MS Security Advisory 4022344
FYI...
MS Security Advisory 4022344
Security Update for Microsoft Malware Protection Engine
- https://technet.microsoft.com/en-us/...y/4022344.aspx
May 8, 2017 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system... Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
___
- http://www.infoworld.com/article/319...virus-bug.html
May 9, 2017 - "... critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012..."
- http://www.securitytracker.com/id/1038419
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-0290
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
- https://support.microsoft.com/kb/2510781
___
- http://www.securitytracker.com/id/1038420
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-0290
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13704.0), available via automatic update.
The vendor has also provided information on how to manually update the Microsoft Malware Protection Engine, available at:
- https://support.microsoft.com/kb/2510781
___
- https://www.us-cert.gov/ncas/current...ecurity-Update
May 08, 2017
:fear::fear:
MS Security Updates - May 2017
FYI...
MS Security Updates - May 2017
- https://portal.msrc.microsoft.com/en...urity-guidance
May 9, 2017
> https://portal.msrc.microsoft.com/en...idance/summary
- https://portal.msrc.microsoft.com/en...a-000d3a32fc99
May 09, 2017 - "The May security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
NET Framework
Adobe Flash Player ..."
- https://blogs.technet.microsoft.com/...pdate-release/
May 9, 2017
Coming together to address Encapsulated PostScript (EPS) attacks
- https://blogs.technet.microsoft.com/...t-eps-attacks/
May 9, 2017
"... Related links:
CVE-2017-0261: https://portal.msrc.microsoft.com/en.../CVE-2017-0261
CVE-2017-0262: https://portal.msrc.microsoft.com/en.../CVE-2017-0262
CVE-2017-0263: https://portal.msrc.microsoft.com/en.../CVE-2017-0263
Enterprise customers can check here* to see if they have the latest Office 365 updates."
* https://technet.microsoft.com/en-us/office/mt465751
MS Malware Protection Engine Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en.../CVE-2017-0290
Internet Explorer Memory Corruption Vuln
> https://portal.msrc.microsoft.com/en.../CVE-2017-0222
Scripting Engine Memory Corruption Vuln
> https://portal.msrc.microsoft.com/en.../CVE-2017-0229
Windows SMB Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en.../CVE-2017-0277
Windows SMB Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en.../CVE-2017-0278
Windows SMB Remote Code Execution Vuln
> https://portal.msrc.microsoft.com/en.../CVE-2017-0279
Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
> https://technet.microsoft.com/library/security/4010323
May 9, 2017
___
May 2017 Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
May 9, 2017 - "... This month, there are -36- security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4020152*.
* https://support.microsoft.com/en-us/...crosoft-office
Last Review: May 9, 2017 - Rev: 10
A new version of Office 2013 Click-To-Run is available: 15.0.4927.1002
A new version of Office 2010 Click-To-Run is available: 14.0.7181.5002"
___
Microsoft Security Bulletin MS17-013 - Critical
Security Update for Microsoft Graphics Component (4013075)
- https://technet.microsoft.com/en-us/...urity/MS17-013
V3.0 (May 9, 2017): "Microsoft has re-released security update 4017018 for affected editions of Windows Server 2008. The re-release has been re-classified as a security update. Microsoft recommends that customers should install update 4017018 to be fully protected from CVE-2017-0038. Customers who have already installed the update do not need to take any further action.
In addition, this security update correction also applies to Windows Server 2008 for Itanium-based Systems."
