Microsoft Office Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability Important Microsoft Office Word CVE-2021-36941 Microsoft Word Remote Code Execution Vulnerability Important Microsoft Scripting Engine CVE-2021-34480 Scripting Engine Memory Corruption Vulnerability Critical Microsoft Windows Codecs Library CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Important Remote Desktop Client CVE-2021-34535 Remote Desktop Client Remote Code Execution Vulnerability Critical Windows Bluetooth Service CVE-2021-34537 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important Windows Cryptographic Services CVE-2021-36938 Windows Cryptographic Primitives Library Information Disclosure Vulnerability Important Windows Defender CVE-2021-34471 Microsoft Windows Defender Elevation of Privilege Vulnerability Important Windows Event Tracing CVE-2021-34486 Windows Event Tracing Elevation of Privilege Vulnerability Important Windows Event Tracing CVE-2021-34487 Windows Event Tracing Elevation of Privilege Vulnerability Important Windows Event Tracing CVE-2021-26425 Windows Event Tracing Elevation of Privilege Vulnerability Important Windows Media CVE-2021-36927 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability Important Windows MSHTML Platform CVE-2021-34534 Windows MSHTML Platform Remote Code Execution Vulnerability Critical Windows NTLM CVE-2021-36942 Windows LSA Spoofing Vulnerability Important Windows Print Spooler Components CVE-2021-34483 Windows Print Spooler Elevation of Privilege Vulnerability Important Windows Print Spooler Components CVE-2021-36947 Windows Print Spooler Remote Code Execution Vulnerability Important Windows Print Spooler Components CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability Critical Windows Services for NFS ONCRPC XDR Driver CVE-2021-36933 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important Windows Services for NFS ONCRPC XDR Driver CVE-2021-26433 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important Windows Services for NFS ONCRPC XDR Driver CVE-2021-36932 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important Windows Services for NFS ONCRPC XDR Driver CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability Critical Windows Services for NFS ONCRPC XDR Driver CVE-2021-36926 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important Windows Storage Spaces Controller CVE-2021-34536 Storage Spaces Controller Elevation of Privilege Vulnerability Important Windows TCP/IP CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability Critical Windows Update CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability Important Windows Update Assistant CVE-2021-36945 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important Windows Update Assistant CVE-2021-26431 Windows Recovery Environment Agent Elevation of Privilege Vulnerability Important Windows User Profile Service CVE-2021-34484 Windows User Profile Service Elevation of Privilege Vulnerability Important Windows User Profile Service CVE-2021-26426 Windows User Account Profile Picture Elevation of Privilege Vulnerability Important Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws
  20. PrintNightmare is a vulnerability that allows privilege escalation by letting regular users install fake printer drivers which grant hackers admin privileges. After a number of patched is various efficacy Microsoft has chosen to fix the issue with this month’s Patch Tuesday by requiring users to have admin privileges before they can install printer drivers. Microsoft notes: Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges. The installation of this update with default settings will mitigate the publicly documented vulnerabilities in the Windows Print Spooler service. This change will take effect with the installation of the security updates released on August?10, 2021 for all versions of Windows, and is documented as CVE-2021-34481. This means regular users will not be able to install printer drivers without the assistance of an admin, but given how rarely this is needed this is unlikely to be a major issue. If it is a major inconvenience however this behaviour can be bypassed via the registry, but this is of course not recommended. Admins can read more about the issue at CVE-2021-34481. via onMSFT Patch Tuesday fixes PrintNightmare by requiring admin privileges to install print drivers
  21. The Windows UI Library (commonly known as WinUI) is an UX framework for both Windows desktop and UWP applications. WinUI is based on Fluent Design System and offers consistent, intuitive, and accessible experiences. During the App Development Community Stand up tomorrow, Microsoft’s Kevin Gallo will demonstrate how Windows developers can refresh their existing and new apps with the Fluent design system and WinUI. You can join the community stand up on August 10, at 9am PT. Source: Microsoft Windows developers can learn how to refresh their existing and new apps with WinUI and Fluent Design
