Monday, May 15, 2017
Technical Advisory for System Administrators on "WannaCry Ransomware"
Technical Advisory for System Administrators on "WannaCry Ransomware"
Published on Monday, 15 May 2017 21:56
Background
On 12th May 2017, there was a global wide-spread infection of a ransomware known as "WannaCry", aka. WanaCrypt0r. This ransomware exploits a known critical Microsoft Windows Server Message Block 1.0 (SMB) vulnerability (MS17-010), which allows remote code execution, providing a worm-like capability to propagate through a network by scanning for vulnerable systems and infecting them. It then encrypts files on the system, and extorts a bitcoin ransom in exchange for the decryption of files.
This advisory serves to provide system administrators with technical information to safeguard their networks against this cyber threat.
How to Minimise Risk of Being Infected by WannaCry Ransomware?
In addition to the common best IT security practices such as ensuring latest security patches, updating of AV signatures, non-privilege access to users, and end users’ education, below are additional specific measures to mitigate against the WannaCry Ransomware threat.
Do note that as there are many variants of WannaCry ransomware (and it is still evolving), no one method may be sufficient to ensure that you are fully protected.
Prevention of Spreading From Internal Network
Ensure all Microsoft computers are patched to MS17-010-Critical security patches.
If possible, disable Remote Desktop Protocol (RDP) and Server Message Block (SMB) protocol. Where disabling is not possible, ensure that the RDP access control is secure (i.e. only restrict RDP from specific Out-Of-Band (OOB) network).
There are some variants of WannaCry which have a “kill-switch” feature. Hence it is not recommended to block the network Indicators of Compromise (IOC), because they will spread/infect if the network connection is block.
Prevention of Infection From External Network (i.e. Internet)
Ensure that the perimeter firewalls block unsolicited traffic (including port 445) from the Internet.
The following network IPS (for the respective products) are available for blocking at the perimeter. If you are not using any of the below products, please check with your vendor on the availability of IPS signatures relating to WannaCry.
SourceFire:
SID 42329 - MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response
SID 42330 – MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response
SID 42331 – MALWARE-CNC Win.Trojan.Doublepulsar variant process injection command
SID 42332 – MALWARE-CNC Win.Trojan.Doublepulsar variant ping command
SID 42340 - OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt
SID 41978 - OS-WINDOWS Microsoft Windows SMB remote code execution attempt
McAfee Intrushield:
Windows SMBv1 identical MID and FID type confusion vulnerability (CVE-2017-0143)
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0144)
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
Microsoft Windows SMB Out of bound Write Vulnerability (CVE-2017-0146)
Windows SMBv1 information disclosure vulnerability (CVE-2017-0147)
NETBIOS-SS: MS17-010 EternalBlue SMB Remote Code Execution
NETBIOS-SS: SMB DoublePulsar Unimplemented Trans2 Session Setup Subcommand Request
Endpoints Protection
Apply application white-listing where available/possible. For example, Microsoft Windows OS (Windows 7 / 2008 and above) has AppLocker which allows application white-listing.
What Should You Do If You Are Hit by WannaCry Ransomware?
If you suspect that your computer is infected with WannaCry, you may want to do the following:
If possible, do not shutdown/reboot the affected computer.
Disconnect the computer from all network, including internet and internal network.
Unplug all USB connected devices from the affected computer.
If your backup devices (i.e. NAS, SAN, portable HDD) are connected to the same “affected network” as the computer, it is strongly advised that you quickly disconnect from the network (where possible).
Shift your attention to the other systems in the same network, which may have also been affected by the ransomware.
If you find more systems affected, similarly perform same steps in steps 1 to 3.
For all Windows Systems, quickly apply the critical security patch (MS17-010-Critical). Disable RDP and SMB services if possible. This will minimise chances of infection from further spreading within your network.
For the infected machines,
Perform memory acquisition of the running computer, which MAY allow forensics analyst to have a chance of recovering the files.
Re-image the machine with a full format and re-installation of the OS.
There are some online “tutorials” on how to manually remove the WannaCry ransomware. For example, by starting the machine in “safe” mode, manually deleting the malware, and restoring the original files from Windows’ “Restore previous versions” feature.
Whether these methods work or not will depend on the variant of the WannaCry, and windows OS version.
Finally restore information from backup.