___
CVE-2017-0290: http://www.securitytracker.com/id/1038419
- http://www.securitytracker.com/id/1038420
CVE-2017-0064: http://www.securitytracker.com/id/1038447
CVE-2017-0077: http://www.securitytracker.com/id/1038454
CVE-2017-0175: http://www.securitytracker.com/id/1038452
CVE-2017-0190: http://www.securitytracker.com/id/1038451
CVE-2017-0213: http://www.securitytracker.com/id/1038457
CVE-2017-0220: http://www.securitytracker.com/id/1038445
CVE-2017-0222: http://www.securitytracker.com/id/1038423
CVE-2017-0227, CVE-2017-0240: http://www.securitytracker.com/id/1038424
CVE-2017-0228: http://www.securitytracker.com/id/1038425
CVE-2017-0228: http://www.securitytracker.com/id/1038426
CVE-2017-0231: http://www.securitytracker.com/id/1038455
- http://www.securitytracker.com/id/1038456
CVE-2017-0234, CVE-2017-0236: http://www.securitytracker.com/id/1038431
CVE-2017-0244: http://www.securitytracker.com/id/1038453
CVE-2017-0246, CVE-2017-0263: http://www.securitytracker.com/id/1038449
CVE-2017-0248: http://www.securitytracker.com/id/1038458
CVE-2017-0254: http://www.securitytracker.com/id/1038443
CVE-2017-0258: http://www.securitytracker.com/id/1038446
CVE-2017-0261: http://www.securitytracker.com/id/1038444
CVE-2017-0265: http://www.securitytracker.com/id/1038448
CVE-2017-0267, CVE-2017-0271, CVE-2017-0275: http://www.securitytracker.com/id/1038432
CVE-2017-0269, CVE-2017-0273: http://www.securitytracker.com/id/1038433
___
MS Security Advisory 4021279
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/...curity/4021279
Updated: May 10, 2017
V1.1 (May 10, 2017): "Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only."
___
Description of Software Update Services and Windows Server Update Services changes in content for 2017
- https://support.microsoft.com/en-us/...ntent-for-2017
Last Review: May 9, 2017 - Rev: 64
___
Qualys Analysis:
- https://blog.qualys.com/laws-of-vuln...ulnerabilities
May 9, 2017 - "... In today’s patch Tuesday update Microsoft released a total of -57- vulnerability fixes. Highest priority should go to patching 0-day issues which are actively exploited. On top of our list is the Office patch for CVE-2017-0261 which is triggered when a victim opens an office file containing malformed graphics image. The file could be delivered via email or any other means. As this is actively exploited in the wild and attackers can take complete control of the victim system this should be treated with priority...
In Summary today’s release fixed 3 actively exploited and 4 publicly disclosed issues including the malware protection engine, Office, IE, Edge and SMB vulnerabilities."
ISC Analysis:
- https://isc.sans.edu/diary.html?storyid=22396
2017-05-09
ghacks Analysis:
- https://www.ghacks.net/2017/05/09/mi...-2017-release/
May 9, 2017 [See 'Executive Summary']
- https://www.thezdi.com/blog/2017/5/5...-update-review
May 09, 2017 - "... table of all CVEs released by Microsoft for May, 2017..."
- https://www.askwoody.com/2017/patch-...s-rolling-out/
May 09, 2017
___
- https://www.us-cert.gov/ncas/current...curity-Updates
May 09, 2017 - "Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.
US-CERT encourages users and administrators to review Microsoft's May 2017 Security Update Summary* and Deployment Information** and apply the necessary updates."
* https://portal.msrc.microsoft.com/en...idance/summary
** https://support.microsoft.com/en-us/...ion-may-9-2017
Last Review: May 9, 2017 - Rev: 22
.
MS Security Advisory 4022345 - Windows Update client
FYI...
MS Security Advisory 4022345
Identifying and correcting failure of Windows Update client to receive updates
- https://technet.microsoft.com/en-us/...curity/4022345
May 9, 2017 - "Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. This scenario may affect customers who installed a Windows 10 or Windows Server 2016 operating system, and who have never interactively logged in to the system or connected to it through remote desktop services. These systems may not receive Windows updates until a user has completed initial setup by interactively logging in or by logging in through remote desktop services..."
V1.0 (May 9, 2017): Advisory published.
V1.1 (May 10, 2017): Advisory updated to include Logon Type 2 Security Event Log entries. This is an informational change only.
V1.2 (May11, 2017): Advisory updated to clarify the WSUS environment. This is an informational change only.
V1.3 (May 17, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”...
:fear::fear:
Updating MS antimalware and antispyware software - Win10
FYI...
Updating MS antimalware and antispyware software...
> https://www.microsoft.com/en-us/secu...dl.aspx#manual
May 16, 2017 - "... Force a daily update:
If you want Windows to update your software, go to Windows Update or:
Open your Microsoft security software.
