• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

[Ars Technica] Feds issue emergency order for agencies to patch critical Windows flaw

Joined
Oct 17, 2014
Messages
4,985 (2.27/day)
Location
USA
System Name Paladius Tacet
Processor Ryzen 5900x
Motherboard MSI X570 Tomahawk
Cooling Arctic Freezer 34 DUO
Memory G.Skill 2x16 (32gb) 4000 cas 16-19-19-39 @ 1.42v 1:1
Video Card(s) Big Navi Top Tier
Storage Samsung 2TB SSD
Display(s) ViewSonic VX2768-2KPC-MHD VA 27" 1440p 144hz
Case Corsair 110Q Silent + NZXT Aer-P exhaust fan
Power Supply EVGA 700w Gold
Mouse Logitech G502 Hero SE
Keyboard Logitech Cherry Mx Red

The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions.


Yikes. I'll never understand why we keep important infrastructures online instead of LAN only. They existed offline for decades just fine. Edit: Can anyone explain to me why we do this instead of doing offline LAN setups?
 
Last edited:
Joined
Jul 25, 2006
Messages
7,544 (1.45/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
Joined
Oct 17, 2014
Messages
4,985 (2.27/day)
Location
USA
System Name Paladius Tacet
Processor Ryzen 5900x
Motherboard MSI X570 Tomahawk
Cooling Arctic Freezer 34 DUO
Memory G.Skill 2x16 (32gb) 4000 cas 16-19-19-39 @ 1.42v 1:1
Video Card(s) Big Navi Top Tier
Storage Samsung 2TB SSD
Display(s) ViewSonic VX2768-2KPC-MHD VA 27" 1440p 144hz
Case Corsair 110Q Silent + NZXT Aer-P exhaust fan
Power Supply EVGA 700w Gold
Mouse Logitech G502 Hero SE
Keyboard Logitech Cherry Mx Red
This appears to be about Windows "server". Home users using W10 need not worry.

Yeah, I read that in the comments in the Ars article. Also it says this patch was released almost 6 months ago? lol I will never understand IT Tech stuff. I am glad I chose a different field. I don't understand how people in such important positions could risk so much when they have so much notice to update... just seems odd to me.
 
Joined
Jul 25, 2006
Messages
7,544 (1.45/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
I don't understand how people in such important positions could risk so much when they have so much notice to update... just seems odd to me.
Fortunately - in some cases it is being treated as criminal negligence too.

 
Joined
Dec 16, 2017
Messages
1,145 (1.10/day)
Location
Buenos Aires, Argentina
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling AMD Wraith Stealth // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / WD20EZRX / MKNSSDTR256GB-3DL / LG BH16NS40 / ST10000VN0008
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Mouse Microsoft Trackball Optical 1.0
Keyboard HP Vectra VE keyboard (Part # D4950-63004)
Software Whatever build of Windows 10 is being served in Dev channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
Yeah, I read that in the comments in the Ars article. Also it says this patch was released almost 6 months ago? lol I will never understand IT Tech stuff. I am glad I chose a different field. I don't understand how people in such important positions could risk so much when they have so much notice to update... just seems odd to me.
In some cases, because of the risk of breaking mission-critical stuff or because the IT staff needs to change something else to accommodate for that update. Other times, laziness or staff being overloaded with something else.

I'd like to know why AFIP (the revenue service of Argentina) still uses Apache 2.2.14 (which is old as dust these days) in their systems, for that matter. Specially since a lot of sensitive information goes through there...

Can anyone explain to me why we do this instead of doing offline LAN setups?
Convenience? Police officers can carry phones to get access to information that is sent from those previously LAN-only networks, for example.
 
Joined
Oct 17, 2014
Messages
4,985 (2.27/day)
Location
USA
System Name Paladius Tacet
Processor Ryzen 5900x
Motherboard MSI X570 Tomahawk
Cooling Arctic Freezer 34 DUO
Memory G.Skill 2x16 (32gb) 4000 cas 16-19-19-39 @ 1.42v 1:1
Video Card(s) Big Navi Top Tier
Storage Samsung 2TB SSD
Display(s) ViewSonic VX2768-2KPC-MHD VA 27" 1440p 144hz
Case Corsair 110Q Silent + NZXT Aer-P exhaust fan
Power Supply EVGA 700w Gold
Mouse Logitech G502 Hero SE
Keyboard Logitech Cherry Mx Red
Fortunately - in some cases it is being treated as criminal negligence too.