- wong chee tat :)
Published on Monday, 15 May 2017 21:56
Background
On 12th May 2017, there was a global wide-spread infection of a ransomware known as "WannaCry", aka. WanaCrypt0r. This ransomware exploits a known critical Microsoft Windows Server Message Block 1.0 (SMB) vulnerability (MS17-010), which allows remote code execution, providing a worm-like capability to propagate through a network by scanning for vulnerable systems and infecting them. It then encrypts files on the system, and extorts a bitcoin ransom in exchange for the decryption of files.
This advisory serves to provide system administrators with technical information to safeguard their networks against this cyber threat.
How to Minimise Risk of Being Infected by WannaCry Ransomware?
In addition to the common best IT security practices such as ensuring latest security patches, updating of AV signatures, non-privilege access to users, and end users’ education, below are additional specific measures to mitigate against the WannaCry Ransomware threat.
Do note that as there are many variants of WannaCry ransomware (and it is still evolving), no one method may be sufficient to ensure that you are fully protected.
Prevention of Spreading From Internal Network
Ensure all Microsoft computers are patched to MS17-010-Critical security patches.
If possible, disable Remote Desktop Protocol (RDP) and Server Message Block (SMB) protocol. Where disabling is not possible, ensure that the RDP access control is secure (i.e. only restrict RDP from specific Out-Of-Band (OOB) network).
There are some variants of WannaCry which have a “kill-switch” feature. Hence it is not recommended to block the network Indicators of Compromise (IOC), because they will spread/infect if the network connection is block.
Prevention of Infection From External Network (i.e. Internet)
Ensure that the perimeter firewalls block unsolicited traffic (including port 445) from the Internet.
The following network IPS (for the respective products) are available for blocking at the perimeter. If you are not using any of the below products, please check with your vendor on the availability of IPS signatures relating to WannaCry.
SourceFire:
SID 42329 - MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response
SID 42330 – MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response
SID 42331 – MALWARE-CNC Win.Trojan.Doublepulsar variant process injection command
SID 42332 – MALWARE-CNC Win.Trojan.Doublepulsar variant ping command
SID 42340 - OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt
SID 41978 - OS-WINDOWS Microsoft Windows SMB remote code execution attempt
McAfee Intrushield:
Windows SMBv1 identical MID and FID type confusion vulnerability (CVE-2017-0143)
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0144)
Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
Microsoft Windows SMB Out of bound Write Vulnerability (CVE-2017-0146)
Windows SMBv1 information disclosure vulnerability (CVE-2017-0147)
NETBIOS-SS: MS17-010 EternalBlue SMB Remote Code Execution
NETBIOS-SS: SMB DoublePulsar Unimplemented Trans2 Session Setup Subcommand Request
Endpoints Protection
Apply application white-listing where available/possible. For example, Microsoft Windows OS (Windows 7 / 2008 and above) has AppLocker which allows application white-listing.
What Should You Do If You Are Hit by WannaCry Ransomware?
If you suspect that your computer is infected with WannaCry, you may want to do the following:
If possible, do not shutdown/reboot the affected computer.
Disconnect the computer from all network, including internet and internal network.
Unplug all USB connected devices from the affected computer.
If your backup devices (i.e. NAS, SAN, portable HDD) are connected to the same “affected network” as the computer, it is strongly advised that you quickly disconnect from the network (where possible).
Shift your attention to the other systems in the same network, which may have also been affected by the ransomware.
If you find more systems affected, similarly perform same steps in steps 1 to 3.
For all Windows Systems, quickly apply the critical security patch (MS17-010-Critical). Disable RDP and SMB services if possible. This will minimise chances of infection from further spreading within your network.
For the infected machines,
Perform memory acquisition of the running computer, which MAY allow forensics analyst to have a chance of recovering the files.
Re-image the machine with a full format and re-installation of the OS.
There are some online “tutorials” on how to manually remove the WannaCry ransomware. For example, by starting the machine in “safe” mode, manually deleting the malware, and restoring the original files from Windows’ “Restore previous versions” feature.
Whether these methods work or not will depend on the variant of the WannaCry, and windows OS version.
Finally restore information from backup.
