AskWoody

Tasks for the weekend – January 16, 2021

YouTube video here

Included in January’s updates was a fix to Microsoft Defender.  If you use a third party antivirus are you at risk? In a word?  NO.

As per CVE-2021-1647 – Security Update Guide – Microsoft – Microsoft Defender Remote Code Execution Vulnerability,  systems that have disabled Microsoft Defender are not in an exploitable state.

Do you need to take any action if you have a third party antivirus?  No.  Do you need to take any action if you use Defender?  No because it’s been automatically fixed.

To check click on Start, then Settings, then Update and security, Windows Security, Open windows security, Look for the gear, About.  For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.17700.4 or later.

Zero day Windows 10 bug

Topic: A Zero-day Windows 10 bug corrupts your hard drive on seeing this file’s icon @ AskWoody

This is one of those … okay let’s be careful out there…. bugs.

Alex points to a Windows 10 bug that is triggered by merely extract the zip file or look at a folder that contains the malicious shortcut.

Remember whenever you get something via email that you didn’t expect, don’t open it.  If you are really curious, check out the file or link on www.virustotal.com or www.reverse.it

Security researcher Jonas L first warned about the bug earlier this week, describing it as a “nasty vulnerability.” Attackers can hide a specially crafted line inside a ZIP file, folder, or even a simple Windows shortcut. All a Windows 10 user needs to do is extract the ZIP file or simply look at a folder that contains a malicious shortcut and it will automatically trigger hard drive corruption.

Edit:  I spotted on Windows 10 NTFS $i30 File Corruption | AttackerKB

Attackers can remotely exploit this vulnerability to make Windows think a drive is corrupted even though it is not. Successfully resolving this issue will require users to reboot Windows and run a disk check on the corrupted drive, after which Windows will be convinced that the drive is no longer corrupted.

It’s not really corrupted after all.

Security update for Secure Boot DBX can be skipped (KB4535680)

Security update for Secure Boot DBX can be skipped (KB4535680)

Just a heads up – this  will be in the Plus newsletter later on this weekend but due to the severe impact it had on my Saturday morning for one of my HyperV servers I’m going to post it here as an advanced heads up:  the KB4535680 causes a “double reboot” on machines and for those folks that manage HyperV servers this has a VERY nasty side effect:

It puts your HyperV machines in “saved” state.  In order to recover I had to reboot the host an additional time – even had to hard reboot it as it was stuck on shutting down the HyperV management services.  Once it rebooted it let me restart the virtual machines but then I had to reboot the VMs to get them back behaving.

“If you have Windows Defender Credential Guard (Virtual Secure Mode) enabled, your device will restart two times.”

I don’t have that enabled.  I DO have HyperV.  I’m also recommending that you skip it on consumer machines as well.  If you are in charge of nuclear weopons or state secrets, then maybe install it.  For us mere mortals. it’s a skip.  If you ended up installing it anyway and had no issues, don’t remove the update.  But for us that patch HyperV (servers that host other servers) this one is VERY disruptive.  BornCity has a write up on it as well.

Windows 7 ESU year two oddities

According to the thread in the Microsoft Tech Community:

Year two: Extended Security Updates for Windows 7 and Windows Server 2008 – Microsoft Tech Community

Here are some interesting things about the Year 2 ESU license.

Oddity number 1:  While you can’t buy year 2 of the ESU without having an existing (or new) order for year 1 on your account, you can install the year 2 ESU without and having the year 1 ESU installed.  I guess you’d have this situation if you were reinstalling/rebuilding a Windows 7 machine.

Oddity number 2:  We don’t think there is a “test” update like last year.

Overall, I have less clients this year asking for these ESUs as they’ve replaced many of their machines with Windows 10 in the past year.

Attention partners: Microsoft really is coming for your clients this time

Microsoft has made the mistake of going around its partners in the past. Isn’t buying direct the way to go? No, not really. When there’s a healthy marketplace of trained professionals supporting and consulting small businesses then they are able to get just the type of support they want and work with someone that understands thier business goals and can help them move the technology in the same direction that their business is going. When the market isn’t attractive to partners, then consumers of the product have less choice and fewer support options. What Microsoft is doing here is alarming and all should be concerned. From end user, partner to distributor.