  22. Startup Sentinel is a portable startup programs manager for Microsoft Windows devices. The program is developed by KC Softwares, best known for the software update monitor SUMO. Startup Sentinel is provided as a portable application. Just download the archive on the official KC Softwares website and extract it on your system. Launch the program, and you get a list of programs that run on startup. The list does not include all startup programs; it focuses on third-party applications that get launched on startup. Each program is displayed with its name, the command that is executed on startup, and its location, which usually is found in the Windows Registry. Four main actions are displayed at the bottom of the screen: Add to Whitelist -- to allow a program to run at startup. Add to Blacklist -- to disable it and make sure that it does not add itself again, e.g. during program updates. Remove -- removes the startup entry. Run now -- runs the program. Startup Sentinel supports a fifth option, but it is not listed under actions. When you right-click on an entry, you get an option to search for the program name using Google Search using the default web browser of the system. While you can do that manually as well, using any browser and search engine you like, some may like the integrated function, especially if they use Google Search for research. Positive Startup Sentinel is a portable program that you can run without installation. The program features a blacklist option to prevent that it gets activated again Negative Whitelist and blacklist are not explained properly. The program does not cover all autorun locations. Alternatives to Web Archives Windows Task Manager -- Built-into Windows, but more limited in all regards. Still, may be sufficient for a quick toggling of programs. Autoruns -- The granddaddy of all autostart managers. Most extensive program, portable, lightweight, and with Virustotal integration. Closing Words Startup Sentinel is a straightforward program for Windows to manage autostart entries. The program's main feature is its blacklist option to block programs from running at startup and from adding themselves again to the startup list. The program is barebones otherwise. It could use help tooltips that explain the main actions better, and support for additional locations. Landing page: http://www.kcsoftwares.com/?sus Software Updates: Startup Sentinel 1.8.1 Manage Windows Startup Programs with Startup Sentinel
  23. A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June. Technical details and a proof-of-concept (PoC) exploit for a new Windows print spooler vulnerability named 'PrintNightmare' (CVE-2021-34527) was accidentally disclosed in June. This vulnerability allows remote code execution and local privilege escalation by installing malicious printer drivers. While Microsoft released a security update for the remote code execution portion, researchers quickly bypassed the local privilege elevation component. Since then, Security researcher and Mimikatz creator Benjamin Delpy has been devising further vulnerabilities targeting the print spooler that remain unpatched. These are critical vulnerabilities as they allow anyone to gain SYSTEM privileges on a local device, even a Domain Controller, simply by connecting to a remote Internet-accessible print server and installing a malicious print driver. Once a threat actor gains SYSTEM privileges, it is game over for the system. If this is done on a Domain Controller, then the threat actor now effectively controls the Windows Domain. Free PrintNightmare micropatch released Mitigations for the zero-day PrintNightmare vulnerabilities are already available through the 'PackagePointAndPrintServerList' group policy, which allows you to specify a white list of approved print servers that can be used to install a print driver. Enabling this policy, along with a fake server name, will effectively block Delpy's exploits as the print server will be blocked. However, for those who want to install a patch and not try to understand advisories and fiddle with group policies, Mitja Kolsek, co-founder of the 0patch micropatching service, has released a free micropatch that can be used to fix all known PrintNightmare vulnerabilities. "We therefore decided to implement the group policy-based workaround as a micropatch, blocking Point and Print printer driver installation from untrusted servers. This workaround employs Group Policy settings: the "Only use Package Point and Print" first requires every printer driver is in form of a signed package, while the "Package Point and print - Approved servers" limits the set of servers from which printer driver packages are allowed to be installed." Kolsek explains in a blog post. "These settings are configurable via registry. Our patch modifies function DoesPolicyAllowPrinterConnectionsToServer in win32spl.dll such that it believes that PackagePointAndPrintOnly and PackagePointAndPrintServerList values exist and are set to 1, which enables both policies and keeps the list of approved servers empty." You need to register a 0patch account and then install an agent on your Windows device to install the patch. Once installed, 0patch will automatically protect you from the PrintNightmare vulnerability and other unpatched bugs. 0patch protecting against the PrintNightmare vulnerabilities Source: BleepingComputer In a test by BleepingComputer, once installed, if you attempt to install Delpy's malicious PrintNightmare driver, a message will appear stating that a policy has blocked the computer from connecting to the print queue, as shown below. 0patch blocking PrintNightmare vulnerability Source: BleepingComputer While 0patch is an essential tool for blocking unpatched vulnerabilities, Delpy says that, in this particular case, enabling the group policies that blocks exploitation of all known PrintNightmare bugs might be a better approach. "If you push binaries to a computer to push settings … you can also push settings," Delpy told BleepingComputer. "Doing so avoids altering process in memory, always a dangerous stuff that security product don't like (and MS does not support...)." New Windows PrintNightmare zero-days get free unofficial patch