Didn't they also get several billion extra in funding from Congress that same year to help fix their security issues?
 
Joined
Aug 20, 2007
Messages
13,546 (2.81/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GeForce RTX 2080 SUPER XC ULTRA
Storage Mushkin Pilot-E 2TB NVMe SSD
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply Seasonic Prime Titanium 750W
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (Product of work, yes it's legit)
Benchmark Scores www.3dmark.com/fs/23478641 www.3dmark.com/spy/13863605 www.3dmark.com/pr/306218
Didn't they also get several billion extra in funding from Congress that same year to help fix their security issues?
Heh, yep. There is so much corruption. It's just profitable to be bad.
 
Joined
Jul 25, 2006
Messages
7,544 (1.45/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
In some cases, because of the risk of breaking mission-critical stuff or because the IT staff needs to change something else to accommodate for that update.
That's a valid excuse to delay the update for a couple days - perhaps until the next weekend. But not for months and months. And that's where company executives are 100% to blame, not the IT staff. The C-level execs, in particular the CIO and CSO, need to put in place policies to ensure timely updates for critical security updates. And they need to give the IT Staff the resources and the authority to get it done, not just the responsibility.

I agree there is always the risk of breaking mission critical stuff, but that's why you schedule downtime and plan ahead, with a plan that includes a quick roll back should something break.

Even if something during the scheduled outage goes wrong, and that outage goes past the expected times, unscheduled outages, especially due to malicious activities, typically result in much longer, and much more inconvenient downtimes - not to mention rolling heads of scapegoats and others.

Didn't they also get several billion extra in funding from Congress that same year to help fix their security issues?
I don't think so. At least I never heard of that and can't find any reference to that.
 
Joined
Aug 20, 2007
Messages
13,546 (2.81/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GeForce RTX 2080 SUPER XC ULTRA
Storage Mushkin Pilot-E 2TB NVMe SSD
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply Seasonic Prime Titanium 750W
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (Product of work, yes it's legit)
Benchmark Scores www.3dmark.com/fs/23478641 www.3dmark.com/spy/13863605 www.3dmark.com/pr/306218
I don't think so. At least I never heard of that and can't find any reference to that.
I believe it wasn't so much to fix their security issues as part of the bailouts that happened during COVID. But yeah. They ended up with a netgain for basically no advancement anyways. A lot of companies did. And all we got was a crappy check.
 
Joined
Jul 25, 2006
Messages
7,544 (1.45/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
They ended up with a netgain for basically no advancement anyways. A lot of companies did. And all we got was a crappy check.
I've been looking and I don't see where they got any money, not even a loan. Got a link?
 
Joined
Aug 20, 2007
Messages
13,546 (2.81/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GeForce RTX 2080 SUPER XC ULTRA
Storage Mushkin Pilot-E 2TB NVMe SSD
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply Seasonic Prime Titanium 750W
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (Product of work, yes it's legit)
Benchmark Scores www.3dmark.com/fs/23478641 www.3dmark.com/spy/13863605 www.3dmark.com/pr/306218
I've been looking and I don't see where they got any money, not even a loan. Got a link?
It's second-hand info, so it very well may be BS in hindsight.

I can't find anything either. Probably should know better than to pass off streetrumor as fact, my apologies.

"It sounds true, therefore it IS true." is a terrible instinct residing within us all. Fight it.
 
