All about Security, News, Events and Incidents

Interesting reading:

Hackers steal secret crypto keys for NordVPN
https://arstechnica.com/information...o-keys-for-nordvpn-heres-what-we-know-so-far/

Servers for NordVPN, TorGuard, and possibly VikingVPN hacked
https://www.bleepingcomputer.com/ne...-servers-belonging-to-multiple-vpn-providers/

 

NordVPN confirms it was hacked
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

 

LOL, I was just about to post the same news in another thread and looked to see if it was already posted. So, no new thread...

Hackers steal secret crypto keys for NordVPN. Here’s what we know so far | Ars Technica

Life is full of risks... security is a myth that is consistently exploited for secondary gain... by the bad guys and the good guys... both out to make a buck, by hook or by crook.

And, on an equally positive note, there's this little gem that is sure to cause some excitement...

Samsung's huge fingerprint reader flaw leaves millions of phones open to anyone | Komando.com

According to reports from the BBC, a newly discovered security flaw in Samsung's Galaxy S10 and Note 10 smartphones allows anyone to bypass the device's fingerprint reader with a simple scan.

For the worry warts among us, this is going to result in some loss of sleep.

Boogie-man is gonna getcha kids.

 

Russia Will Test Its Ability to Disconnect from the Internet
https://www.defenseone.com/technolo...-test-its-ability-disconnect-internet/160861/

 

Samsung have released new Samsung NVMe Driver v3.2

Change log
3.2 Enhanced security for installation - September, 2019

 

Funny hack method...

"Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible—and sometimes invisible—commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles,"

https://arstechnica.com/information...xa-and-google-home-by-shining-lasers-at-them/

 

So the last thing we will hear after the Atomic Flash won't be the "BOOM!!", it will be a nation of Smart Devices waking up for their final time...making Coffee...turning on the Lights... playing random Music, and asking "What would you like to do today?"... BOOM!!

 

SECURITY, MICROSOFT
Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.

---------------------------------------------------

Nvidia: Vulnerabilities in GeForce Experience & GPU Drivers
Published on 8 November 2019 by Günter Born

​

[ English ] There are several major vulnerabilities in the Nvidia GeForce Experience and GPU drivers that allow local attackers to increase privilege. Nvidia has provided a driver update.

 

Maybe the word Privacy should be added to forum board \ the topic here.
----

Google reportedly collecting millions of Americans' healthcare data without patient consent.
'Project Nightingale', reportedly amasses private health data from millions of Americans across 21 states.

Google not at fault when some managers willingly hand over data, but what will all this kind of 'new normality' lead to, noone knows.

https://www.neowin.net/news/google-...icans-healthcare-data-without-patient-consent

https://www.bbc.com/news/technology-50388464

 

Another sign of the times.

The speed at which hackers have mobilized to monetize Disney+ accounts is astounding. Accounts were put up for sale on hacking forums within hours after the service's launch.

https://www.zdnet.com/article/thous...ounts-are-already-for-sale-on-hacking-forums/

 

Symantec, ESET, McAfee rank first in Windows anti-malware market share
Share your thoughts. Even vote if you want.
http://forum.notebookreview.com/thr...-in-windows-anti-malware-market-share.831065/

 

Yeah, bloatware have no place in computers.

Nvidia's Latest GeForce Experience Update Patches 'High-Severity' Security Vulnerability tomshardware.com | Dec 23, 2019

 

Which nvidia driver are you using? Standard Latest notebook drivers or older Clevo driver which are far more stable than newer GP WHQL drivers?

 

Warning: 0-day vulnerability in Internet Explorer (1/17/2020)
Published on January 18, 2020 by Günter Born Borncity.com
[ Deutsch ] Microsoft released a security advisory for a 0-day vulnerability in Internet Explorer on January 17, 2020, which affects practically all versions of Windows (since Internet Explorer is available as a browser). There is a problem in the JScript part that could be used to execute remote code. Here is some information, including how to defuse it with a workaround.

