AskWoody

November 1 – basic auth is really being shut off

PK reminded me of this the other day:

New minimum Outlook for Windows version requirements for Microsoft 365 – Microsoft Tech Community

What is it?

Microsoft is finally (after a delay due to the pandemic) shutting off “basic” authentication to Microsoft 365. So if you have an older Outlook that you are using to access Microsoft 365 this will impact you as there is no longer any grace period. Basic authentication is older, less secure way of passing usernames and passwords to the hosted email.  Attackers go after basic authentication and can gain access, thus it’s EXTREMELY good that they are FINALLY shutting this off once and for all. But that said, it doesn’t make it easier for you if you love Outlook 2010.

But I don’t have Microsoft 365, what do I care?

Ah but do you have your email through a service like Godaddy which these days uses Microsoft 365 on the back end? I’ve also seen some ISPs offer their email through Microsoft 365.

Bottom line if you use an older Outlook – like Outlook 2007 or 2010 you need to migrate off of those desktop versions if you connect to Microsoft hosted email.

Remember if you are not a fan of the newer Outlook there are other options including the web based version of Outlook but be aware that Thunderbird may not work, especially in a business setting.

How can I know what my ISP uses?

I’d check their help forums (yea, I know that’s not a great answer), or ask here and we’ll see if we can figure it out for you!  I’ll remind you again in the newsletter when it gets closer to November 1.

September 2021 – it’s patch day!

This week is clearly “patch the zero day” week.  Yesterday we had Apple, also Chrome fix several zero days.

Today we have the Microsoft version.  Now while Adobe doesn’t have any zero days in their release bundle, if you are (still) a user of Adobe Acrobat or Reader, you’ll be getting and wanting an update.

Today we are fixing the Microsoft zero day MSHTML vulnerability I wrote about the other day. If you used the registry key to protect yourself, when I give the all clear I’ll remind you to undo that.

One thing I’m not clear on from initial read of my usual sources of Dustin Childs and Bleeping computer is the situation with the print spooler. There are more print spooler bugs being fixed – but are they the ones we were concerned about that were carried over from prior months that kept me urging you to keep the print spooler service disabled? I’ll be digging into that question.

Stay tuned, deeper analysis by this weekend.

As always for those that DO have a backup, like to be the beta testers for the rest of us, do let us know of any issues you see. In the meantime I’ll be watching and accumulating the facts – and not the rumors – as we always do here on AskWoody.

—

Don’t forget to sign up for either the twitter alerts or the newly minted text alerts:

Want to get alerted when the AskWoody MS-DEFCON status changes?

MS-DEFCON Alert system

If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

Security patches for Apple – Sept 13

Security patches for Apple:

https://support.apple.com/en-us/HT212807

Apple is patching two “in the wild” zero days – 1 in CoreGraphics (aka CVE-2021-30860) and 1 in WebKit (CVE-2021-30858)

Patches for iOS 14.8 and iPadOS 14.8

1 zero-day fixed in Security Update 2021-005 Catalina
2 zero-days fixed in macOS Big Sur 11.6

2 zero-days fixed in iOS and iPadOS 14.8

Judge halts over-the-air TV streaming by Locast

ISSUE 18.35 • 2021-09-13

PUBLIC DEFENDER

By Brian Livingston

A nonprofit organization that uses the Internet to stream live, over-the-air television signals to digital devices has suspended its service throughout the United States after a federal district-court judge ruled that the offering didn’t fully comply with an exception Congress wrote into the US Copyright Act.

Read the full story in the AskWoody Plus Newsletter 18.35.0 (2021-09-13).
This story also appears in the AskWoody Free Newsletter 18.35.F (2021-09-13).

Where OneDrive really (really!) shines

LANGALIST

By Fred Langa

AskWoody’s recent coverage amply illustrated OneDrive’s drawbacks and hassles, but there are instances where OneDrive (and similar cloud-based apps) are truly spectacular aids.

For example, OneDrive can speed some setup and reinstallation chores by a literal order of magnitude, cutting down to mere minutes some tasks that used to take hours!

Read the full story in the AskWoody Plus Newsletter 18.35.0 (2021-09-13).

Still emailing documents?

MICROSOFT 365

By Peter Deegan

Online collaboration with Microsoft 365 is a lot easier — and faster, too.

