Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - June 5, 2008

by Marianna Schmudlach / June 5, 2008 12:50 AM PDT

SamTodo "tid" and "completed" Cross-Site Scripting Vulnerabilities

Secunia Advisory: SA30557
Release Date: 2008-06-05


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: SamTodo 1.x

Description:
David Sopas Ferreira has discovered some vulnerabilities in SamTodo, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
David Sopas Ferreira

Original Advisory:
http://www.davidsopas.com/soapbox/samtodo.txt

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - June 5, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - June 5, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
VMware Products Multiple Vulnerabilities
by Marianna Schmudlach / June 5, 2008 12:51 AM PDT

Secunia Advisory: SA30556
Release Date: 2008-06-05


Critical:
Less critical
Impact: Security Bypass
Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: VMware ESX Server 2.x
VMware ESX Server 3.x



Software: VMware ACE 1.x
VMware Player 1.x
VMware Server 1.x
VMware VIX API 1.x
VMware Workstation 5.x

Description:
Some vulnerabilities have been reported in multiple VMware Products, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges.

Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Other References:
SA30476:
http://secunia.com/advisories/30476/

Collapse -
Asterisk Addons "ooh323" Denial of Service Vulnerability
by Marianna Schmudlach / June 5, 2008 12:52 AM PDT

Secunia Advisory: SA30555
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Asterisk-Addons 1.x

Description:
A vulnerability has been reported in Asterisk Addons, which can be exploited by malicious people to cause a DoS (Denial of Service).

The problem is that the "ooh323" channel driver extracts memory addresses from incoming TCP packets and uses them in memory operations. This can be exploited to crash an affected application by sending a TCP packet containing invalid memory references.

The vulnerability is reported in 1.2.x versions prior to 1.2.9, and 1.4.x versions prior to 1.4.7.

Solution:
Asterisk Addons 1.2.x:
Update to version 1.2.9.

Asterisk Addons 1.4.x:
Update to version 1.4.7.

Provided and/or discovered by:
The vendor credits Tzafrir Cohen.

Original Advisory:
http://downloads.digium.com/pub/security/AST-2008-009.html

Collapse -
Red Hat update for cups
by Marianna Schmudlach / June 5, 2008 12:54 AM PDT

Secunia Advisory: SA30553
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0498.html

Other References:
SA29809:
http://secunia.com/advisories/29809/

Collapse -
Cisco ASA and PIX Security Appliances Multiple Vulnerabiliti
by Marianna Schmudlach / June 5, 2008 12:55 AM PDT

Secunia Advisory: SA30552
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: Security Bypass
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Cisco Adaptive Security Appliance (ASA) 7.x
Cisco Adaptive Security Appliance (ASA) 8.x
Cisco PIX 7.x
Cisco PIX 8.x

Description:
Some vulnerabilities have been reported in Cisco ASA and PIX appliances, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service).

Solution:
Update to fixed versions (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.cisco.com/en/US/products/p...curity_advisory09186a00809a8354.shtml

Collapse -
Slash Cross-Site Scripting and SQL Injection
by Marianna Schmudlach / June 5, 2008 12:56 AM PDT

Secunia Advisory: SA30551
Release Date: 2008-06-05


Critical:
Less critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Slash 2.x

Description:
Some vulnerabilities have been reported in Slash, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

Solution:
Apply vendor patch.
http://slashcode.cvs.sourceforge.net/.../Environment.pm?r1=1.223&r2=1.225

Provided and/or discovered by:
1) The vendor credits blackybr.
2) Reported by the vendor.

Original Advisory:
http://www.slashcode.com/article.pl?sid=08/01/07/2314232

Collapse -
Skype File URI Code Execution Vulnerability
by Marianna Schmudlach / June 5, 2008 12:58 AM PDT

Secunia Advisory: SA30547
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Skype for Windows 1.x
Skype for Windows 2.x
Skype for Windows 3.x

Description:
A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the handling of "file:" URIs, which can be exploited to bypass the security warning for blacklisted file extensions e.g. via a "file:" URI containing upper case characters in the file extension.

Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into clicking on a specially crafted "file:" URI.

The vulnerability is reported in version 3.8.*.115 and prior.

