AskWoody

Plan on the worst

I have a love/hate relationship with Surface devices. They are my favorite for travel as the Surface Go is the lightest one, with the Surface Pro 7+ being right behind. But… and this is starting to be true for more and more technology…. they cannot be easily serviced. Battery needs replaced? You can’t fix it. Monitor stops working on it? Sorry. So if you stupidly do what I did the other day…. like have your Surface in your purse on the passenger seat of your car. Then you opened your car door when you didn’t realize your purse was way too close the edge of the seat…. and well you can see where this is unfortunately going can’t you?

When it then hits the cement pavement just at the exact corner of the screen… you can guess what happened:

Nailed it, right on the edge.

The computer still booted up, it just was a bit…. crunchy in that corner of the screen with little bits of glass in the keyboard. Ugh.

When I purchased this device, I did it as part of an All access for business plan. You can add an accidental coverage plan, which I did just in case I did something … well… stupid like this. “Sigh!”, I said to myself, “well I get to test it out this time”.  So I signed into the Surface business access site and started the process to get it replaced. As part of the “replacement” process you only ship the unit itself. You reset it to factory defaults and erase all of your data because you are NOT getting this unit back.

So in my case, because I tend to use it to remote into other things, I honestly didn’t have to back anything up. I can easily install what I need on the device again. But I did have to remove the AT&T Cellular SIM card that was an extra accessory I got that allows the device to always have Internet connection as long as I’m within range of an AT&T cellular tower.

Microsoft provided a physical address I needed to send it back to and off it went. I had heard from others that I might get a refurbished unit back and not a new unit, but because the unit they were replacing was a Surface Pro 7 plus, chances were good that I would receive a new unit, not a refurb’d. Sure enough, I received back a new unit.

I went to reinstall the AT&T SIM and was surprised to see that cellular didn’t turn back on again. Okay I probably need to call AT&T and tell them the new IMEI or some other information that they need to reenable it. Turns out on the Surface Pro 7 plus it supports both an eSIM and a physical SIM there’s a little arrow key in the cellular networking section that you can pull down and choose eSIM or the physical SIM. Duh. Once I picked the physical SIM, the cellular connected right up without contacting AT&T.

As an aside, remember that Surface devices can get updates for it’s Operating system AND it’s hardware and firmware but they still are not easily repairable. Therefore, plan accordingly.

In July Microsoft released various updates for firmware and hardware on the following Surface devices:

Surface Book – security fixes for firmware

Surface Laptop 3 – various performance issues

Surface Pro 4 – security fixes for firmware

Surface Pro 3 – security fixes for firmware

Surface Studio 2 – security fixes for firmware

The moral of this story is, buy the support plan for accidental coverage for these types of tech devices that cannot be easily serviced. Even though most of the time you won’t use it, there will be that ONE time when the device slides out of your purse onto the concrete pavement as you open your car door. Trust me. It can happen.

Do you reboot your Apple devices?

I’ll be the first to admit that other than installing updates, I don’t reboot my iphone on a regular basis. The other day Apple got a big patch bundle to fix several zero days/security issues. By now you’ve probably installed those updates. But do you reboot on a regular basis?

The NSA issued a “best practices” guide for mobile device security last year in which it recommends rebooting a phone every week as a way to stop hacking. Apparently it keeps attackers from being able to insert “persistence” attacks on the device.

How often do you reboot?

MS-DEFCON 4: July updates should be installed

ISSUE 18.28.1 • 2021-07-27 PATCH WATCH By Susan Bradley July patches have been well behaved. Consumer and home users If you’ve used the “pause updates” methodology, now is the time to install the July updates. I’ve not seen any major printing issues introduced with these July updates. However, I still recommend that you keep the Print Spooler service disabled. If you do print, consider turning the spooler off and then back on when you need it. Microsoft fixed the issue with the Print Nightmare bug, but another Print Spooler bug has yet to be fixed and is slated to be discussed at the annual security conference in Las Vegas, better known as the Black Hat Conference. For Office updates, open up any installed Office application, click on File, then on Account, then on Office Updates and choose to enable updates. Then click on Update Now to trigger the installation of the updates. Business users For business users, Microsoft has described only one side effect with printers and the July updates. Printers that rely on smart-card (PIV) authentication may fail to print after the installation of the July patches. This is not a widespread problem, and there is no reason to delay installation of the patches. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.28.1 (2021-07-27).

Microsoft 365 plans revealed!

ISSUE 18.28 • 2021-07-26

MICROSOFT 365

By Peter Deegan

Which Microsoft 365 Business plan is best and cheapest for you?

Yes, I said business plans. But wait – don’t go away – a business plan might be just the thing for you. Read on.

Read the full story in the AskWoody Plus Newsletter 18.28.0 (2021-07-26).
This story also appears in the AskWoody Free Newsletter 18.28.F (2021-07-26).

Update: Where does TPM live?

WINDOWS 11

By Will Fastie

Trying to find out where Trusted Platform Module is implemented in Intel-based systems was harder than I thought. Intel finally, and helpfully, gave me some pointers.

The problem is one of terminology.

Read the full story in the AskWoody Plus Newsletter 18.28.0 (2021-07-26).

Untrustworthy OEM updaters cause trouble

LANGALIST

By Fred Langa

Keeping a PC up to date gets harder as the system ages, especially when OEM and vendor update tools start missing things entirely — or actively making bad suggestions!

Here are several ways to help ensure that your PC’s BIOS, hardware drivers, operating system, and software are getting all the updates they need — and not getting any updates they don’t!

