Monthly Archives: May 2022

Partly Cloudy today!

Posted on by

En Veracruz hoy la condición actual es Partly Cloudy y una temperatura de 28C.

La máxima temperatura será de 30C y la mínima de 26C.
Durante el día la condición se pronostica como Partly Cloudy

Sunrise May 11, 2022 at 06:51AM
Sunset May 11, 2022 at 07:50PM

Viento con dirección Northeast y velocidad de 13 Km/h

With a high of 86F and a low of 78F.
via IFTTT

Wine-Wayland 7.7 lanzado

Posted on by

WINE 7.7

Wine-Wayland 7.7 ha sido lanzado, un nuevo desarrollo con un conjunto de parches y el controlador winewayland.drv que permite usar la capa de compatibilidad WINE en entornos basados en el protocolo gráfico Wayland, sin usar los componentes XWayland y X11 como había que hacer con anterioridad. Esto brinda una gran capacidad para ejecutar todo tipo de software nativo de Microsoft Windows, y especialmente juegos que usan la API gráfica Vulkan y Direct3D 9, 11 y 12. La compatibilidad con Direct3D viene mediante DXVK que, como sabrás si nos lees, es el que traduce las llamadas de la API de Microsoft a Vulkan.

El kit Wine-Wayland también viene con parches y fsync para aumentar el rendimiento de los juegos que usan varios hilos de ejecución, así como código para soportar tecnologías como AMD FSR (FidelityFX Super Resolution), y reducir así la pérdida de calidad de los gráficos generados cuando se escalan a pantallas con alta resolución. Por otro lado, esta nueva versión se sincroniza con el código base Wine 7.7, por lo que tiene todas sus funciones y mejoras, así como actualizaciones de componentes como DXVK y VKD3D-Proton.

Por otro lado, esto no solo trae cosas positivas para los usuarios que hagan uso de esta capa de compatibilidad, también hay algunas cosas buenas para los desarrolladores de distribuciones. Wine-wayland permitirá su uso en entornos con Wayland sin necesidad de otros paquetes intermedios como los citados anteriormente. Esto significa que habrá mayor rendimiento y capacidad de respuesta al eliminar capas intermedias. Y no solo eso, también se dejan atrás los problemas de seguridad inherentes de X11, y se dispondrá de todas las nuevas funciones que se han incluido en Wayland para los entornos de escritorio más actuales.

Sin duda grandes esfuerzos de cara a eliminar la barrera de la compatibilidad y el problema de que los desarrolladores a veces solo miran hacia el lado de la empresa de Redmond…

Más información sobre Wine-Wayland, código fuente y descarga – Sitio de GitHub

from Linux Adictos https://ift.tt/Kt5meYq
via IFTTT

Microsoft Patch Tuesday, May 2022 Edition

Posted on by

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.

By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925, a weakness in a central component of Windows security (the “Local Security Authority” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022.

Greg Wiseman, product manager for Rapid7, said Microsoft has rated this vulnerability as important and assigned it a CVSS (danger) score of 8.1 (10 being the worst), although Microsoft notes that the CVSS score can be as high as 9.8 in certain situations.

“This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication,” Wiseman said. “This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.”

Wiseman said the most recent time Microsoft patched a similar vulnerability — last August in CVE-2021-36942 — it was also being exploited in the wild under the name “PetitPotam.”

“CVE-2021-36942 was so bad it made CISA’s catalog of Known Exploited Vulnerabilities,” Wiseman said.

Seven of the flaws fixed today earned Microsoft’s most-dire “critical” label, which it assigns to vulnerabilities that can be exploited by malware or miscreants to remotely compromise a vulnerable Windows system without any help from the user.

Among those is CVE-2022-26937, which carries a CVSS score of 9.8, and affects services using the Windows Network File System (NFS). Trend Micro’s Zero Day Initiative notes that this bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

“NFS isn’t on by default, but it’s prevalent in environment where Windows systems are mixed with other OSes such as Linux or Unix,” ZDI’s Dustin Childs wrote. “If this describes your environment, you should definitely test and deploy this patch quickly.”

Once again, this month’s Patch Tuesday is sponsored by Windows Print Spooler, a core Windows service that keeps spooling out the security hits. May’s patches include four fixes for Print Spooler, including two information disclosure and two elevation of privilege flaws.

“All of the flaws are rated as important, and two of the three are considered more likely to be exploited,” said Satnam Narang, staff research engineer at Tenable. “Windows Print Spooler continues to remain a valuable target for attackers since PrintNightmare was disclosed nearly a year ago. Elevation of Privilege flaws in particular should be carefully prioritized, as we’ve seen ransomware groups like Conti favor them as part of its playbook.”

Other Windows components that received patches this month include .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office, Windows Hyper-V, Windows Authentication Methods, BitLocker, Remote Desktop Client, and Windows Point-to-Point Tunneling Protocol.

Also today, Adobe issued five security bulletins to address at least 18 flaws in Adobe CloudFusion, Framemaker, InCopy, InDesign, and Adobe Character Animator. Adobe said it is not aware of any exploits in the wild for any of the issues addressed in today’s updates.

For a more granular look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the skinny on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

from Krebs on Security https://ift.tt/z2fyUm5
via IFTTT