I test different drivers. I avoid Nvidia's DCH drivers and I don't use drivers from Clevo.

 

I suspect that the Redmond Retards are either crafting or funding the development of vulnerabilities so they can crow about Windoze OS X and Edge being supposedly "safer" products.

In other breaking news: All people that have a pulse, regardless of the year they were born, are vulnerable to death.

 

AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers techpowerup.com | Today, 08:35

If you haven't updated your AMD Radeon drivers in a while, here's one major reason to. The company secretly patched four major security vulnerabilities affecting Radeon GPUs, in its recent Adrenalin 20.1.1 drivers, with no mention of doing so in its changelog. Talos Intelligence reports four vulnerabilities, which are are chronicled under CVE-2019-5124, CVE-2019-5146, CVE-2019-5147 and CVE-2019-5183. This class of attacks exploits a vulnerability in the AMD Radeon driver file ATIDXX64.dll, which can lead to denial of service or even remote code execution. What makes things much more serious is that this attack vector can be used to exploit the host machine from a VM (tested with VMWare). It even seems possible to trigger the vulnerability from a web page, through WebGL (which allows running 3D applications on a remote website). The vulnerabilities were tested on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guest VM, but there is no reason to assume that the issue is limited to just RX 550 as the AMD shader compiler shares a common code basis for all recent DirectX 12 GPUs.

All vulnerabilities rely on a common attack vector: specially crafted shader code that exploits bugs in the shader compiler. Even though HLSL shader code looks similar to assembly, it actually is a relatively high-level language that gets optimized and compiled by the graphics driver. VMWare's graphics acceleration lets you run 3D graphics in virtual machines, by passing along rendering info to the host GPU and then funneling the output back into the VM. Since the shader code gets compiled using the graphics driver of the host OS, this creates interesting opportunities for attacks.

All four vulnerabilities have been patched with Adrenalin 20.1.1 drivers. AMD rival NVIDIA also battles security vulnerabilities in secret, but the company tends to be more transparent in mentioning vulnerabilities patched in its driver release-notes. AMD's release notes for 20.1.1, in contrast omit any mention of the vulnerabilities, so most people aren't even aware that they should update their drivers to fix a security issue.

Yeah, very nice by AMD try hide it

 

To be fair, it's so rare for AMD to have a security issue to patch, AMD aren't used to the constant daily, weekly, monthly drone of constantly needing to warn their customers about security patches like their less secure competitors - Intel and Nvidia - and Microsoft of course, the king of security patches.

This is a VMware vulnerability, I doubt AMD will end up reporting this to the average Windows User, that's why it isn't in the Adrenaline driver release notes. Why confuse their Windows users listing a VMware vulnerability? VMware users get their security warnings through VMware.

The patch released through AMD's Radeon driver update is to work around holes in VMware, not holes in Windows or AMD's product's - the driver update is only for VMware vulnerabilities, so really it's up to VMware to make notice to VMware users, and they do:

Security updates AMD Radeon Display Driver – CVE-2019-5124, CVE-2019-5146, CVE-2019-5147, & CVE-2019-5183
Praveen Singh Posted 27 minutes ago
https://blogs.vmware.com/security/2...ve-2019-5146-cve-2019-5147-cve-2019-5183.html

"Greetings from VMware Security Response Center!

We wanted to make you aware of multiple AMD security issues tracked by CVE-2019-5124, CVE-2019-5146, CVE-2019-5147, & CVE-2019-5183.

These issues exist in AMD Radeon Display Drivers and have been shown to affect VMware Workstation running on Windows.

Therefore, we wanted to make sure you were informed of these issues so that necessary actions can be taken to resolve them appropriately.

AMD has issued an update to address these issues. Please see the below link:
https://www.amd.com/en/support/kb/release-notes/rn-rad-win-20-1-1 (Radeon Software Adrenalin 2020 Edition 20.1.1 Driver for Windows)

Customers should review the available documentation and direct technical inquiries to VMware Support for further assistance."