Solution:
Update to version 3.8.0.139.
http://www.skype.com/download/skype/windows/

Provided and/or discovered by:
Ismael Briones, reported via iDefense

Original Advisory:
Skype:
http://www.skype.com/security/skype-sb-2008-003.html

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711

Collapse -
Skype closes security hole
by Marianna Schmudlach / June 5, 2008 2:32 AM PDT

Skype has released a new version of its eponymous VoIP client that fixes two security flaws. The Windows version of Skype uses a filter to prevent locally stored executables from being launched via a file URI such as file://C:/foobar.exe. But according to iDefense the client only warns about the file types .ade, .adp, .asd, .bas, .bat, .cab, .chm, .cmd, .com, .cpl,.crt, .dll, .eml, .exe, .hlp, .hta, .inf, .ins, .isp and .js. Skype therefore does not block other potentially dangerous file types, such as .pif, .vbs and .scr. In addition, because the client's checks are case-sensitive and expect lower case, even a single capital letter in the file extension causes the file to escape the filter.

More: http://www.heise-online.co.uk/security/Skype-closes-security-hole--/news/110861

Collapse -
NASA BigView PPM File Processing Buffer Overflow
by Marianna Schmudlach / June 5, 2008 12:59 AM PDT

Secunia Advisory: SA30546
Release Date: 2008-06-05


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: NASA BigView 1.x



Description:
Core Security Technologies has reported a vulnerability in NASA BigView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the "getline()" function in Ppm/ppm.C as called from "PPM::ppmHeader()". This can be exploited to cause a stack-based buffer overflow via a specially crafted .PPM file containing an overly-long (greater than 512 bytes) line.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in version 1.8. Other versions may also be affected.

Solution:
Update to the latest version.
http://opensource.arc.nasa.gov/software/bigview/

Provided and/or discovered by:
Alfredo Ortega, Core Security Technologies

Original Advisory:
CORE-2008-0425:
http://www.coresecurity.com/index.php...ontentMod&action=item&id=2304

Collapse -
Sun Service Tag Registry Local Denial of Service Weakness
by Marianna Schmudlach / June 5, 2008 1:00 AM PDT

Secunia Advisory: SA30545
Release Date: 2008-06-05


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Unpatched


OS: Sun Solaris 10



Software: Sun Service Tag 1.x

Description:
A weakness has been reported in Sun Service Tag, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The weakness is caused due to an unspecified error in the Sun Service Tag Registry, which can be exploited to completely fill the "/var" file system.

Successful exploitation may result in a DoS for applications depending on the "/var" file system.

The weakness is reported in Sun Service Tag version 1.0, 1.1, and 1.2 for Solaris, version 1.1 and 1.2 for Enterprise Linux, and Solaris 10 for the SPARC and x86 platforms.

NOTE: This weakness does not affect Service Tag for the Windows platform.

Solution:
Update to version 1.1.3 or later, or apply patches.
https://inventory.sun.com/inventory/

-- SPARC Platform --

Solaris 10:
Apply patch 136839-01 or higher.

-- x86 Platform --

Solaris 10:
Apply patch 136840-01 or higher.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238414-1

Collapse -
SUSE update for samba
by Marianna Schmudlach / June 5, 2008 1:02 AM PDT

Secunia Advisory: SA30543
Release Date: 2008-06-05


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10.1
SUSE Linux Enterprise Server 10
SuSE Linux Enterprise Server 8
SUSE Linux Enterprise Server 9



Software: Novell Open Enterprise Server 1.x



Description:
SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html

Other References:
SA30228:
http://secunia.com/advisories/30228/

Collapse -
Avaya CMS Solaris crontab Privilege Escalation Vulnerability
by Marianna Schmudlach / June 5, 2008 1:03 AM PDT

Secunia Advisory: SA30542
Release Date: 2008-06-05


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Unpatched


OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is reported in Avaya CMS R12, R13/R13.1, and R14.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-222.htm

Other References:
SA30482:
http://secunia.com/advisories/30482/

Collapse -
Joomla JotLoader Component "cid" SQL Injection
by Marianna Schmudlach / June 5, 2008 1:04 AM PDT

Secunia Advisory: SA30541
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: JotLoader 1.x (component for Joomla)

Description:
His0k4 has discovered a vulnerability in the JotLoader component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Successful exploitation allows e.g. retrieving administrator password hashes.