Click the Update tab.
Click the Update button.
>> https://www.microsoft.com/en-us/CMSI...2-0011b7504d55
... Manually download the latest updates:
If you need to get the latest updates available, you can download and install them from here.
For all Microsoft security software, you will need to download the antimalware and antispyware updates.
Antimalware and antispyware updates:
For antimalware and antispyware, the latest definitions are 1.243.529.0, dated May 16, 2017 6:2 PM UTC.
To download these updates:
1. Check whether your version of Windows is 32-bit or 64-bit.
2. In the table below, right-click on the link that will work for your version of Windows and choose Save target as... or Save link as...
3. Save the file to your Desktop.
4. When the file has finished downloading, go to your Desktop and double-click the file (it will be called mpam-fe.exe, mpas-fe.exe, or mpam-feX64.exe).
5. Follow the prompts to install the update..."
___
> https://www.microsoft.com/en-us/secu...s/default.aspx
"Windows Defender in Windows 10 and Windows 8.1, and Microsoft Security Essentials in Windows 7 and Windows Vista help protect your PC from malware and other threats in exactly the same way. You -can't- use Microsoft-Security-Essentials with Windows-10 or Windows 8.1. Windows Defender in Windows 10 and Windows 8.1 is built into Windows and ready to work as soon as you turn your PC on..."
> https://www.microsoft.com/en-us/safe...-defender.aspx
___
Do You Need [an Intel] Firmware Update?
- http://windowssecrets.com/windows-se...rmware-update/
May 11, 2017 - "For those of you with Intel processors, it’s time to see if you are vulnerable. Meanwhile we’re business as usual for Windows updates and Flash updates. And if you use Microsoft’s native antivirus protection, be sure that you’ve received the latest engine update to fix a critical flaw... Intel’s processors are vulnerable to a flaw in Intel’s Active management technology, Small Business Technology or Intel Standard Manageability software, and although I read that this “did not impact consumer PCs” I honestly ignored the warnings: 'I follow security best practices. This can’t impact my workstations'. And then I used the Intel Detection Tool* and determined that many of my workstations – especially in my office -did- have the vulnerable code in my systems. So much for best security practices! Fortunately, while I may have the vulnerable code, the 'Active management technology' is and was not ever -enabled- and I don’t have it set to be accessible from outside of my office. Thus I am not vulnerable to attack even though I may have the vulnerable code on my system. Nevertheless, I recommend that you scan your own system and see if it can detect what chipset you have and if you too may have the vulnerable software. Then contact or view the forums of your OEM vendors and see when they plan to release a bios update to fix this issue. Some like Dell** have posted a listing of impacted systems. HP*** also has a page where you can follow up with more information."
* https://downloadcenter.intel.com/download/26755
** http://en.community.dell.com/techcen...apers/20443914
*** http://www8.hp.com/us/en/intelmanageabilityissue.html
:fear::fear::fear:
Win7 SP1 KB4019264 Monthly Rollup / Win10 Creators Update
FYI...
Win7 SP1 and WinSvr2008 R2 SP1 - KB4019264 (Monthly Rollup)
> https://support.microsoft.com/en-us/...date-kb4019264
Last Review: May 23, 2017 - Rev: 33
___
Where’s My Win10 Creators Update?
- http://windowssecrets.com/windows-se...eators-update/
May 23, 2017 - "... 'already been tracking a few known issues such as Network printers* failing due to machines having less than 4 GBs of memory:
* https://answers.microsoft.com/en-us/...0-6827f813fa21
There’s also a known issue when certain antivirus is installed while the creator’s update is installed as noted in the Answers forum**. To work around this issue, make sure you update the antivirus or remove it and reinstall it.
** https://answers.microsoft.com/en-us/...d-43ecbcf526e9
Because the Creators Update is heavily reliant on 3D and video enhancements, I’m seeing that video drivers are the key item that may need to be updated. In fact a -known- issue with Nvidia video drivers, as noted in the forum***, showcases that you need to update your video drivers..."