Direct technical inquiries to VMware Support, not to AMD!

If you look at the author of the VMware CVE's they all discuss this as from the point of view of being a VMware vulnerability - which would have nothing to do with a normal Windows user:

CVE-2019-5146 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). This type of attack can be triggered from from VMware guest usermode to cause an out-of-bounds read in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).

CVE-2019-5147 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). Such attack can be triggered from from VMware guest usermode to cause an out-of-bounds read in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).

CVE-2019-5183 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest operating system). Such attack can be triggered from VMware guest usermode. The vulnerability will be triggered in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website), leading to potential code execution (through a vtable type-confusion).

CVE-2019-5124 - This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). Such attack can be triggered from VMware guest usermode to cause a NULL pointer dereference in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).

Getting into this detail it's clear your post doesn't belong here - it's OT to a Windows vulnerability - no Windows user running Windows on their own hardware is affected.

This belongs in a VMware Vulnerability thread, for those running Windows as Guest on VMware.

And, in the past I've seen these kind of VMware Guest Windows Vulnerabilities listed as such only in regards to VMware users communications - as Windows users would simply be confused by all of this - just like you.

 

Say what you want, but security patches should be listed in released notes. If one company starts to hide every security flaws they have patched all others will follow paths. Relying on other companies to know what’s fixed is pretty sweet

I wonder what they hoped to gain with this.... I’m sure I know. But not a proper way to do it whatsoever what you try to say.

For the records. I myself determine what I want to update on my machines. Not knowing what I’ll get from new patches isn’t the way I prefer. Not at all! Maybe it’s ok for others but that’s up to them.

 

You've gotten all worked up about it for no reason. There's nothing nefarious going on, and it's as simple as I explained earlier.

The patch is only needed when you are building a VMware Guest Windows 10 image, and if you are the VMware administrator and you or your company pay for VMware support - you will be getting VMware security alerts and patch alerts just like the one I posted from VMware in my last response.

Those VMware patch alerts that are only for VMware host OS's and VMware guest OS's are only sent to the administrators that will use the information.

The regular Windows users on a VMware cluster aren't going to be building their own Guest OS image to run on VMware, they will have a selection of pre-configured (pre-patched) images to choose from, or more likely they'll just be given a Windows login and an IP address to connect to using a remote client.

Only a small fraction of the millions of VMware users will need to see those security and patch updates. Regular / Normal Windows users on VMware will never need or see those VMware security and patch updates.

The only people that need to know are the VMware administrators that create the images or the DevOp's team that supports their VMware servers.

A normal Windows user (like you) that doesn't use VMware, administrate VMware, or even know boo about any of this - that downloads Radeon Adrenaline drivers from AMD doesn't need to see the 4 VMware CVE's resolved with the latest Radeon Adrenaline driver. The 4 CVE's would be completely useless to you or any normal Windows user, and a complete waste of time.

No one would want the millions of Windows users that download this AMD Adrenaline driver now and in the future to be subjected to reading these 4 VMware CVE's that will never apply to them.

I'm trying to help you understand - sorry if it's not clear yet, but for me I've known about these kind of "hidden" patches and security alerts for many decades, since before VMware or Windows even existed - it's a very standard way of compartmentalizing information so as to not waste people's time that have no direct interest in the information.

It's not hidden, it's very available to the people that need it and we know where it is and have for many years.

If you want this sort of information from VMware, you can buy VMware Workstation Pro for about $295 (last time I checked), or get VMware Workstation Player for free (it's a limited VMware Workstation):
https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html

Then as a VMware Administrator you would want and need to know, but until then, it's useless information.

I prefer recommending Virtualbox to Windows users, there's no cost and it's fully functional - hopefully it will remain that way.
https://www.virtualbox.org/wiki/Downloads

And, for Virtualbox users there is also no need for them to see or get alerted to the VMware CVE's, as it only applies to Administrators of VMware.