The vulnerability is confirmed in version 1.2.1.a. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
His0k4

Original Advisory:
http://milw0rm.com/exploits/5737

Collapse -
PHP Address Book Cross-Site Scripting and SQL Injection
by Marianna Schmudlach / June 5, 2008 1:06 AM PDT

Secunia Advisory: SA30540
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: PHP Address Book 3.x

Description:
CWH Underground has reported some vulnerabilities in PHP Address Book, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/5739

Collapse -
Sun Solaris "inet_network()" Off-By-One Vulnerability
by Marianna Schmudlach / June 5, 2008 1:07 AM PDT

Secunia Advisory: SA30538
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Description:
Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

The vulnerability is reported in Solaris 8, 9, and 10 for the SPARC platform and Solaris 8 for the x86 platform.

Solution:
Restrict access and network traffic to applications that are linked to affected libraries (please see the vendor advisory for details).

Reportedly, a final resolution is pending completion.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238493-1

Other References:
SA28367:
http://secunia.com/advisories/28367/

Collapse -
Akamai Download Manager Arbitrary File Download Vulnerabilit
by Marianna Schmudlach / June 5, 2008 1:08 AM PDT

Secunia Advisory: SA30537
Release Date: 2008-06-05


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Akamai Download Manager 2.x

Description:
A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error in the Akamai Download Manager ActiveX Control when handling the "URL" parameter. This can be exploited to download an arbitrary file to an arbitrary location on a vulnerable system when a user e.g. visits a malicious website.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects versions 2.2.3.5 and prior.

Solution:
Update to version 2.2.3.7.
http://dlm.tools.akamai.com/tools/upgrade.html

Provided and/or discovered by:
The vendor credits Fortinet.

Original Advisory:
Akamai (via Full-Disclosure):
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html

Other References:
cocoruder:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062669.html

Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.

Collapse -
VMware ESX Server Multiple Security Updates
by Marianna Schmudlach / June 5, 2008 1:09 AM PDT

Secunia Advisory: SA30535
Release Date: 2008-06-05


Critical:
Highly critical
Impact: Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: VMware ESX Server 2.x
VMware ESX Server 3.x

Description:
VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

Solution:
Apply patches.

Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Other References:
SA19618:
http://secunia.com/advisories/19618/

SA26942:
http://secunia.com/advisories/26942/

SA28359:
http://secunia.com/advisories/28359/

SA28784:
http://secunia.com/advisories/28784/

SA29415:
http://secunia.com/advisories/29415/

SA29428:
http://secunia.com/advisories/29428/

Collapse -
phpInstantGallery Multiple Cross-Site Scripting Vulnerabilit
by Marianna Schmudlach / June 5, 2008 1:10 AM PDT

Secunia Advisory: SA30524
Release Date: 2008-06-05


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: phpInstantGallery 2.x

Description:
Some vulnerabilities have been discovered in phpInstantGallery, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "gallery" parameter in index.php and the "gallery" and "imgnum" parameter in image.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Reportedly discovered by ZoRLu

Original Advisory:
http://www.securityfocus.com/bid/29152/

Collapse -
427BB SQL Injection and Cross-Site Scripting vulnerabilities
by Marianna Schmudlach / June 5, 2008 1:12 AM PDT

Secunia Advisory: SA30520
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: 427BB 2.x

Description:
CWH Underground has discovered some vulnerabilities in 427BB, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://milw0rm.com/exploits/5742

Collapse -
Joomla Simple Shop Galore Component "catid" SQL Injection
by Marianna Schmudlach / June 5, 2008 1:13 AM PDT

Secunia Advisory: SA30461
Release Date: 2008-06-05


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Simple Shop Galore 3.x (component for Joomla)

Description:
His0k4 has discovered a vulnerability in the Simple Shop Galore component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
His0k4

Original Advisory:
http://milw0rm.com/exploits/5743

Collapse -
PowerPhlogger "css_str" SQL Injection Vulnerability
by Marianna Schmudlach / June 5, 2008 1:14 AM PDT

Secunia Advisory: SA30423
Release Date: 2008-06-05


Critical:
Less critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: PowerPhlogger 2.x

Description:
MustLive has discovered a vulnerability in PowerPhlogger, which can be exploited by malicious users to conduct SQL injection attacks.

The vulnerability is confirmed in version 2.2.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
MustLive

Original Advisory:
http://milw0rm.com/exploits/5744

Collapse -
HP Online Support Service ActiveX Multiple Vulnerabilities
by Marianna Schmudlach / June 5, 2008 1:16 AM PDT

Summary
Several functions provided by the ActiveX of HP Online support components are affected by multiple types of vulnerabilities.

This would allow an attacker to:
* Write a malicious file to the system or elsewhere where the user has account or network access.
* Multiple overflows, allowing arbitrary code execution
* Download of malicious files
* Execution of malicious files
* Deletion of arbitrary files

Credit:
The information has been provided by Dennis Rand.
The original article can be found at: http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf

http://www.securiteam.com/windowsntfocus/5KP021FOKK.html

Collapse -
Ooh323 Channel Driver Crash Vulnerability
by Marianna Schmudlach / June 5, 2008 1:17 AM PDT
Collapse -
Two critical bugs in Evolution
by Marianna Schmudlach / June 5, 2008 2:28 AM PDT

Evolution, the Gnome desktop's standard email client and personal information manager contains two security vulnerabilities which can apparently be exploited to inject and execute code on a system. According to Secunia there is a time zone string parsing bug in the processing of iCalendar appointment attachments that could lead to a buffer overflow. However, for this to happen the ITip Formatter plugin must be deactivated. In addition, a heap overflow can occur when replying to iCalendar requests if the DESCRIPTION field of an attachment is too long. However, this attack is apparently only possible while the victim is in calendar view.

More: http://www.heise-online.co.uk/security/Two-critical-bugs-in-Evolution--/news/110864

Collapse -
Cisco patches five holes in PIX and ASA
by Marianna Schmudlach / June 5, 2008 2:29 AM PDT

Cisco has discovered vulnerabilities in its PIX Appliances and ASA 5500 series. Crafted TCP-ACK and TLS packets can cause units to reboot. According to the security advisory, the this only happens where the device itself is the destination of packets such as management traffic. Forwarded packages do not cause a problem. But if Instant Messaging Inspection is enabled, certain forwarded packages can indeed cause the system to reboot. Under default settings, the function is disabled. An otherwise unexplained scan of port 443 on the PIX and ASA can cause a denial of service.

http://www.heise-online.co.uk/security/Cisco-patches-five-holes-in-PIX-and-ASA--/news/110863

Collapse -
Kaspersky driver bug allows privilege escalation
by Marianna Schmudlach / June 5, 2008 2:30 AM PDT
Collapse -
Microsoft Releases Advance Notification for June Security Bu
by Marianna Schmudlach / June 5, 2008 7:13 AM PDT

added June 5, 2008 at 03:07 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its June release cycle will contain seven bulletins, three of which will have the severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows and Internet Explorer. The notification also states that there will be three Important bulletins for Microsoft Windows. The last of these bulletins has the severity rating of Moderate and is for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, June 10.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#microsoft_releases_advance_notification_for15

Collapse -
Vulnerability on the latest Symbian operating system
by Marianna Schmudlach / June 5, 2008 7:50 AM PDT

This press release comes from F-Secure

PRESS RELEASE

For release June 5, 2008



Vulnerability on the latest Symbian operating system

It is now possible for mobile phone hackers to bypass the security system of the Symbian OS 9 based S60 3rd Edition phones with a mobile application. Symbian OS 9 based S60 3rd Edition is the market-leading open operating system for mobile phones.

The newly developed hack is a so-called privilege escalation hack. This means that hackers can get unauthorized access to the phone?s file system, which is normally protected. With this access system modifications can be made.

Hacks directed towards the S60 3rd Edition have been evolving for some time. What makes this case different is that the new hack can be carried out without external devices or system knowledge by installing just one mobile application that is downloadable from the web.

Because the application can be considered as a hacking application, it is classified by F-Secure as riskware. F-Secure Mobile Security software identifies this application and removes it.


Commenting on the vulnerability, Jarno Niemel

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?