Joined
Oct 17, 2014
Messages
4,985 (2.27/day)
Location
USA
System Name Paladius Tacet
Processor Ryzen 5900x
Motherboard MSI X570 Tomahawk
Cooling Arctic Freezer 34 DUO
Memory G.Skill 2x16 (32gb) 4000 cas 16-19-19-39 @ 1.42v 1:1
Video Card(s) Big Navi Top Tier
Storage Samsung 2TB SSD
Display(s) ViewSonic VX2768-2KPC-MHD VA 27" 1440p 144hz
Case Corsair 110Q Silent + NZXT Aer-P exhaust fan
Power Supply EVGA 700w Gold
Mouse Logitech G502 Hero SE
Keyboard Logitech Cherry Mx Red
I looked myself, couldn't find it. I could have swore I read after the breach in 2017 that Congress funded several billion to help improve security right after, maybe I dreamed it? lmao I seriously searched hardcore and couldn't find anything on it. Wow. Really weird. Maybe I just saw it on Reddit or something and it was just some bs, that was probably what happened. I have a bad habit of browsing Reddit too much. :roll:
 
Joined
May 20, 2020
Messages
88 (0.56/day)
The problem is always people don't want to "invest" in another network card per PC to make LAN separate from internet access NIC. Meh. A non-issue for the conscious.
 
Joined
Aug 20, 2007
Messages
13,546 (2.81/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GeForce RTX 2080 SUPER XC ULTRA
Storage Mushkin Pilot-E 2TB NVMe SSD
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply Seasonic Prime Titanium 750W
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (Product of work, yes it's legit)
Benchmark Scores www.3dmark.com/fs/23478641 www.3dmark.com/spy/13863605 www.3dmark.com/pr/306218
The problem is always people don't want to "invest" in another network card per PC to make LAN separate from internet access NIC. Meh. A non-issue for the conscious.
Why would they? We have routers and firewalls for that. It'd be fixing a problem that does not exist.
 
Joined
Mar 10, 2015
Messages
3,469 (1.69/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Why would they? We have routers and firewalls for that. It'd be fixing a problem that does not exist.
Nor would it prevent anything in the long run.
 
Joined
Aug 20, 2007
Messages
13,546 (2.81/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) EVGA GeForce RTX 2080 SUPER XC ULTRA
Storage Mushkin Pilot-E 2TB NVMe SSD
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply Seasonic Prime Titanium 750W
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (Product of work, yes it's legit)
Benchmark Scores www.3dmark.com/fs/23478641 www.3dmark.com/spy/13863605 www.3dmark.com/pr/306218
Joined
Mar 10, 2015
Messages
3,469 (1.69/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Joined
Jul 25, 2006
Messages
7,544 (1.45/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 16GB (2 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Microsoft Wireless 5000
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
I looked myself, couldn't find it. I could have swore I read after the breach in 2017 that Congress funded several billion to help improve security right after, maybe I dreamed it?
This is a WAG but I think I remember Equifax asking for $billions because they feared they were going to get the pants sued off them - but after it was learned they knew about the vulnerability for nearly 6 months, had the patch that fixed or prevented it from being exploited but negligently failed to apply it, Congress wisely said no. However, I bet the only reason for that was a couple hundred members of Congress had their personal data compromised too. Otherwise, Equifax probably would have skated off scot free.

Edit comment: fixed typo by adding an important "but".
 
Last edited:
Joined
Oct 17, 2014
Messages
4,985 (2.27/day)
Location
USA
System Name Paladius Tacet
Processor Ryzen 5900x
Motherboard MSI X570 Tomahawk
Cooling Arctic Freezer 34 DUO
Memory G.Skill 2x16 (32gb) 4000 cas 16-19-19-39 @ 1.42v 1:1
Video Card(s) Big Navi Top Tier
Storage Samsung 2TB SSD
Display(s) ViewSonic VX2768-2KPC-MHD VA 27" 1440p 144hz
Case Corsair 110Q Silent + NZXT Aer-P exhaust fan
Power Supply EVGA 700w Gold
Mouse Logitech G502 Hero SE
Keyboard Logitech Cherry Mx Red
This is a WAG but I think I remember Equifax asking for $billions because they feared they were going to get the pants sued off them - but after it was learned they knew about the vulnerability for nearly 6 months, had the patch that fixed or prevented it from being exploited negligently failed to apply it, Congress wisely said no. However, I bet the only reason for that was a couple hundred members of Congress had their personal data compromised too. Otherwise, Equifax probably would have skated off scot free.
thank you for clarifying this, at least we don't live in a completely failed nation state just yet. lol
 
Top