Are you starting to understand what I am explaining? There's nothing being hidden by anyone, it's a matter of not wasting the time of people that have no interest in someone else's problems that in no way impact their lives.

 

Oh that makes sense! I switched from Vmware to VBox since I couldn't test and install Insider release custom ISO and VBox read them perfectly and worked for wide variety of Insider releases and custom Linux ISO I made but VMware didn't.

 

To be fair both VMware and Vbox can at different times have problems that keep each of them from working for various VM configurations due to bugs introduce by Windows / Linux updates or VMware Workstation updates.

That's why I run both when I can, fortunately so far both have not had an operationally debilitating problem for me at the *same* time, I can move from one to the other depending on the state of their functionality - plus I can test quickly which is more efficient at the time for my current needs.

Also, usually they stagger the updates required for Windows / Linux version update support. Inevitably there can be bugs introduced by both the VMware and Guest OS updates that will need to be resolved over time, and I switch to the other Hypervisor when that happens.

VMware ESX/ESXi bare metal x86 hypervisor (no need for Windows / Linux Host OS support) and large enterprise configurations have more flexibility in management and often are preferred to the Workstation product, especially as an Administrator you can do more, but it's nice to have the ability to host VM's on your laptop or Workstation independent from network access as well.

Being able to natively boot a Guest VM partition or boot into the Host OS and run VMware to load that partition on your laptop or workstation is another great feature.

VMware and vbox both have features and benefits enough to use both.

 

New 'CacheOut' attack targets Intel processors, with a fix arriving soon

http://forum.notebookreview.com/thr...atches-and-more.812424/page-131#post-10987190

 

Medical Diagnostics Firm LabCorp Leaked Thousands Of Confidential Medical Records hothardware.com | jan 29, 2020

LabCorp is one of the largest medical laboratory companies in the country. Chances are high that anyone who has had lab tests run at the doctor's office or hospital has used LabCorp at some point. The company had a major security flaw with its website that exposed confidential medical documents, including lab test...

 

(Update) Hair-raising security vulnerability: nello door opener opens the door to strangers, update is a long time coming notebookcheck.com | January 30th, 2020

(Update: Further information) The smart door opener nello one has massive security problems and opens the door to unauthorized persons. Currently, users should seriously consider switching off the system in their own household.

 

Realtek closes a DLL Hijacking Vulnerability in HD Audio driver
Posted on 2020-02-06 by guenni

​

[ German]Vendor Realtek has closed a DLL hijacking vulnerability in its HD audit driver package. Here is some information about this issue...

 

This has been a problem for a while, but recently ransomware has begun to take advantage of it, so if you have old Gigabyte hardware you might want to check your exposure to this vulnerability:

Gigabyte Driver Used to Disable Antivirus Software in RobbinHood Ransomware Scheme
Stealing from...whoever's vulnerable.
By Lucian Armasu a day ago
https://www.tomshardware.com/news/robbinhood-ransomware-gigabyte-driver-cybersecurity-malware

"According to research by Sophos, a leading software security firm, a ransomware called "RobbinHood" has been making use of legitimate, but vulnerable, Gigabyte drivers to infect computer systems and take them over.

The attack works on Windows 7 and newer operating systems (OSes). Gigabyte had previously dismissed the claims that its driver was vulnerable to the flaw that the ransomware group is now exploiting, according to Sophos.

Gigabyte shares part of the blame for initially dismissing the vulnerability in 2018, when security researchers first reported it to the company. The public eventually put enough pressure on Gigabyte that it acknowledged the flaw.

However, instead of releasing a patch to fix the vulnerability for its older motherboards, the company discontinued support for that driver. This poor judgement on Gigatebyte’s part has now allowed attackers to weaponize its unpatched driver.

