AskWoody

Patch Lady – why can’t Surface devices have the BEST experience?

So why can’t Surface devices have the absolute BEST patching experience EVER?

Instead…

After installing driver updates from Intel and Microsoft, offered up to me by Microsoft for a Microsoft built product it demanded that I reenter the bitlocker recovery key.  Surface devices that are set up with either a Microsoft 365 account or a Microsoft personal account have bitlocker set up automatically and backed up to the cloud.  And that’s a good thing because then you need ANOTHER working computer to log into said backup location and type in one key stroke at a time your recovery key hoping it works, mentally thinking about if the backup you have set up ran last time to the tiny external flash drive you have to plug in or if you will be spending tomorrow night rebuilding your Surface Go device.

I had to go to another PC, log into my recovery bitlocker area – this one is a firm Surface Go so it’s backed up in Azure AD

Then, I had to enter the Bitlocker recovery key not once, but twice.  It wanted to reboot, I did, it stopped again wanting the recovery key, I had to enter it a second time.

But it just drives me INSANE that the most hiccups I have is on Microsoft built hardware.

The items that were installed were Surface- System, Surface-Firmware, Intel-System, Intel-Software Component, FTDI-Ports, FTDI-USB.

Come on Microsoft, you need to be better than this on your own hardware.

Surface Go Device.  Purchased December 2019.

Freeware Spotlight — Open-Shell

BEST UTILITIES

By Deanna McElveen

December 3, 2017 — a sad day.

That was when ace developer Ivo Beltchev announced the end of future development on Classic Shell (more info), the wildly popular freeware program that made the Start menus in Win8 and Win10 look and work like the familiar and comfortable Windows 7 menu.

Luckily for all Classic Shell users, a group of talented developers has created the Open-Shell project. They dusted off Classic Shell, rubbed in some polish, and rolled it out as Open-Shell-Menu (aka Open-Shell).

Read the full story in AskWoody Plus Newsletter 17.37.0 (2020-09-21).

More fixes for a regularly repeating Wi-Fi outage

LANGALIST

By Fred Langa

In my previous column, I discussed techniques for curing an annoying and recurring Wi-Fi failure that appeared on a set schedule.

In this follow-up, I’ll dig into two other possible causes of regular Wi-Fi hiccups: router reboots and IP-address refreshing.

Read the full story in AskWoody Plus Newsletter 17.37.0 (2020-09-21).

Kicking the Win10 2004 tires

Windows 10

By TB Capen

The newest Windows is trickling out to a PC near you — or maybe not.

The mystery with Version 2004 is why it’s been offered to some systems but not others. That was the case on three of my PCs. So to get a look at the newest Windows, I forced an upgrade. Here’s what I found.

Read the full story in AskWoody Plus Newsletter 17.37.0 (2020-09-21).

Web presence: Working with search engines

SMALL-BUSINESS WEBSITES

By Will Fastie

Leveraging Web-based services is an essential part of building an effective online presence — and search engines are a top priority.

In my previous installment, I stated that this article would focus on social networks. I’d intended to include some information on search engines, but during the research and writing process, I realized there was more to say about search.

One of the buzz words constantly thrown about when discussing online searches is “search-engine optimization.” I’ll state right from the start that I’m dubious about the value of current SEO practices — and practitioners.

Read the full story in AskWoody Plus Newsletter 17.37.0 (2020-09-21).

What does “Exploitation less likely” really mean?

All of Microsoft’s separately identified security holes – CVEs in the parlance – are given an “Exploitability Index” level. Microsoft’s official definition looks like this:

1 – Exploitation More Likely
Microsoft analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability. Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited. This would make it an attractive target for attackers, and therefore more likely that exploits could be created. As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with a higher priority.

2 – Exploitation Less Likely
Microsoft analysis has shown that while exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product. Moreover, Microsoft has not recently observed a trend of this type of vulnerability being actively exploited in the wild. This makes it a less attractive target for attackers. That said, customers who reviewed the security update and determined its applicability within their environment should still treat this as a material update. If they are prioritizing against other highly exploitable vulnerabilities, they could rank this lower in their deployment priority.

3 – Exploitation Unlikely
Microsoft analysis shows that successfully functioning exploit code is unlikely to be utilized in real attacks. This means that while it might be possible for exploit code to be released that could trigger the vulnerability and cause abnormal behavior, the full impact of exploitation will be more limited. Moreover, Microsoft has not observed instances of this type of vulnerability being actively exploited in the past. Thus, the actual risk of being exploited from this vulnerability is significantly lower. Therefore, customers who have reviewed the security update to determine its applicability within their environment could prioritize this update below other vulnerabilities within a release.

There’s a series of tweets that explains the situation in a much more accessible manner:

Jake Williams

Yesterday, Microsoft announced there’s a remotely exploitable heap overflow in MS DNS on Server 2012R2 and later. Infosec, how are we not talking about this?!

SwiftOnSecurity

Microsoft marking exploitability as “less likely” has significantly impacted deployment efforts and awareness. I wish this rating was more detailed. Risk teams get put in crossfire for justifying emergency patches on vague info. Criticality is made irrelevant by this category.

I recognize Microsoft is in an impossible position here, I just don’t know what I’m supposed to do when a 1-click global network compromise CVE is tagged “exploitation less likely.”

Like, does “exploitation less likely” mean it’s so complex you think an attacker can’t figure it out, or that individual exploitation attempts are unlikely to succeed? What if they try 1000x a second across 50 Domain Controllers? If so, how do I detect these attempts?

Katie Moussouris

It means that within 2 weeks of the patch release, unless exploit code is released, it is less likely that attackers will use this vulnerability versus others that are more easily exploitable. It’s a bet meant to differentiate between highly reliable exploitation vs less likely.

It’s because customers were using the criticality rating that indicates the max impact *if exploited*, and leaving highly exploitable lower severity issues unpatched for a Very Unwise Amount of Time.

And that, to me, is the definitive answer. Thx Clément Notin

In memoriam

Windows 10 version 20H2 rolling out to the Windows Insider Release Preview Channel

The new version is coming. Expect Win10 version 20H2 to start appearing on forced-out PCs in a couple of weeks.

In case you haven’t been keeping up on the version numbers, the most recent versions of Win10 are:

Win10 version 1903
Win10 version 1909
Win10 version 2004
Win10 version 20H2

Let’s hear it for consistency in naming/branding, and failing to foretell a completely predictable conflict. I guess the new names are better than “Fall in the Northern Hemisphere Conflicted Creators Update” or whatever it was called.

I still don’t recommend that you move to Win10 version 2004 — still too many bugs, most of which aren’t acknowledged — but I strongly recommend that you download and hold onto a clean, free copy of Win10 version 2004.