*** https://answers.microsoft.com/en-us/...0-9dcb7e45cd9e
Win10’s recovery options:
- https://support.microsoft.com/en-us/...covery-options
Last Review: May 23, 2017 - Rev: 74
:fear::fear:
MS Malware Protection Engine - updated
FYI...
Security Update for MS Malware Protection Engine - Critical
- https://technet.microsoft.com/en-us/...curity/4022344
V1.0 (May 8, 2017): Advisory published.
V1.1 (May 11, 2017): Added link to the same information in the Security Update Guide. This is an informational change only.
V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.
"... For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781* ..."
> https://nvd.nist.gov/vuln/detail/CVE-2017-0290
Last revised: 05/25/2017
Microsoft Malware Protection Engine deployment info
* https://support.microsoft.com/en-us/...nt-information
> https://www.microsoft.com/en-us/secu.../whatsnew.aspx
> https://www.helpnetsecurity.com/2017...-engine-flaws/
May 30, 2017 - "... security issues have been fixed in version 1.1.13804.0 of the Microsoft Malware Protection Engine. The newest version of the engine is usually automatically downloaded and implemented by the security software that uses it... to verify whether the latest version of the MMPE and definition updates are being actively downloaded and installed for their Microsoft antimalware products can do so by clicking on the software’s Help tab, then choosing the 'About [that specific software]' option..."
- http://www.securitytracker.com/id/1038571
CVE Reference: CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
May 26 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 1.1.13704.0 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code with LocalSystem privileges on the target system.
A local user can prevent the target Microsoft Malware Protection Engine from monitoring the target system. A service restart is required to return the system to normal operations.
Solution: The vendor has issued a fix (1.1.13804.0)...
- http://www.securitytracker.com/id/1038572
- http://www.securitytracker.com/id/1038573
- http://www.securitytracker.com/id/1038574
:fear::fear:
MS Security Updates - June 2017
FYI...
MS Security Updates - June 2017
- https://portal.msrc.microsoft.com/en...urity-guidance
June 13, 2017
> https://portal.msrc.microsoft.com/en...idance/summary
Total items: 85 [June 14, 2017] / Total items: 88 [June 22, 2017] / Total items: 89 [June 23, 2017]
- https://portal.msrc.microsoft.com/en...b-000d3a32fc99
June 13, 2017 - "The June security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Silverlight
Skype for Business and Lync
Adobe Flash Player ..."
June 2017 security update release
- https://blogs.technet.microsoft.com/...pdate-release/
June 13, 2017
MS Security Advisory 4025685
Guidance related to June 2017 security update release
- https://technet.microsoft.com/librar...y/4025685.aspx
June 13, 2017
- http://www.securitytracker.com/id/1038667
CVE Reference: CVE-2017-8543
Jun 13 2017
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 2012, 8.1, 2012 R2, RT 8.1, 10, 10 Version 1511, 2016, 10 Version 1607, 10 Version 1703
Description: A vulnerability was reported in Windows Search. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted SMB data to trigger an object memory handling error in Windows Search and execute arbitrary code on the target system.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix.
- https://portal.msrc.microsoft.com/en.../CVE-2017-8543
___
June 2017 Office Update Release
- https://blogs.technet.microsoft.com/...pdate-release/
June 9, 2017 - "... This month, there are 51 security updates and 27 non-security updates. All of the security and non-security updates are listed in KB article 4023935*.