Another party responsible, Sophos said, is Verisign. Two years after Gigabyte discontinued its driver, it's still “trusted” by the Windows OS and many antivirus programs by default due to Verisign failing to revoke its signing certificate. This has allowed attackers to take advantage of the trusted driver to install another unsigned driver on the victims' machines.

After, the attackers would use this new driver first patch the Windows kernel in-memory and kill antivirus programs and other endpoint security solutions that would prevent the ransomware from taking over the machine.

One-of-a-Kind Ransomware
Sophos researchers said that even though they’ve seen other ransomware try to kill antivirus programs before, they’ve never seen one where the ransomware uses a trusted third-party driver to achieve that.

Most security solutions have some kind of “trusted programs” list enabled by default on all installations. This is a compromise security companies have made in order to end a large amount of false positives and avoid having too many users block programs because they didn’t understand what the antivirus was asking them to do.

However, chances are that as other avenues to exploit the Windows OS close, malware makers will start to explore additional ways to use that trusted programs list in their favor. If they can trick antivirus programs to believe that their malware is one of the trusted programs in that list, then they later can get almost free reign on a user’s machine.

Mitigation Against This Attack

As the RobbinHood ransomware has shown us, even if your OS is fully patched, a hacker can still leverage other techniques to bring vulnerabilities to your computer.

Sophos recommends not relying on a single program to keep you safe, while also adopting other security best practice, such as using OS accounts with limited access rights by default, making regular backups, using multi-factor authentication."

Ransomware installs Gigabyte driver to kill antivirus products
RobbinHood ransomware deploys novel technique to make sure it can encrypt files without being interrupted.
https://www.zdnet.com/article/ransomware-installs-gigabyte-driver-to-kill-antivirus-products/

Living off another land: Ransomware borrows vulnerable driver to remove security software
6 FEBRUARY 2020
https://news.sophos.com/en-us/2020/...ulnerable-driver-to-remove-security-software/

An unrelated but interesting novel method of attack, mid-attack reboot in Safe-Mode to avoid protections, an interesting read into the minds of exploiters...

Snatch ransomware reboots PCs into Safe Mode to bypass protection
SophosLabs, 9 DECEMBER 2019
A novel hybrid data theft-ransomware threat disables security protections by rebooting Windows machines mid-attack
https://news.sophos.com/en-us/2019/...oots-pcs-into-safe-mode-to-bypass-protection/

 

And back on it again

Dell SupportAssist with major vulnerability (Feb. 2020)
Published on February 10, 2020 by Günter Born

​

[ Deutsch ] Dell SupportAssist, which is delivered with Windows systems, has a serious vulnerability in older versions, which enables the execution of arbitrary codes with administrator rights.



It is strongly recommended to upgrade to versions 2.1.4 or 3.4.1. Unfortunately, this case again reveals which crap goods the OEM suppliers are supposed to install on their PCs for the benefit of their customers and then open security gaps.

 

This worthless utility has always been a pile of digi-dung.

 

100% of similar software is bad. I can't understand that people want it installed on their computers. Most problems come in fact from such typ tools. Either security Vulnerability or other sorts of screw up. Remember Micro$lope often make core changes in their OS and having unnecessary software such as this Junk doesn't make it any better for stability.

 

The concept " it comes from [insert OEM name] so it needs to be installed" is our first clue that stupidity has metastasized.

 

Mac threats overtake Windows for the first time. Mac Malware Exploded By 400% In 2018 Far Outpacing New PC Infections...

http://forum.notebookreview.com/thr...ome-tips-to-get-started.831928/#post-10990164

 

Chinese Military Personnel Charged with Hacking into Credit Reporting Agency Equifax
https://www.bbc.com/news/world-us-canada-51449778

 

Intel Discovers Security Flaw in CSME Firmware
http://forum.notebookreview.com/thr...atches-and-more.812424/page-132#post-10990536

 

Is your browser safe against tracking?
When you visit a website, online trackers and the site itself may be able to identify you – even if you’ve installed software to protect yourself. It’s possible to configure your browser to thwart tracking, but many people don’t know how.

