Critical Windows XP Update in 2019

Yes, another Windows XP update. Yes, in 2019.

Remote Code Execution (RCE) vulnerability CVE-2019-0708 exists in the Remote Desktop Protocol (RDP). Exploiting this vulnerability would allow an unauthenticated attacker to run arbitrary code on an affected system. This type of vulnerability is potentially wormable due to the lack of authentication and pervasiveness of the RDP service. Although a proof-of-concept exploit has not yet been disclosed, this vulnerability should be remediated with very high priority across Windows 7, Server 2008, and Server 2008 R2. Due to the high risk of this vulnerability, Microsoft has also issued patches for Windows XP and Server 2003.

Windows XP SP3, 32-bit:

Server 2003 / 2003 R2, 32-bit:

Server 2003 / 2003 R2, 64-bit:

Firefox Themes

One of my favorite themes for Google Chrome is "Zen Spring". Google only made it for Chrome, but I also wanted it for Firefox! Since I couldn't find a pre-made theme, I went ahead and made one.

My first attempt was using Firefox's online theme maker. That one places images on the right, so I just fed it the original Zen Garden image.

For my second attempt, I tried to clean up the source image and then put together a proper theme using a manifest file (so that the tree image was on the left, like in the original theme).

You can click the preview images to go to the Firefox site to download them.

Microsoft finally lets you customize console colors.

This has taken way longer than it should have, but Microsoft finally released a tool to make it easy to change console color schemes (similar to what has been in many Linux desktop managers for years).

By default, the console window uses an awful default color scheme (dark blue text on a black background is really hard to see). I recommend the OneHalfDark scheme.

Download ColorTool from Microsoft.

Here are some screenshots of how it looks on my system.

Windows Meltdown patches

More information on Meltdown (CVE Identifier: CVE-2017-5754):

Here's the KB numbers and download links for the currently-supported versions of Windows.
This is supposed to have auto-installed on Windows 10 / Server 2016 already (if automatic updates is enabled), but it won't show up in Windows Updates for older Windows versions until next week (Patch Tuesday, January 9th), though.

Working code to exploit Meltdown is already in the wild, and apparently a system can be compromised just by visiting a website with something as simple as an embedded malicious JavaScript file.

Windows 10 (1709) and Server 2016 (1709): KB4056892

Windows 10 (1607) and Server 2016 (1607): KB4056890

Windows 8.1 and Server 2012 R2: KB4056898

Windows 7 and Server 2008 R2: KB4056897

KBs for other Windows 10 builds:

Windows 10 (1703): KB4056891
Windows 10 (1511): KB4056888
Windows 10 (1507): KB4056893

I haven't seen any mention of updates for Windows 8, 2012, Vista, 2003 R2, 2003, or XP, and I doubt there will be any official releases fixed for those. Those systems were already considered insecure for web usage, and now even more so.