Repost from Third Tier: Microsoft really is coming for your clients this time – Ultimate Support for IT Pros – ThirdTier

There’s been a lot of false claims in the past that Microsoft was coming for your clients. But in this new round of intrusion into the trusted CSP-Client relationship, Microsoft really is coming for your clients. All around forums, user groups and social media the emails are being circulated and they are scary. In one complaint that I read on a private MVP group, the CSP, well let’s just quote them, “We almost lost a 50k/month Azure WVD client as Microsoft offered their implementation for free. We kept the client onboard thankfully, thanks to value-added services”

I understand that Microsoft has a problem with some resellers not providing depth nor breadth of services to clients and tying those clients up making it difficult for other more active and consultive CSP’s and MSP’s to expand, but Microsoft really needs a way to determine whether a partner is active with the client or whether they have sold, migrated and are done. Those of us working actively with our clients shouldn’t be subject to any competitor coming in and disrupting our business.

Here are a couple of samples of the email that your clients are getting from Microsoft.

On Azure:

I hope this email finds you well! My name is Blake Wheeler, and I am reaching out on behalf of Microsoft’s Azure Team. I spoke to Lisa from (Edit: Client name) and she referred me to reach out to you. I was reaching out to Lisa about the opportunity to participate in a Complimentary Deep Dive Evaluation. This will help you and your team assess any Cyber Security Threats, overutilization and/or underutilization of your network and provide a complete network and hardware scan for (Edit: client name) with reports tailored the way you want them.

The first step for this evaluation is scheduling a Teams meeting with our Evaluations Specialist where they will go over the process in more detail. Please let me know a good date/time that you had 15-30 minutes of availability next week and I will get everything set up. I have attached a short deck with information on the process as well.

On 365:

On 365:

Happy New Years! My name is [MS-REPNAME] and I work directly for Microsoft to help businesses get the most out of their relationship with Microsoft and I was recently assigned to support you and your company. I assist with device procurement and discounting, end-user training, general IT questions, licensing, etc.

Do you have time for a brief intro call this week so we can learn how to best advance your IT strategies moving forward?

Thank you! We look forward to a great partnership!

If those email copies don’t make you angry, as they do this Microsoft fan, then perhaps re-read them. I’m not the alarmist type but this intrusion into the relationship with my client has really taken me aback.

January 2021 updates are here

So this is the time of the Patch Tuesday that I call “Reading time”.  I start reading all the security blogs about patching and start seeing if there are side effects.

Ghacks is here.

ZDnet is here

Zeroday is here

I don’t see an official listing for Office patches at this time, I’ll post that when I see it.

So far the items of interest are Defender having a bug that was probably already fixed on your machine.

The .NET patches that really only include optional updates and not NEW security updates which means they may be offered up to you but you don’t have to install them (making them somewhat confusing).

Of more concern to me is once again we have to dig into the details… as Dustin Childs said… ” Again, without executive summaries, we can only speculate the true severity of these bypasses.”

Edit:  I STILL see Office 2010 updates out today.

https://support.microsoft.com/en-us/help/4493186/security-update-for-excel-2010-january-12-2021

https://support.microsoft.com/en-us/help/4493143/security-update-for-office-2010-january-12-2021

https://support.microsoft.com/en-us/help/4493142/security-update-for-office-2010-january-12-2021

https://support.microsoft.com/en-us/help/4493181/security-update-for-office-2010-january-12-2021

https://support.microsoft.com/en-us/help/4493145/security-update-for-word-2010-january-12-2021

Edit: Updates are now also available for Office 2013 and Office 2016.

MS-DEFCON 2 – Get ready for January updates

Remember it’s time to prepare for January updates by delaying /or pausing updates.  Also I’m ready to give the all clear to 2004 if you want to do it before tomorrow’s patch Tuesday (or later on in the month).

More in Computerworld.

What do you want?

CHANGE

Nice to meet you, how do you do?

Thank you. To the over 4,000 AskWoody newsletter readers who answered our first-ever survey, thank you for taking the time to let us know what you want and don’t want. We were surprised and enormously grateful for the tremendous response.

The survey is now closed, giving me the opportunity to share some of the results with you.

Your use of Microsoft operating systems is in line with what the larger Microsoft ecosystem is using. In the larger Microsoft population, nearly 90% are using Windows 10. So, too, are AskWoody readers (91 percent are using Windows 10). The AskWoody readership represents a slightly greater number of users of Windows 7 (12.9 percent) versus the larger population (8.5 percent). Windows 8/8.1 users are in the distinct minority with approximately 3 percent in both the larger Microsoft user base and the AskWoody readership.

Read the full story in AskWoody Plus Newsletter 18.1.0 (2021-01-11).