A new version of Office 2013 Click-To-Run is available: 15.0.4937.1000
A new version of Office 2010 Click-To-Run is available: 14.0.7182.5000"
* https://support.microsoft.com/en-us/...crosoft-office
Last Review: Jun 13, 2017 - Rev: 9
___
Additional references:
- http://www.securitytracker.com/id/1038659
- http://www.securitytracker.com/id/1038661
- http://www.securitytracker.com/id/1038662
- http://www.securitytracker.com/id/1038663
- http://www.securitytracker.com/id/1038664
- http://www.securitytracker.com/id/1038666
- http://www.securitytracker.com/id/1038667
- http://www.securitytracker.com/id/1038668
- http://www.securitytracker.com/id/1038669
- http://www.securitytracker.com/id/1038670
- http://www.securitytracker.com/id/1038671
- http://www.securitytracker.com/id/1038673
- http://www.securitytracker.com/id/1038674
- http://www.securitytracker.com/id/1038675
- http://www.securitytracker.com/id/1038676
- http://www.securitytracker.com/id/1038678
- http://www.securitytracker.com/id/1038680
- http://www.securitytracker.com/id/1038701
- http://www.securitytracker.com/id/1038702
Jun 15 2017
___
ghacks Analysis:
- https://www.ghacks.net/2017/06/13/mi...-2017-release/
June 13, 2017 - Microsoft Security Patches for June 2017 - [See 'Executive Summary']
- https://www.thezdi.com/blog/2017/6/1...-update-review
June 13, 2017 - [Scroll down to: 'Microsoft Patches for June 2017']
Qualys Analysis:
- https://blog.qualys.com/laws-of-vuln...ve-june-update
June 13, 2017 - "Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months... Overall its a large security update which is almost double as compared to last two months in the number of patched vulnerabilities. Actively exploited SMB issue CVE-2017-8543* and other Font, Outlook, Office, Edge and IE issues are sure to keep system administrators and security teams busy."
* https://portal.msrc.microsoft.com/en.../CVE-2017-8543
___
- https://www.us-cert.gov/ncas/current...curity-Updates
June 13, 2017
:fear::fear::fear:
MS Security Advisories 4025685, 4021558
FYI...
MS Security Advisory 4025685: Guidance for older platforms
- https://support.microsoft.com/en-in/...lder-platforms
Last Review: 19-Jun-2017 - Rev: 26
___
Cumulative security update for Internet Explorer
- https://support.microsoft.com/en-us/...r-june-13-2017
Last Review: Jun 23, 2017 - Rev: 5
"... Known issues in this security update:
When you print a specific iframe or frame in a web page, the print output may be blank, or text is printed that resembles the following:
404 – Not Found
(A frame is a part of a web page or browser window that displays content independent of its container. A frame can load content independently.)
This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.
There is currently no workaround for this issue. However, if you print the entire web page, it will print correctly.
Microsoft is researching this problem and will post more information in this article when the information becomes available."
___
Description of the security update for Outlook 2010
- https://support.microsoft.com/en-us/...010june13,2017
Last Review: Jun 20, 2017 - Rev: 19
"... Known issues in this security update: ..."
:fear::fear:
June 2017 Security Updates - 'Known Issues'
FYI...
June 2017 Security Updates
> https://portal.msrc.microsoft.com/en...b-000d3a32fc99
See: "... Known Issues..." ref. KB numbers listed
Jun 23, 2017
___
CVE-2017-8558 | MS Malware Protection Engine Remote Code Execution Vuln
- https://portal.msrc.microsoft.com/en.../CVE-2017-8558
6/23/2017
- http://www.securitytracker.com/id/1038783
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
The following product versions are affected:
Microsoft Endpoint Protection
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010
Windows Intune Endpoint Protection ...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...
- http://www.securitytracker.com/id/1038784
CVE Reference: CVE-2017-8558
Jun 23 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Microsoft Malware Protection Engine 1.1.13804.0 and prior ...
Microsoft Security Essentials is also affected...
Impact: A remote user can create content that, when scanned by the target application, will execute arbitrary code with LocalSystem privileges on the target system.
Solution: The vendor has issued a fix (Microsoft Malware Protection Engine 1.1.13903.0)...
CVE-2017-8529 | MS Browser Information Disclosure Vuln
- https://portal.msrc.microsoft.com/en.../CVE-2017-8529
Last Updated: 06/22/2017
v3.0 - 06/22/2017: Microsoft is announcing the release of update 4032782 for Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows Server 2012 R2 to address a known issue customers may experience when printing from Internet Explorer. Only customers who are experiencing print issues after installing Internet Explorer Cumulative update 4021558 should install update 4032782 because update 4032782 addresses the known issue by removing the protection from CVE-2017-8529. The update is available via the Microsoft Update Catalog only.
___
- http://windowssecrets.com/windows-se...rom-last-week/
June 22, 2017 - "... known issues have been documented... Office known issues... there will be an update expected on June 27th fixing the issue..."
:fear::fear::fear: