Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - October 22, 2007

by Marianna Schmudlach / October 22, 2007 2:39 AM PDT

RealPlayer Playlist Handling Buffer Overflow Vulnerability

Secunia Advisory: SA27248
Release Date: 2007-10-22


Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: RealOne Player 1.x
RealOne Player 2.x
RealPlayer 10.x

Description:
A vulnerability has been discovered in RealPlayer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a signedness error in MPAMedia.dll when handling playlist names. This can be exploited to cause a stack-based buffer overflow by e.g. importing a file into a specified playlist with an overly long name via the "Import()" method of the IERPCtl ActiveX control (ierpplug.dll).

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is currently being actively exploited.

Solution:
Apply patch for RealPlayer 10.5 and 11 beta:
http://service.real.com/realplayer/security/191007_player/en/securitydb.rnx

The vendor recommends users of RealPlayer 10 and RealOne v1 and v2 to upgrade to version 10.5 and apply the patch.

NOTE: According to the vendor, RealPlayer 8 and prior versions for Windows are not affected. Versions for Macintosh and Linux are also not affected.

Provided and/or discovered by:
Reported as a 0-day.

Original Advisory:
RealNetworks:
http://service.real.com/realplayer/security/191007_player/en/

Other References:
US-CERT VU#871673:
http://www.kb.cert.org/vuls/id/871673

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - October 22, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - October 22, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
SUSE Updates for Multiple Packages
by Marianna Schmudlach / October 22, 2007 2:40 AM PDT

Secunia Advisory: SA27271
Release Date: 2007-10-22


Critical:
Moderately critical
Impact: Security Bypass
Spoofing
Privilege escalation
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SuSE eMail Server 3.x
SUSE Linux 10
SUSE Linux 10.1
SUSE Linux Enterprise Server 10
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server 8
SUSE Linux Enterprise Server 9
SuSE Linux Openexchange Server 4.x
SuSE Linux Standard Server 8


Description:
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges, and by malicious people to conduct spoofing attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

For more information:
SA20100
SA25878
SA26229
SA26351
SA26894
SA27129

Solution:
Fixed packages are available on the SUSE FTP server and via the YaST Online Update.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

Other References:
SA20100:
http://secunia.com/advisories/20100/

SA25878:
http://secunia.com/advisories/25878/

SA26229:
http://secunia.com/advisories/26229/

SA26351:
http://secunia.com/advisories/26351/

SA26894:
http://secunia.com/advisories/26894/

SA27129:
http://secunia.com/advisories/27129/

Collapse -
Bacula MySQL Director Password Disclosure Weakness
by Marianna Schmudlach / October 22, 2007 2:41 AM PDT

Secunia Advisory: SA27243
Release Date: 2007-10-22


Critical:
Not critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Unpatched


Software: Bacula 1.x

Description:
Matthijs Kooijman has reported a weakness in Bacula, which can be exploited by malicious, local users to disclose potentially sensitive information.

The weakness is caused due to the "make_catalog_backup" script using the MySQL password as command line argument when invoking other programs. This can be exploited to disclose the password via e.g. the "ps" command.

Note: In case of an error, the script may also send the MySQL password in an unencrypted email, which can be exploited to disclose the password via sniffing attacks.

Solution:
Grant only trusted users access to affected systems. Disable the email message notification.

Provided and/or discovered by:
Reported in a Debian bug by Matthijs Kooijman.

Original Advisory:
Bacula bug:
http://bugs.bacula.org/view.php?id=990

Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809

Collapse -
Red Hat update for firefox
by Marianna Schmudlach / October 22, 2007 2:43 AM PDT

Secunia Advisory: SA27276
Release Date: 2007-10-22


Critical:
Highly critical
Impact: Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

For more information:
SA25904
SA26288
SA27311

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-0979.html

Other References:
SA25904:
http://secunia.com/advisories/25904/

SA26288:
http://secunia.com/advisories/26288/

SA27311:
http://secunia.com/advisories/27311/

Collapse -
SUSE update for Mozilla Firefox
by Marianna Schmudlach / October 22, 2007 2:44 AM PDT

Secunia Advisory: SA27298
Release Date: 2007-10-22


Critical:
Highly critical
Impact: Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for Mozilla Firefox. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

For more information:
SA20442
SA25904
SA26288
SA27311

Solution:
Apply updated packages.

Original Advisory:
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Other References:
SA20442:
http://secunia.com/advisories/20442/

SA25904:
http://secunia.com/advisories/25904/

SA26288:
http://secunia.com/advisories/26288/

SA27311:
http://secunia.com/advisories/27311/

Collapse -
Nagios Cross-Site Scripting Vulnerability
by Marianna Schmudlach / October 22, 2007 2:46 AM PDT

Secunia Advisory: SA27316
Release Date: 2007-10-22


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Nagios 2.x



Description:
A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to unspecified parameters in the CGI scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 2.10.

Solution:
Update to version 2.10.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.nagios.org/development/changelog.php#2x_branch

Collapse -
Red Hat update for kernel
by Marianna Schmudlach / October 22, 2007 2:47 AM PDT

Secunia Advisory: SA27322
Release Date: 2007-10-22


Critical:
Moderately critical
Impact: Security Bypass
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Description:
Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and to cause a DoS (Denial of Service), and by malicious people to cause a DoS.

For more information:
SA25594
SA25895
SA26322
SA26935

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-0940.html

Other References:
SA25594:
http://secunia.com/advisories/25594/

SA25895:
http://secunia.com/advisories/25895/

SA26322:
http://secunia.com/advisories/26322/

SA26935:
http://secunia.com/advisories/26935/

Collapse -
Red Hat update for thunderbird
by Marianna Schmudlach / October 22, 2007 2:48 AM PDT

Secunia Advisory: SA27325
Release Date: 2007-10-22


Critical:
Highly critical
Impact: Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4



Software: RHEL Optional Productivity Applications (v. 5 server)



Description:
Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

For more information:
SA25904
SA26288
SA27311
SA27313

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2007-0981.html

Other References:
SA25904:
http://secunia.com/advisories/25904/

SA26288:
http://secunia.com/advisories/26288/

SA27311:
http://secunia.com/advisories/27311/

SA27313:
http://secunia.com/advisories/27313/

Collapse -
Debian update for icedove
by Marianna Schmudlach / October 22, 2007 2:50 AM PDT

Secunia Advisory: SA27326
Release Date: 2007-10-22


Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Partial Fix


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for icedove. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.

For more information:
SA26096
SA26288
SA27313

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2007/msg00166.html

Other References:
SA26096:
http://secunia.com/advisories/26096/

SA26288:
http://secunia.com/advisories/26288/

SA27313:
http://secunia.com/advisories/27313/

Collapse -
Red Hat update for seamonkey
by Marianna Schmudlach / October 22, 2007 2:51 AM PDT

Secunia Advisory: SA27327
Release Date: 2007-10-22


Critical:
Highly critical
Impact: Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
RedHat Linux Advanced Workstation 2.1 for Itanium

Description:
Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, conduct phishing attacks, manipulate certain data and compromise a user's system.

For more information:
SA25904
SA26288
SA27311
SA27315

Solution:
Updated packages are available in Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2007-0980.html

Other References:
SA25904:
http://secunia.com/advisories/25904/

SA26288:
http://secunia.com/advisories/26288/

SA27311:
http://secunia.com/advisories/27311/

SA27315:
http://secunia.com/advisories/27315/

Collapse -
Cisco Products EAP Denial of Service Vulnerability
by Marianna Schmudlach / October 22, 2007 2:53 AM PDT

Secunia Advisory: SA27329
Release Date: 2007-10-22


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Cisco CATOS 6.x
Cisco CATOS 7.x
Cisco CATOS 8.x
Cisco IOS 12.x
Cisco IOS R12.x

Description:
A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the implementation of Extensible Authentication Protocol (EAP) when processing a specially crafted EAP Response Identity packet. This can be exploited to reboot an affected device.

The vulnerability affects the following products:
* Wireless EAP 12.3.JA, 12.3.JEA, 12.3.JEB, 12.3.JEC and 12.4.JA
* Wired EAP (Cisco IOS) 12.1 and 12.2
* Wired EAP (Cisco CatOS) 6.x, 7.x and 8.x

Solution:
Update to a fixed version (see vendor advisory for details).
http://www.cisco.com/warp/public/707/cisco-sr-20071019-eap.shtml

Provided and/or discovered by:
The vendor credits Laurent Butti, Julien Tinn

Collapse -
Red Hat update for openssl
by Marianna Schmudlach / October 22, 2007 2:54 AM PDT

Secunia Advisory: SA27330
Release Date: 2007-10-22


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux WS 3
RedHat Linux Advanced Workstation 2.1 for Itanium

Description:
Red Hat has issued an update for openssl. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

For more information:
SA22130

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2007-0813.html

Other References:
SA22130:
http://secunia.com/advisories/22130/

Collapse -
Warpzilla Enhanced Multiple Vulnerabilities
by Marianna Schmudlach / October 22, 2007 2:55 AM PDT

Secunia Advisory: SA27333
Release Date: 2007-10-22


Critical:
Highly critical
Impact: Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: Warpzilla Enhanced Gecko 1.x

Description:
Some vulnerabilities and a weakness have been reported in Warpzilla Enhanced, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

For more information:
SA27311

Solution:
Update to version Gecko 1.8.1.8.
http://sourceforge.net/project/showfi...ckage_id=215808&release_id=548270

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=548270

Other References:
SA27311:
http://secunia.com/advisories/27311/

Collapse -
Debian update for xulrunner
by Marianna Schmudlach / October 22, 2007 2:57 AM PDT

Secunia Advisory: SA27336
Release Date: 2007-10-22


Critical:
Highly critical
Impact: Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Partial Fix


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for xulrunner. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.