Panopticlick will analyze how well your browser and add-ons protect you against online tracking techniques. We’ll also see if your system is uniquely configured—and thus identifiable—even if you are using privacy-protective software. However, we only do so with your explicit consent, through the TEST ME button below.

https://panopticlick.eff.org/

 

Some reading for the weekend

Eurowings: serious data breach with the online portal
Published on February 15, 2020 by Günter Born

​

[ Deutsch ] The Lufthansa subsidiary Eurowings experienced a serious data glitch in the online portal. Customers could temporarily access other passengers' personal data.


Massive data leak at the French company NextMotion, active in the field of cosmetic surgery
Published on February 14, 2020 by Günter Born

​

[ Deutsch ] Security researchers have encountered a massive data leak at the French company NextMotion, a technology company for plastic surgery. A compromised database contained 100,000 profile pictures and personal (as well as intimate) data from patients who underwent cosmetic surgery on surgeons. I received the information directly from vpnmentor. NextMotion has confirmed the data leak.


Intel Security Advisories (February 11, 2020)
Published on February 14, 2020 by Günter Born

​

[ Deutsch ] As of February 11, 2020, Intel published several product security vulnerabilities in the Product Security Center. This ranges from the Intel® RAID Web Console 3 (RWC3) for Windows to USB drivers. There will be no more updates for some products, which Intel has now discontinued.


Symantec Endpoint Protection: Urgent update
Published on February 14, 2020 by Günter Born

​

[ Deutsch ] If someone uses Symantec Endpoint Protection on their Windows clients, the antivirus solution should be updated quickly. Because older versions have security gaps.

 

Windows, Linux Devices at Risk Due to Unsigned Peripheral Firmware

- Researchers have discovered multiple instances of unsigned firmware in computer peripherals that can be used by malicious actors to attack laptops and servers running Windows and Linux.

- This is a big problem since millions of such devices are directly exposed to attacks designed to abuse this flaw to harvest and exfiltrate the users' sensitive information, to trigger denial-of-service states, and infect them with various malware strains such as ransomware.

https://www.bleepingcomputer.com/ne...-at-risk-due-to-unsigned-peripheral-firmware/

---

Hey. Where'd you get that USB camera?!?

 

Three vulnerabilities in Sophos/Cyberoam firewall technology
Posted on 2020-02-29 by guenni

​

[ German]Security researchers have discovered three vulnerabilities in Cyberoam firewalls (owned by British company Sophos). The vulnerabilities leave millions of devices and, in principle, the entire network vulnerable to security attacks. The products are used in corporate networks and are accessible via the Internet (sometimes with standard credentials). Currently there seems to be no firmware update available. Here I present some information that I received from security researchers of vpnMentor regarding this issue.


NVIDIA fixes critical vulnerability in Windows GPU driver (2/28/2010)
Posted on 2020-02-29 by guenni

​

[ German]Nvidia has just fixed a critical vulnerability in its Windows GPU graphics driver with an update. The vulnerabilities could lead to privilege escalation and code execution or information theft.

 

Samsung have released new Samsung NVMe Driver v3.3

But as usual... There is a daily limit on the number of the updated software

But you'll get it at Guru3.com
Samsung NVMe SSD Driver Download v3.3
Posted by: Hilbert Hagedoorn on: 03/02/2020 10:29 AM

Download the Samsung NVMe SSD Driver. This software was released to support all Samsung NVMe SSD series SSDs.

 

That's so strange that Samsung has a limit on downloads, I've hit it before myself, it reminds me of the old "slashdoted" effect when people's personal webpages were linked and a million hits blows their quota in no time.

I got my copy just now... IDK what the rules are here for hosting or uploading software, perhaps you could find out and maybe have a copy here for NBR members to grab? Its only about 75MB, but that's well past 2MB limit... what about a software archive for NBR members?