- wong chee tat :)
Labels:
2017,
anti virus,
computer virus,
mar,
may,
Microsoft,
ransomware,
virus,
virusscan,
WanaCrypt0r,
WannaCry
WanaCrypt0r aka WannaCry: What You Need to Know and Actions to Take
WanaCrypt0r aka WannaCry: What You Need to Know and Actions to Take
Published on Sunday, 14 May 2017 18:19
Background
On 12th May 2017, there was a global wide-spread infection of a ransomware known as "WannaCry" aka. WanaCrypt0r. This ransomware has the capability to spread over the network by scanning for vulnerable systems, and infecting them. It then encrypts files on the system, and extorts a ransom payment in bitcoin for the decryption of files
Since the initial news of the infections, Singapore has seen a number of victims struck by the ransomware.
Why “WannaCry” Is Dangerous
What makes WannaCry dangerous is that the attackers are leveraging a Windows exploit code-named EternalBlue, which was reportedly leaked and dumped by the Shadow Brokers hacking group over a month ago. The exploit has the capability to penetrate into machines running unpatched version of Windows through 2008 R2 by exploiting flaws in Microsoft Windows SMB (Server Message Block) Server.
The WannaCry ransomware has since spread rapidly across the world, affecting thousands of systems in over 100 countries. Once a single computer in an organisation is infected with the WannaCry ransomware, the worm looks for other vulnerable computers within the network and infects them as well.
Recommendations
Prevention is always better than cure. For the WannaCry ransomware, this principle is strongly recommended.
Microsoft has released a patch for the SMB vulnerability (MS17-010) in March 2017. You should install this patch immediately if you have not done so.
Like all other ransomware infection, you should always be suspicious of unsolicited documents sent through email. Do not click on links inside these documents unless you have verified the source.
Always make backups of your important files and documents. This will save you when you have to restore your files and documents.
Do ensure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.
What If I’m Infected?
Firstly, don’t panic. Although there is currently no known way to recover files encrypted by “WannaCry”, you should follow these steps:
Disconnect your computer from the network. This can be done by removing your network cable or shutting down the wireless function on your computer. By doing so you are preventing the spread of the WannaCry ransomware.
Start rebuilding your affected computer. This can be done by performing a clean installation of your Windows operating system.
After you have rebuilt the infected computer, patch it with the recommended patch and restore your system from any backup you have made.
If you need further assistance, you can contact SingCERT for advice.
References
Massive ransomware attack hits 99 countries http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html
SingCERT Advisory on Ransomware dated 6 May 2016 https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware
Microsoft Security Bulletin (MS17-010-Critical) dated 14 March 2017 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
WannaCry Ransomware That's Hitting World Right Now Uses NSA Windows Exploit dated 12 May 2017 http://thehackernews.com/2017/05/wannacry-ransomware-unlock.html
- wong chee tat :)
Published on Sunday, 14 May 2017 18:19
Background
On 12th May 2017, there was a global wide-spread infection of a ransomware known as "WannaCry" aka. WanaCrypt0r. This ransomware has the capability to spread over the network by scanning for vulnerable systems, and infecting them. It then encrypts files on the system, and extorts a ransom payment in bitcoin for the decryption of files
Since the initial news of the infections, Singapore has seen a number of victims struck by the ransomware.
Why “WannaCry” Is Dangerous
What makes WannaCry dangerous is that the attackers are leveraging a Windows exploit code-named EternalBlue, which was reportedly leaked and dumped by the Shadow Brokers hacking group over a month ago. The exploit has the capability to penetrate into machines running unpatched version of Windows through 2008 R2 by exploiting flaws in Microsoft Windows SMB (Server Message Block) Server.
The WannaCry ransomware has since spread rapidly across the world, affecting thousands of systems in over 100 countries. Once a single computer in an organisation is infected with the WannaCry ransomware, the worm looks for other vulnerable computers within the network and infects them as well.
Recommendations
Prevention is always better than cure. For the WannaCry ransomware, this principle is strongly recommended.
Microsoft has released a patch for the SMB vulnerability (MS17-010) in March 2017. You should install this patch immediately if you have not done so.
Like all other ransomware infection, you should always be suspicious of unsolicited documents sent through email. Do not click on links inside these documents unless you have verified the source.
Always make backups of your important files and documents. This will save you when you have to restore your files and documents.
Do ensure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.
What If I’m Infected?