Document collaboration is now possible and practical in Word, Excel, PowerPoint, and OneNote. By “practical,” I mean that the features work well in the real world, not just in Microsoft marketing’s fantasyland. Let’s look at the basics of using Office sharing with other people and, especially, with yourself.

Read the full story in the AskWoody Plus Newsletter 18.35.0 (2021-09-13).

The Windows Start menu: Trials and tribulations

WINDOWS

By Lance Whitney

Don’t get me started: Windows 11 saddles us with yet another major change to the always vital but never quite right Start menu.

Another version of Windows, another version of the Start menu. With Windows 11, Microsoft has unveiled its most dramatic change in years to a feature that’s always been a core part of Windows. Instead of the traditional vertical list of all the apps installed on your PC, we get a sparse, boxy window with links only to pinned and recommended apps. Getting to all your apps requires an additional step.

Read the full story in the AskWoody Plus Newsletter 18.35.0 (2021-09-13).

PrintNightmare still a nightmare for patchers

PATCH WATCH

By Susan Bradley

As we start to ready ourselves for the September updates, we’re still haunted by the PrintNightmare issues from the August updates.

The good news for home users and consumers is that we haven’t seen the August updates triggering side effects with printers. For business users, there are still issues requiring vigilance.

Read the full story in the AskWoody Plus Newsletter 18.35.0 (2021-09-13).

20 years ago

(USA centric post)

My first airplane flight to San Francisco – back when you dressed up for airline travel

I’ve always been a fan of travelling. Cars, Trains, Planes. The anticipation is part of the fun. And with planes I’ve always been amazed at how this metal heavy thing can start down this pavement and magically lift off and …well…. fly. When an impressive plane flew over my house as a child, I’d stop.  I’d look up and marvel at the technology that the Wright Brothers had started us down the road to have. Being on the West coast of the Country my only complaint about flying is that I wish we would invent time travelling as I have to get up extremely early to take flights heading east.  Over time I got lulled into taking the sights and sounds of an Airplane taking off as normal and wouldn’t bother to stop and look up.

What I remember from the days after 20 years ago was the quiet in the days after. I live in an area of my city where the planes typically take off over my head regularly. When the wind shifts and rain is forecasted the planes come in for landing over my house. I work next to the Airport so the sounds of planes taking off and landing is a normal sound that normally I take for granted and tend to tune out. So when all of the planes flying that day were grounded it went strangely quiet. Very very quiet. For the next few minutes and hours the only planes I heard were ones from our local Air National Guard that initially were scrambling to track and follow planes that were not following the diversion orders. Instead of their lazy oval where they would swing towards the Sierra Nevada mountain range and back to the Airport like they would normally do, they went due West to the Coast.

For the next several days and nights the only jet sounds I heard was the air national guard and the after burner boost they’d kick in when climbing to patrol the California coastline. Needless to say it was eerie to just hear those jets and no other Airplane in the sky. No Cessnas, no Commercial Jets, no Propellers.

I knew of several folks that were at an industry conference that had to scramble to find ways home (including trains and cars) because planes were grounded for several days. When the airline traffic got back to “normal” several days later, that 6 a.m United flight that took off over my house made me pause once again and look up. It was honestly reassuring to hear that flight take off.

So as we come up to the 20th anniversary, I’m looking at the technological aspects of the anniversary. Some of the iconic historical coverage is now lost due to the loss of Flash in our browsers. We now have much more technology than we did back then to be able to communicate with each other (some might argue that social media is not such a good thing).

The loss of life is incalculable. But I also grieve at the loss we have now of how the Internet is dividing us more than it should.  On this anniversary take the time to stop. Look up the next time you see an Airplane. Marvel at the technology it now uses to be where it’s at. But at the same time, enjoy life. Because you never know.

(Note: I’m skipping the tasks for the weekend in honor of the anniversary – I’m doing step by step posts on setting up EaseUS and Macrium to make sure you do a backup before the upcoming patching week.)

Zero day CVE 2021-40444

What is it?

It’s (yet another) zero day attack that is a TARGETED only attack using Office and RTF file  to take ownership of your machine. Microsoft has updated it’s security advisory with mitigation advice.

Who is getting attacked?

At this time just targeted folks – meaning large companies, governmental entities, I’m not seeing widespread buzz that it’s being widely seen. I’m not seeing chatter that it’s impacting smaller firms or individual users at this time.

What if I want to protect myself just in case?