 

I think the driver will be aviable on several places within short time. Even on Samsung download page.

Also normally hosted here... Recommended AHCI/RAID and NVMe Drivers Win-Raid.com

Direct download link Samsung NVMe Driver Installer Set v3.3.0.2003 for Win7-10

Tip for users with a non-Samsung NVMe SSD:
According to my own experiences the original 32/64bit Samsung NVMe drivers for Win10 are a very good and extremely performant alternative to the generic MS in-box NVMe driver.
The driver update for the NVMe Controller has to be forced by hitting the "Have Disk" button. The popup warning regarding the missing compatibility usually can be disregarded. Nevertheless I strongly recommend to set a "Restore Point" before doing it.

Some reading for you...

https://www.touslesdrivers.com/index.php?v_page=3&v_code=7671
"With each publication of a new file for SSD (Magician, firmware, driver ...), Samsung takes infinite precautions and imposes during the first week a maximum number of daily downloads which allows in case of concern with this update day to affect only a limited number of users. The Korean manufacturer has implemented this procedure since 2015 when new firmware had caused the failure of many SSD SATA 850 PRO just updated."

 

I ran into a problem using this and earlier versions of Samsung NVMe drivers that others may want to be aware of. They work fine with Samsung consumer NVMe SSDs. However, they are NOT compatible with Samsung Enterprise NVMe SSDs. I have a total of five NVMe SSDs running on my desktop. Three are Samsung consumer NVMe (960 Pro) drives, and two are 1TB Samsung Enterprise NVMe 22110 M.2 form factor. If you look on the compatibility list, only consumer NVMe SSDs are listed. And, you would be right in thinking that there is a good reason for that.

The installer will install these drivers for all Samsung NVMe storage controllers with no regard for compatibility. This will make any OS running on the Enterprise NVMe SSDs unbootable. You will get the spinning circle of dots for a long time, then it will freeze. Access to Safe Mode to manually remove the drivers and fall back on the previous version and System Restore are not accessible after this has occurred. The only way you can do this is with an INF installation and use the "Have Disk" method ONLY for the Samsung consumer NVMe drives. It's not worth the hassle to me. I just use the standard Micro$lop NVM Express Controller drivers included with Windows 10. Going to the extra trouble manually with the Samsung consumer NVMe drives yields no meaningful performance advantage.

I tried this latest driver today and ran into the same problem. Macrium Reflect sorted it for me. Easy, peasy. Like it never happened in just a few minutes, so no harm/no foul. Lucky for me I am a Macrium Reflect addict and I am almost always ready for a disaster like this or I would be screwed.

Oddly enough, this problem only happens on Windows 10 installations. The Enterprise NVMe drives can use the standard consumer NVMe drivers on Windows 7 with no issues whatsoever (so far). Go figure. Newer is always better. NOT! Newer is always... uh... newer.

@tilleroftheearth

 

HaHa, Yeah we talk about latest and greatest OS from Redmond misery It won't amaze me that it works well with Win 7 for you but not with the screwed up phone OS.

--------------------------------------------------------------------------------------------------

Samsung NVMe Driver 3.3 Benchmark thread techpowerup.forum

 

Ha, the one time I get it release day - and Samsung hadn't run out of download "tokens", I can't use it!

Good thing I let new software age before installing.

Translated from French link above:
THE DRIVER 3.3 FOR SAMSUNG NVME SSD ALREADY REMOVED

"With each publication of a new file for SSD (Magician, firmware, driver...), Samsung takes infinite precautions and imposes during the first week a maximum number of daily downloads which allows in case of trouble with this update to affect only a small number of users. The Korean manufacturer has been implementing this procedure since 2015 when a new firmware caused the failure of many SSD SATA 850 PROs just updated.

Well, it seems that this caution has paid off.

