Get Windows and Office patched – but watch out for creepy-crawlies

October 27, 2017 brianradio2016 No comments exist

Those of us who have to keep Windows 10 working have hit yet another rough course. This month’s patches haven’t been pretty. In fact, if your admin set the WSUS or SCCM update servers to automatically approve Windows 10 updates, you may have had to deal with oceans of blue screens.

Right now, the biggest threat is not KRACK – Computerworld‘s Gregg Keizer has an overview here and the site has the latest details; it hasn’t (yet) started infecting normal Windows users. The big threat now is from that Wacky Wascal BadRabbit, which started with a fake Flash update on a Russian site and an ancient DDEAUTO field exploit in Word (and Excel and Outlook and OneNote) and is being used to carry Locky and other ransomware.

The DDEAUTO exploit isn’t a bug, according to Microsoft, because you have to click through three warning dialogs before it’ll bite. (The first of which is “Enable Editing.” Sound familiar?) See Catalin Cimpanu’s overview in Bleepingcomputer, and a drill-down on the DDE-born Hancitor malware from Brad Duncan on the SANS Internet Storm Center.

The good news is that there are steps you can take to manually block each of those potential nasties:

Leave a Reply

Your email address will not be published. Required fields are marked *