  24. Registry Explorer is the registry editor every Windows user needs Last week, a new open-source Registry Editor was released that puts Windows Regedit software to shame by supporting a host of advanced features, making editing the Registry easier than ever. The Windows Registry is a centralized, hierarchical database used by the operating system to store system settings, hardware configurations, and user preferences. If you are a Windows administrator or power user, then you have likely made changes to the Registry at one point using Windows built-in Registry Editor (regedit.exe) to fix a bug or tweak a configuration setting. However, Microsoft has not made many changes to the Registry Editor over the years to modernize the application, and many useful features are missing that people may want. Enter Registry Explorer Last weekend, Windows Internals expert Pavel Yosifovich released a program called Registry Explorer that aims to modernize the registry editor with a slew of new features. Registry Explorer was released as an open-source project on GitHub. Still, for those who do not want to compile the program, Yosifovich has also released a precompiled beta version that can be downloaded and launched immediately. After running Registry Explorer, you will be greeted with a view of all the Registry hives, which users can expand to see their subkeys and values just like the standard Windows Registry editor. Registry Explorer However, where the program shines is an included dark mode, the ability to copy and paste keys and values to different locations, an undo changes button, and an advanced search feature. Registry Explorer's search feature is far more advanced than regedit's as it allows you to find and display all search results in a single dialog box, as shown below. You can then look through the search results and double-click an entry to open that Registry key or value automatically. Registry Explorer showing all the Registry search results in one window Making the wrong change to the Registry could cause Windows not to operate correctly, Registry Explorer starts in a 'Read Only Mode' that prevents you from making changes until the mode is turned off. A full list of features in Registry Explorer are listed below: Show real Registry (not just the standard one) Sort list view by any column Key icons for hives, inaccessible keys, and links Key details: last write time and number of keys/values Displays MUI and REG_EXPAND_SZ expanded values Full search (Find All / Ctrl+Shift+F) Enhanced hex editor for binary values Undo/redo Copy/paste of keys/values Even better, if you find you really like Registry Explorer, you can configure it to automatically replace the Windows Registry editor and be the default file handler for .reg file. If you find yourself constantly editing the Windows Registry, searching for values, or exporting your configuration to .reg files, then I strongly suggest you give Registry Explorer a try as you will likely find many of the features very useful. To try Registry Explorer, you can visit the project's GitHub page. Registry Explorer is the registry editor every Windows user needs
  25. AdDuplex: Windows 10 version 21H1 is now on over 26% of PCs, Windows 11 makes its debut After a gap of a couple of months, AdDuplex has released its Windows version usage report for the month of July. The report is collected from 5,000 Microsoft Store apps that are running the AdDuplex SDK v.2 or higher, and around 60,000 Windows PCs were sampled for this report. This month’s highlight is the debut of Windows 11, which was formally announced in June. As for Windows 10, version 21H1 that was released in May is now running on over 26% of Windows machines. Just like the October 2020 Update, the Windows 10 May 2021 Update was an enablement package that light up new features in the OS. The underlying codebase for 21H1, however, is identical to versions 20H2 and 2004, meaning that the three most recent versions are serviced with the same cumulative updates. It is, therefore, not surprising to see that the rollout of the latest version has been faster than the previous versions has seen. This is only expected to increase as version 2004 begins to reach the end of support for consumer SKUs. With Windows 10 21H1 now on more than 26% of PCs, the three latest versions of the OS account for close to 88% of usage share. The title for the most famous version of Windows 10 is retained by version 20H2 at 36.3%, followed by version 2004 at 24.6%. Windows Insiders running Windows 11 in the Dev channel account for close to 1% of total devices. Windows 10 version 21H2 is also slated to be an enablement package. However, with Windows 11 expected to begin rolling out later this year, it will be interesting to see how the usage share changes, since there are still questions about the pace of the rollout and what the final hardware specifications will be. AdDuplex: Windows 10 version 21H1 is now on over 26% of PCs, Windows 11 makes its debut
×
×
  • Create New...