I’ve put together a registry key to fully enable all of the protections which include disabling word documents and rtf files in the preview pane.

To enable this protection click on THIS registry file.

Download THIS file to reenable it should Microsoft patch it next Tuesday.

What does the enable registry key do?

I bundled all of the settings included in that advisory in one reg file.   Note while I did include the setting for removing [-HKEY_CLASSES_ROOT\.docm\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]  for the docm value in my registry my system didn’t have that value from the get go. Yours may have it so I’ve included it in the registry file.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
“1001”=dword:00000003
“1004”=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
“1001”=dword:00000003
“1004”=dword:00000003

[-HKEY_CLASSES_ROOT\.docx\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]

[-HKEY_CLASSES_ROOT\.doc\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]

[-HKEY_CLASSES_ROOT\.rtf\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]

What does the reenable reg file do?

It removes the Internet Settings and then puts all of those values regarding ShellEx back.

Are there any side effects after making these registry changes?

Honestly I didn’t see any, but then again, I don’t enable the preview pane in Windows Explorer in the first place.  I’ve only enabled it if I have a special project and I need to see a bunch of images. 99.9999999% of the time I don’t have it enabled.

So why aren’t you sending out an AskWoody alert?

Well I strongly believe that the AskWoody folks are smarter than the average bear. You know that you shouldn’t be clicking blindly on Office files. You know you shouldn’t be blindly opening up .rtf files. You probably don’t turn on preview pane in Windows explorer anyway.  I don’t. I find that it slows my computer down.  We know not to turn on preview pane in Outlook.

Bottom line, if I see more chatter and change my mind I’ll let you know. But for now, I know that you are too smart to fall for this.  Look for more information in Monday’s newsletter.

(Impacts all supported versions of Windows including Windows 11)

Want to get alerted when the AskWoody MS-DEFCON status changes?

MS-DEFCON Alert system

If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

Where’s the security?

…so the average Windows 11 user launches Xbox game pass (extra fee), launches into teams (extra subscription), searches for hummingbird, falls into a museum (I don’t get that?), does a dance off in a video (keeping in mind that HEVC codecs are not included in Windows so …. how are we watching the teacher giving the tango lesson?)

Uh… where’s the security? Isn’t that what we’re buying this for?

(in the fine print:  Apps and services sold separately)

MS-DEFCON 2: September – here we go again

ISSUE 18.35.1 • 2021-09-09 By Susan Bradley It’s time to start getting ready for Windows 11. The countdown is on to the release of Windows 11 on October 5, and it’s the time of the month when I urge you to take actions to ensure you are ready to install updates when you want to. The security updates this month begin the process of introducing group policy settings to control Windows 11, as well as Intune policy settings. But never fear — we will provide you all the information you need to either avoid or embrace Windows 11, as you see fit. Consumer and home users First, and as I always recommend when we get close to the second Tuesday of the month (now infamously known as Patch Tuesday), make sure that your backup is working properly. Open whatever backup software you use, and review the log of recent actions to confirm that the backup is running and backing up as it should. At a minimum, browse your backup location to see whether the file dates in that location are recent. Next, decide what type of patcher you are. If you have spare machines and know you have a solid backup, you could actually be in the patcher category “Extreme” — because you let Windows install updates on its own terms and you simply review for side effects afterward. There are quite a few AskWoody Plus members who do exactly this, because they know that a good backup allows them to recover from updates, just as it protects them from ransomware. The next patcher category is “Deferral.” Go into Start, Settings, Update &  Security, Advanced options and choose September 28 as your deferral date, the date when you allow Windows to do its thing. Next? “Cautious.” For this group, I recommend the use of WUMgr to control updates. You can review how to use this tool in the forums. Business users I predict that I’ll be urging business patchers to install updates no later than September 21, 2021. For now, I don’t anticipate that Microsoft will be providing solutions to the mess that they introduced with the PrintNightmare patches, so we’re still going to have to deal with the fallout and side effects of the August updates. I’ll be recapping these known issues in the September 13 AskWoody Plus newsletter. We’re soon going to be adding the ability to get text alerts sent to you when the AskWoody MS-DEFCON level changes. You can follow the alert account on Twitter now, but soon you can sign up for text alerts as well. You’ll need to be an AskWoody Plus member in order to receive texts to your phone when we send out alerts; look for more information soon. Read the full story in the AskWoody Plus Alert 18.34.1 (2021-09-09).