Firstly, don’t panic. Although there is currently no known way to recover files encrypted by “WannaCry”, you should follow these steps:
Disconnect your computer from the network. This can be done by removing your network cable or shutting down the wireless function on your computer. By doing so you are preventing the spread of the WannaCry ransomware.
Start rebuilding your affected computer. This can be done by performing a clean installation of your Windows operating system.
After you have rebuilt the infected computer, patch it with the recommended patch and restore your system from any backup you have made.
If you need further assistance, you can contact SingCERT for advice.
References
Massive ransomware attack hits 99 countries http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html
SingCERT Advisory on Ransomware dated 6 May 2016 https://www.csa.gov.sg/singcert/news/advisories-alerts/ransomware
Microsoft Security Bulletin (MS17-010-Critical) dated 14 March 2017 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
WannaCry Ransomware That's Hitting World Right Now Uses NSA Windows Exploit dated 12 May 2017 http://thehackernews.com/2017/05/wannacry-ransomware-unlock.html
- wong chee tat :)
Labels:
2017,
anti virus,
computer virus,
mar,
may,
Microsoft,
ransomware,
virus,
virusscan,
WanaCrypt0r,
WannaCry
WannaCry ransomware: Singapore's critical infrastructure unaffected, says CSA
WannaCry ransomware: Singapore's critical infrastructure unaffected, says CSA
Screen of a computer hit by WannaCry ransomware. (Photo: Twitter/@LawrenceDunhill)
15 May 2017 08:09PM
(Updated: 15 May 2017 09:05PM)
SINGAPORE: Singapore's critical information infrastructure (CII) remained unaffected by the global hacking attacks that affected governments and large organisations elsewhere, the Cyber Security Agency of Singapore (CSA) said on Monday (May 15).
Known as WannaCry, the ransomware exploits known vulnerabilities in old Microsoft operating systems. Cyber security experts cautioned that more machines could be affected by the virus as people around the world returned to work at the start of a new week.
"As of this afternoon, no critical information infrastructure has been affected," said Dan Yock Hau, director of Singapore's National Cyber Incident Response Centre, which is a unit of the CSA.
Mr Dan added that the unit would continue to track the situation closely and that it was working with the CII sectors to monitor their state of readiness.
"We are also tracking other sources of intelligence and have reached out to offer assistance to those (cases) that were brought to our attention," he said.
Electronic signboards in malls like Tiong Bahru Plaza and White Sands and as well as a Desigual outlet at Orchard Central have been hit. Jerry Tng of cyber security firm Ivanti, noted that the signboards likely ran on systems that had not been updated with the latest security patches.
A ransomware message encountered by a Facebook user on a directory screen at Tiong Bahru Plaza on Saturday (May 13).
"There are many unpatched signages and point-of-sales (terminals) running embedded Windows OS," Mr Tng said, referring to a version of the Microsoft operating system that is designed for use in embedded systems.
Cyber security researchers elsewhere have likewise drawn attention to the difficulty of patching such devices, which could include medical devices such as those used by hospitals in Britain that were affected by last Friday's cyber attack.
"CSA’s National Cyber Security Monitoring Centre also monitors the developing global situation and track the technical indicators to assess the potential implication to Singapore so that we are able to work on the necessary responses and measures to take," Mr Dan said on Monday.
CSA chief executive David Koh said: "This is an issue of national importance and we will take all the necessary measures to counter the spread of the ransomware and help businesses and members of the public prevent or recover from it as quickly as possible."
In a separate media release, CSA said that internet service providers Singtel and Starhub had set up helplines for their customers. Singtel customers can call 1688 and its SME customers can call 1606. StarHub's SME customers can call 1800 888-8888, which operates from 9am to 6pm on Mondays to Fridays. Its residential customers can call its 24-hour hotline at 1633.
Businesses and members of the public can also refer to SingCERT’s advisory on WannaCry or seek help from SingCERT by contacting singcert@csa.gov.sg or 6323 5052.
Source: CNA/dt
- wong chee tat :)
Screen of a computer hit by WannaCry ransomware. (Photo: Twitter/@LawrenceDunhill)
15 May 2017 08:09PM
(Updated: 15 May 2017 09:05PM)
SINGAPORE: Singapore's critical information infrastructure (CII) remained unaffected by the global hacking attacks that affected governments and large organisations elsewhere, the Cyber Security Agency of Singapore (CSA) said on Monday (May 15).
Known as WannaCry, the ransomware exploits known vulnerabilities in old Microsoft operating systems. Cyber security experts cautioned that more machines could be affected by the virus as people around the world returned to work at the start of a new week.
"As of this afternoon, no critical information infrastructure has been affected," said Dan Yock Hau, director of Singapore's National Cyber Incident Response Centre, which is a unit of the CSA.
Mr Dan added that the unit would continue to track the situation closely and that it was working with the CII sectors to monitor their state of readiness.
"We are also tracking other sources of intelligence and have reached out to offer assistance to those (cases) that were brought to our attention," he said.
Electronic signboards in malls like Tiong Bahru Plaza and White Sands and as well as a Desigual outlet at Orchard Central have been hit. Jerry Tng of cyber security firm Ivanti, noted that the signboards likely ran on systems that had not been updated with the latest security patches.
A ransomware message encountered by a Facebook user on a directory screen at Tiong Bahru Plaza on Saturday (May 13).
"There are many unpatched signages and point-of-sales (terminals) running embedded Windows OS," Mr Tng said, referring to a version of the Microsoft operating system that is designed for use in embedded systems.
Cyber security researchers elsewhere have likewise drawn attention to the difficulty of patching such devices, which could include medical devices such as those used by hospitals in Britain that were affected by last Friday's cyber attack.
"CSA’s National Cyber Security Monitoring Centre also monitors the developing global situation and track the technical indicators to assess the potential implication to Singapore so that we are able to work on the necessary responses and measures to take," Mr Dan said on Monday.
CSA chief executive David Koh said: "This is an issue of national importance and we will take all the necessary measures to counter the spread of the ransomware and help businesses and members of the public prevent or recover from it as quickly as possible."
In a separate media release, CSA said that internet service providers Singtel and Starhub had set up helplines for their customers. Singtel customers can call 1688 and its SME customers can call 1606. StarHub's SME customers can call 1800 888-8888, which operates from 9am to 6pm on Mondays to Fridays. Its residential customers can call its 24-hour hotline at 1633.
Businesses and members of the public can also refer to SingCERT’s advisory on WannaCry or seek help from SingCERT by contacting singcert@csa.gov.sg or 6323 5052.
Source: CNA/dt
- wong chee tat :)
Labels:
2017,
anti virus,
computer virus,
mar,
may,
Microsoft,
ransomware,
virus,
virusscan,
WanaCrypt0r,
WannaCry
System Updates: Router Changes
System Updates: Router Changes
- Add new links
- wong chee tat :)
- Add new links
- wong chee tat :)
Labels:
2017,
computer network,
computer networking,
dns,
dnsmasq,
Google Public DNS service,
internet,
may,
network,
router,
System Updates,
Update,
Updates
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
- wong chee tat :)
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
- wong chee tat :)
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
- wong chee tat :)
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
- wong chee tat :)
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
- wong chee tat :)
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
- wong chee tat :)
VirtualBox 5.1.22 (released 2017-04-28)
VirtualBox 5.1.22 (released 2017-04-28)
This is a maintenance release. The following items were fixed and/or added:
This is a maintenance release. The following items were fixed and/or added:
- VMM: fixed VERR_IEM_INSTR_NOT_IMPLEMENTED Guru Meditation under certain conditions (5.1 regression; mostly Mac OS X hosts; bugs #15693, #15801,#16274, #16569, #16663)
- VMM: fixed software virtualization on Solaris hosts (5.1.20 regression)
- Storage: fixed a potential hang under rare circumstances (bug #16677)
- Storage: fixed a potential crash under rare circumstances (asynchronous I/O disabled or during maintenance file operations like merging snapshots)
- Linux hosts: make the ALSA backend work again as well as loading the GL libraries on certain hosts (5.1.20 regression; bugs #16667, #16693)
- Linux Additions: fixed mount.vboxsf symlink problem (5.1.20 regression; bug #16670)
VirtualBox 5.1.20 (released 2017-04-18)
This is a maintenance release. The following items were fixed and/or added:
This is a maintenance release. The following items were fixed and/or added:
- GUI: don't check if the Extension Pack is up-to-date if the user is about to install a new Extension Pack (bug #16317)
- GUI: fixed a possible crash when switching a multi-monitor VM into full-screen or seamless mode
- GUI: fixed non-literal shortcuts if the keyboard is not captured (5.1.10 regression; Windows hosts only)
- GUI: several mini-toolbar fixes in full-screen / seamless mode (X11 hosts only)
- GUI: don't crash on restoring defaults in the appliance import dialog
- Windows Additions: another fix for automatic logins for Windows Vista and newer (bug #15904)
- ICH9: fix for Windows guests with a huge amount (>64G) of guest memory
- BIOS: fixed El Torito hard disk emulation geometry calculation (thanks Dwight Engen)
VirtualBox 5.1.18 (released 2017-03-15)
This is a maintenance release. The following items were fixed and/or added:
This is a maintenance release. The following items were fixed and/or added:
- Shared Folders: fixed case insensitive filename access (5.1.16 regression; Windows guests only; bug #16549)
- Shared Folders: fixed access to long pathes (5.1.16 regression; Windows guests only; bugs #14651, #16564)
- API: fixed snapshot handling of medium attachments and PCI device attachments (bug #16545)
- API: make 32-bit Windows guests in raw mode boot again if the ICH9 chipset is used (5.1.16 regression)
- VBoxBugReport: fixed VM log collection issue
- Linux hosts: fixed autostart service script (bug #14955)
- Windows Additions: fixed automatic logins for Windows Vista and newer (5.1.4 regression; bug #15904)
VirtualBox 5.1.16 (released 2017-03-08)
This is a maintenance release. The following items were fixed and/or added:
This is a maintenance release. The following items were fixed and/or added:
- VMM: don't access the MSR_IA32_SMM_MONITOR_CTL MSR if dual-monitor treatment is not available (KVM workaround, bug #14965)
- VMM: another fix for handling certain MSRs on ancient CPUs without VT-x support for MSR bitmaps
- VMM: fixed VERR_SSM_LOAD_CPUID_MISMATCH errors when restoring a saved state with SMP guests on hosts without the CPUID/HTT bit set (bug #16428)
- VMM: fixed a bug in call gate emulation
- VMM: FWAIT instruction fix
- VMM: fixed a sporadic guest hang under certain conditions
- GUI: hide the mini-toolbar from the taskbar and the pager on certain X11 hosts
- GUI: better error handling on the global settings / network / host-only / DHCP server settings
- GUI: fixes for full-screen with multiple screens
- Host-only Network: fixed host-only adapter creation issue preventing VirtualBox installation on Windows 10 hosts (bug #16379)
- NAT network: fixed two potential crashes in the DHCP server
- ICH9: fixed incorrect initialization of the primary bus for PCI bridges (5.1.14 regression)
- Storage: LsiLogic fix for Windows 10
- USB: fixed not being able to attach certain USB devices having invalid characters in the device strings (5.0.18 regression; bug #15956)
- USB: several fixes for the USB/IP support (bug #16462)
- VBoxSVC: fixed another crash during shutdown under rare circumstances
- VBoxSVC: fixed a stack overflow on (Windows debug builds only; bug #16409)
- OVF: when importing an appliance handle more than 10 network adapters if the OVA was created by VirtualBox (bug #16401)
- OVF: fixes for exporting and importing appliances with many disks (bug #16402)
- VBoxManage: fixed regression with modifyhd --resize (bug #16311)
- rdesktop-vrdp: source code tarball fixes
- Linux Installers: do not rebuild kernel modules unnecessarily (bug #16408)
- Linux hosts: added an action for opening the VM manager window to the .desktop file
- Linux hosts / guests: Linux 4.11 compile fixes (bug #16506)
- Linux Additions: added vboxsf FS modules alias (bug #16404)
- Linux Additions: fix for the shared folders kernel module to compile on Linux 4.10
- Linux Additions: properly install the Linux kernel module override rule on distributions without /etc/depmod.d
- Windows Additions: fixed a crash with recent Windows 10 builds if 3D is disabled (bug #15973)
Skipped a couple of versions
- wong chee tat :)
Labels:
2016,
linux,
market,
may,
opportunities,
ubuntu,
Update,
Updates,
VirtualBox,
win xp,
Window Vista,
windows 2012,
Windows 7,
Windows 8
Subscribe to:
Posts (Atom)