Read the full story in the AskWoody Plus Newsletter 18.28.0 (2021-07-26).

What’s up with Firefox 90? Should you go back to version 88?

PUBLIC DEFENDER

By Brian Livingston

In rapid succession, the Mozilla Foundation recently released versions 89 and 90 of its Firefox browser. Cries of pain immediately arose from users seeking a way to roll back to Firefox 88.

What’s the problem?

Read the full story in the AskWoody Plus Newsletter 18.28.0 (2021-07-26).

Freeware Spotlight — Logyx Pack

BEST UTILITIES

By Deanna McElveen

All work and no play makes Jack a dull boy.

Did you know that Microsoft first introduced Solitaire in Windows 3.0 1990 to teach everyone how to drag and drop with that fancy new mouse? Enjoy a good game of Minesweeper? In 1992, it came along in Windows 3.1 to teach us how to be speedier with our mice (mouses?) and to become more comfortable with left- and right-clicking. Also, that year we got our beloved Hearts game. Hearts originally had network play to help us get used to interconnected workstations. You could even communicate with the person you were playing against on the network! Common now, but it was pretty awesome back then.

Read the full story in the AskWoody Plus Newsletter 18.28.0 (2021-07-26).

Microsoft de-emphasizes backing up

ON SECURITY

By Susan Bradley

Got backup?

Many Windows users consider the second Tuesday of every month a bit like Russian roulette. Will their system reboot? Will they have issues and side effects triggered by the update? Will something else go wrong?

Read the full story in the AskWoody Plus Newsletter 18.28.0 (2021-07-26).

Tasks for the weekend – July 24, 2021 – what’s your password?

[Youtube video here]

Just the other day I was helping someone out with setting up a new laptop and they didn’t know what their wifi password was. Fortunately the person who installed their internet connection had left behind a piece of paper that had a username and a password. I figured this was the account set up info and sure enough I was able to log into their Comcast account and figure out what their existing wifi password was. Does your ISP provide you with a web interface to review your wifi? Or an app that allows you to troubleshoot the Internet connection? Often rebooting devices is a great way to make the television or Internet magically get fixed and these apps can make it easier to determine if the issue is you or them.

Also while you are poking around the ISP account, see if they have any shared hotspots turned on. In this wifi interface is often the place to disable this “shared hotspot” that many ISPs turn on by default.

So have you logged into your ISP’s web account or downloaded their app? What do you do regularly with it?

Check your certificate services

Guidance for businesses:

For those of you that have active directory domains – and especially if you use Small Business Server or Essential Server and have migrated your active directory over from these platforms check out this article I wrote for CSO online earlier.

Bottom line you may have Certificate templates you either have now due to Essentials server, or you brought it over from the active directory when you migrated to your current active directory domain. As a result you may need to adjust the certificate templates on the server – or – if you no longer have an Essentials server in your network – you may need to remove the certificate templates.

Next another issue to read up on:  SANS site is showcasing an issues with certificate services.  Mind you that SMB signing should be enabled in most networks anyway, so you may have some mitigation already.

Guidance for consumers:

Be glad that you don’t have a network, slightly worry about all of the businesses you interact with that do.

Windows 10 more vulnerable – revisited

I asked the other day if Windows 10 was more vulnerable. Turns out we have another problem with Windows 10 – and Windows 11 for that matter.

CVE-2021-36934 has been released to track an issue that a researcher has stumbled on … and it’s honestly been around for a while. Starting with Windows 10 1809 and later, the default permissions on the “Security accounts manager database” (also known as SAM database)  aren’t set right and if you are a non administrator user where you shouldn’t have the ability to access that file, in Windows 10 1809 and later you DO have rights to that file.

While on consumer and home computers this isn’t a huge issue, in businesses where keeping ransomware at bay is near impossible these days, it’s not a good thing at all.

Bleeping computer explains the situation…. “With these low file permissions, a threat actor with limited privileges on a device can extract the NTLM hashed passwords for all accounts on a device and use those hashes in pass-the-hash attacks to gain elevated privileges.”

The SANS site tells how specifically this vulnerability takes place….“The only issue here is how do we read those files: when Windows are running, the access to the files is locked and even though we have read permission, we won’t be able to read them.  As two great researchers found (@jonasLyk and @gentilkiwi), we can actually abuse Volume Shadow Copy to read the files. VSS will allow us to bypass the file being locked, and since we have legitimate read access, there’s nothing preventing us from reading the file. VSS is a feature that is enabled automatically on Windows and that allows us to restore previous copies in case something got messed up during installation of a new application or patch, for example. If your system disk is greater than 128 GB, it will be enabled automatically!”

Action items to take as a consumer:  Nothing.  The potential mitigation “apart from disabling/removing VSS copies. Keep in mind that the permission on the hives will still be wrong, but at least a non-privileged user will not be able to easily fetch these files due to them being locked by Windows as the system is running.” to me is not viable and puts your system at risk for not being able to use previous versions tab, backups and other goodness. I’d rather not change any permissions because given that this has been in place since 1809, software may be expecting these permissions. I’ll let you know when a patch or fix comes out, or a mitigation that I consider safe.

Actions to take as an IT Pro or MSP: Also nothing at this time. Again, I consider VSS copies too important to disable.

Bottom line, stay tuned.

Edit 7/23/2021 For IT Pros and MSPs, I’d recommend that you inventory your servers and clients to see if they are impacted.  See VU#506989 – Microsoft Windows gives unprivileged user access to system32\config files (cert.org)