For more information:
SA25904
SA27311

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2007/msg00167.html

Other References:
SA25904:
http://secunia.com/advisories/25904/

SA27311:
http://secunia.com/advisories/27311/

Collapse -
ASP Site Search SearchSimon Lite "QUERY" Cross-Site Scriptin
by Marianna Schmudlach / October 22, 2007 2:58 AM PDT

Secunia Advisory: SA27337
Release Date: 2007-10-22


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: ASP Site Search SearchSimon Lite 1.x

Description:
Aria-Security has reported a vulnerability in ASP Site Search SearchSimon Lite, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the search script via the "QUERY" parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Aria-Security Team

Collapse -
Gentoo update for tramp
by Marianna Schmudlach / October 22, 2007 2:59 AM PDT

Secunia Advisory: SA27343
Release Date: 2007-10-22


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for tramp. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

For more information:
SA27244

Solution:
Update to:
"app-emacs/tramp-2.1.10-r2" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200710-22.xml

Other References:
SA27244:
http://secunia.com/advisories/27244/

Collapse -
Gentoo update for tikiwiki
by Marianna Schmudlach / October 22, 2007 3:01 AM PDT

Secunia Advisory: SA27344
Release Date: 2007-10-22


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for tikiwiki. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27190

Solution:
Update to:
"www-apps/tikiwiki-1.9.8.1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml

Other References:
SA27190:
http://secunia.com/advisories/27190/

Collapse -
Simple Machines Forum SQL Injection Vulnerabilities
by Marianna Schmudlach / October 22, 2007 3:02 AM PDT

Secunia Advisory: SA27346
Release Date: 2007-10-22


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Simple Machines Forum 1.x

Description:
Michael Brooks has reported some vulnerabilities in Simple Machines Forum, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.

Input passed to certain parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows to e.g. disclose the hash of the administrator password.

The vulnerabilities are reported in versions prior to 1.0.12 and 1.1.4.

Solution:
Update to version 1.0.12 or 1.1.4.

Provided and/or discovered by:
Michael Brooks

Original Advisory:
Simple Machines Forum:
http://www.simplemachines.org/community/index.php?topic=196380.0

http://milw0rm.com/exploits/4547

Collapse -
Vanilla SQL Injection Vulnerabilities
by Marianna Schmudlach / October 22, 2007 3:03 AM PDT

Secunia Advisory: SA27348
Release Date: 2007-10-22


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Vanilla 1.x

Description:
InATeam has reported some vulnerabilities in Vanilla, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "CategoryID" parameter in ajax/sortcategories.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

NOTE: Reportedly, ajax/sortroles.php is also affected.

The vulnerabilities are reported in version 1.1.3. Other versions may also be affected.

Solution:
Update to version 1.1.4.
http://getvanilla.com/download/

Provided and/or discovered by:
InATeam

Original Advisory:
http://milw0rm.com/exploits/4548

Collapse -
Mono System.Web StaticFileHandler.cs Source Code Disclosure
by Marianna Schmudlach / October 22, 2007 3:05 AM PDT

Mono System.Web StaticFileHandler.cs Source Code Disclosure Vulnerability

Secunia Advisory: SA27349
Release Date: 2007-10-22


Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Workaround


Software: Mono 1.x

Description:
A vulnerability has been reported in Mono, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error within StaticFileHandler.cs in System.Web when handling requests to files containing trailing spaces or dots. This can be exploited to e.g. view the source code of a requested page via a specially-crafted request with a filename ending in spaces or dots.

Solution:
Fixed in revision 87715.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://anonsvn.mono-project.com/viewc...m.Web/System.Web/StaticFileHandler.cs

Collapse -
Adobe Reader 8.1 update available
by Marianna Schmudlach / October 22, 2007 9:08 AM PDT

Published: 2007-10-22,
Last Updated: 2007-10-22 20:58:04 UTC
by donald smith (Version: 1)
Thanks to Roseman for bringing this to our attention.

From http://www.adobe.com/support/security/bulletins/apsb07-18.html

"Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat

Release date: October 22, 2007

Vulnerability identifier: APSB07-18

CVE number: CVE-2007-5020

Platform: Windows XP (Vista users are not affected) with Internet Explorer 7 installed

Affected software versions: Adobe Reader 8.1 and earlier, Adobe Reader 7.0.9 and earlier
Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions, Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier"

The acrobat patch is available here http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

The reader patch is available here http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

Fellow handler Swa covered this vulnerability and a workaround for it in this diary http://isc.sans.org/diary.html?storyid=3477



http://isc.sans.org/

Collapse -
BitDefender, GSView and cURL are vulnerable due to obsolete
by Marianna Schmudlach / October 22, 2007 9:11 AM PDT

BitDefender, GSView and cURL are vulnerable due to obsolete compression library

Versions of the zlib compression library containing vulnerabilities identified over two years ago are still in use...

More: http://www.heise-security.co.uk/news/97721

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?