"Yesterday, Samsung released a new 3.3 version of its NVMe driver for M.2 PCIe SSDs such as the 950, 960 and 970 series (EVO, EVO Plus, PRO). According to our findings, these 3.3 drivers have already been removed from Samsung's servers for the benefit of the previous version 3.2. Samsung unfortunately gives no explanation regarding any problems that could be caused by this update. Those who managed to download the file yesterday before the daily limit reached will therefore have to be careful and not fail to back up their important data, you never know!

We'll be sure to keep you updated as soon as we know more or if another update is proposed for Samsung NVMe SSDs."
https://www.touslesdrivers.com/index.php?v_page=3&v_code=7671

Thanks for the heads up @Papusan , both directions

 

I'm confused. @hmscott quotes the article in that the Samsung NVMe 3.3 drivers have been removed from Samsung servers, but I can see I could download them as of today (Mar 4th, 2020)... It's just they're out of tokens, and I cannot get it yet. Is it possible they were pulled and then re-posted later but with links to different files (i.e. - someone screwed up and posted the wrong thing on Samsung's end?) Just curious more than anything else.

In any case, in regards to @Mr. Fox's crashing experience, I can understand his frustration, especially if it's worked in the past, but to be fair, they are explicitly marked as drivers for "Samsung NVMe SSD 970 PRO, 970 EVO, 970 EVO Plus, 960 PRO, 960 EVO and 950 PRO" drives on Windows 7, Windows 8.1 and Windows 10.

 

See my posts above. Samsung have done the same the last years. They have the well proven working 3.2 driver as standing until they are sure there ain't problems with the new v3.3. In short they put out limited downloads. Almost as Microsoft use the Home version of Win 10 as the Guinea pig A few has to test it before all get it.

This was the normal a few days ago when it was up on Samsung's servers, I could download it yesterday. Today locked out again.

 

Ahh... I see where there's a disconnect. I took the article from @hmscott as Samsung actually 'pulled' the 3.3 drivers - meaning that there was a bug, and Samsung has suspended any downloads until addressed. But that is NOT actually the case. What seems to be happening, which I didn't understand what @Papusan was pointing out, is that Samsung only allows X number of downloads per day. Once that limit is hit, the page gives you a default button to download the last version (3.2) until the next batch, of which Samsung has been doing for years.

My guess is there was something lost in translation from French, or they don't get the behavior that the drivers were never 'pulled', but rather the end user is presented with previous versions once the download limit was hit.

 

New Intel Vulnrebility found, Converged Security and Management Engine exploitable.

This Intel CPU Security Flaw Is Impossible To Fix, Affects All Recent Chips hothardware.com | Mar 6, 2020
Security researchers are sounding the alarm on a vulnerability present in practically every processor Intel has released in the past five years. According to the researchers, the vulnerability is "impossible to fix" and "jeopardizes everything Intel has done to build the root of trust and lay a solid security...

Update: Intel has released the following statement in regards to this vulnerability...

“ Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products. Intel released mitigations and recommends keeping systems up-to-date. Additional guidance specific to CVE-2019-0090 can be found here."

 

Man these security vulnerabilities just keep piling up on Intel, and new mitigations gimp the performance further each time.

 

https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html


February 11, 2020 Update: Intel is emphasizing previously provided security guidance related to CVE-2019-0090:

• Downgrading Intel® Management Engine Firmware (Intel® ME FW), which is a physical attack, is a known issue affecting any Intel® CSME version before and including 11.x, Intel® TXE 3.x, 4.x, and Intel® SPS 3.x, 4.x.
• End users should maintain physical possession of their platform
• Intel recommends that end users adopt best security practices by installing updates as soon as they become available and being continually vigilant to detect and prevent intrusions and exploitations.

Maybe you all should put the pc under your pillow when you sleep. As well ditching your desktop and buy an Clevo LGA laptop. You can have it with you everywhere with an nice bag. On the gym, work and all your freetime. Carry it with you and baby it as a sick child

 

And never connect it to the internet, so no sneaky Intel updates get you.