Windows 10 2004: Microsoft kills memory bugs behind 5% to 10% of Windows flaws

Microsoft has detailed its next step in eliminating uninitialized memory issues, this time targeting the uninitialized kernel pool memory used by developers who build hardware drivers for Windows.

These uninitialized memory vulnerabilities represent as many as one in 10 of all Microsoft CVEs in recent years, according to Joe Bialek, a security engineer in the Microsoft Security Response Center (MSRC). 

“Uninitialized kernel pool vulnerabilities account for a little under half of all uninitialized memory issues that were reported to Microsoft between 2017 and the middle of 2018,” notes Bialek

Bialek last month detailed Microsoft’s InitAll project to address uninitialized memory vulnerabilities. InitAll was enabled in kernel-mode code, Hyper-V code, and networking-related user-mode services from Windows 10 version 1903 and newer. 

It’s part of Microsoft’s larger effort to kill off memory-related bugs, which have made up about 70% of all patches Microsoft shipped over the past decade, in part because

Read More

Hackers are trying to steal admin passwords from F5 BIG-IP devices

Hackers have started launching attacks against F5 BIG-IP networking devices, ZDNet has learned.

Attacks have been spotted today by Rich Warren, a security researcher for the NCC Group.

In an interview earlier today, Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices.

Summary: BIG-IP and CVE-2020-5902

These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.

These devices are some of the most popular networking products in use today, and they are used to underpin some of the largest and sensitive networks around.

BIG-IP devices are used in government networks, on the networks of internet service providers, inside cloud computing data centers, and they’re widely deployed across enterprise networks.

The devices are

Read More

Virgin Media, Cisco unveil first-ever commercial deployment of OpenRoaming at Canary Wharf

Canary Wharf Group (CWG), owner of one the largest business centres in Europe, together with Cisco and Virgin Media, has announced the first European commercial deployment of wireless connectivity based on the new OpenRoaming standard for residents on the London Docklands estate, who are demanding access to advanced digital infrastructure.

Combining the convenience of mobile roaming with Wi-Fi 6 connectivity, OpenRoaming allows devices to connect securely and automatically to Wi-Fi networks and roam seamlessly from one hotspot to another without the user needing to log in.

It is built on a set of standards and guidelines developed by the Wireless Broadband Alliance (WBA) and the Wi-Fi Alliance, and will now be adopted as an industry-wide initiative, led by the WBA. The standard is said to have seen tremendous growth in the past year and is expected to play a crucial role in delivering great mobile experiences and ushering in

Read More

Windows 10 2004 bugs: Here’s Microsoft’s workaround for Storage Spaces file corruption

Microsoft has finally offered an official workaround for Windows 10 version 2004 users who find that the Storage Spaces disk-failure protection feature is broken after the update and corrupting some files. 

As ZDNet reported in mid-June, some users have reported seeing corrupted partitions and damaged files in the Storage Spaces ‘parity spaces’ feature for storage-efficient archiving.  

According to Microsoft, parity spaces are “designed for storage efficiency and protect your files from drive failure by keeping multiple copies”. It’s optimal for archival data and streaming media, like music and videos.  

One user detailed potentially expensive problems caused by the Windows 10 2004 update and bugs in Storage Spaces. 

“My 20TB parity storage space shows up now as RAW, no accessible files. Storage Spaces tool and PowerShell show it as healthy, containing data. Looks like the ReFS partition has been corrupted, and I may have to fork out cash on recovery

Read More

F5 patches vulnerability that received a CVSS 10 severity score


Image: ZDNet

F5 Networks, one of the world’s largest provider of enterprise networking gear, has published a security advisory this week warning customers to patch a dangerous security flaw that is very likely to be exploited.

The vulnerability impacts the company’s BIG-IP product. These are multi-purpose networking devices that can work as web traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.

BIP-IP is one of the most popular networking products in use today. They are used in government networks all over the globe, on the networks of internet service providers, inside cloud computing data centers, and widely across enterprise networks.

On its website, F5 says its BIG-IP devices are used on the networks of 48 companies included in the Fortune 50 list.

CVE-2020-5902

Tracked as CVE-2020-5902, the BIG-IP bug was found and privately reported to F5 by Mikhail Klyuchnikov, a security researcher at

Read More

Three counts on Amdocs to support enterprise business expansion

Three has engaged Amdocs as the prime systems integrator in a multi-year managed services deal, as part of its plans to build an omni-channel digital business system to grow its business-to-business (B2B) services in the UK.

In the partnership, Amdocs says it will go beyond mobile and deliver world-class digital consumer-like customer experiences to enterprises. It is contracted to enable Three UK to provide its enterprise customers with what it calls “innovative” services that can be deployed and scaled on demand, enabling faster time to market and an enhanced customer experience.

“We have an ambitious plan for the growth of our enterprise operations, building on the successful launch of our SME offer, Three Means Business, in 2019,” said Elaine Carey, chief commercial officer at Three UK & Ireland.

“This partnership with Amdocs will enable us to create modern and innovative solutions that will challenge the status quo and meet the

Read More