AskWoody

Patch Lady – Ignite message to small and medium businesses

Patch Lady here – remember the Soup Nazi of the old Seinfeld show?  “No soup for you?”  Well the message out of Orlando for small and medium businesses  — and perhaps even some large customers that still want an on premise mail server is “No on-premise for you”

Exchange is … for lack of a better term… the back end of the Outlook email client many of you use.  If you’ve ever been near a Small Business Server …that’s Exchange running that email processing for you.  If you use Office 365 now, it’s Exchange running behind that on some big datacenter somewhere.  And for recent years small and medium and even large businesses had the option of going either with cloud based mail servers or setting up an on premise server with a local copy of Exchange.  Now before you ask why… I still know a fair amount of small and medium businesses that even to this day prefer their mail server due to security concerns, access concerns, and subpoena concerns (under the theory that while you can’t dodge a subpoena, you can sure have Attorneys duke it out in a Courtroom and slow down the process a bit.)  You know how that worked out for a certain… uh… yeah, let’s not get into politics shall we?

Jetze Mellema an Exchange MVP was in an Ignite session on Exchange 2019 – the latest release of Microsoft mail server platform where some interesting factoids were announced:

Firstly, Exchange 2019 has a minimum memory requirement of 128 gigs of memory… mind you that’s not for hard drive space …. RAM memory.

Keep in mind that Exchange 2016’s minimum memory requirement was 8 GIG just three years ago.   Granted you never wanted to run Exchange on something that low, but the fact that Microsoft has put in place a 1500% (assuming I’ve done my math right) on paper increase in RAM is a bit unreal.  Is there a tariff on that sucker?

The presenter in the BRK2172 session at Ignite said…. “Exchange 2019 is an enterprise platform for the largest enterprise customers. If you want end-users features, go to Exchange Online”

If you are using Office 365 now, one of the things you want to do and enable is multi factor authentication and disable mail forwarding by default.  I see too many reports of successful phishing attacks that enable silent mail forwarding where the attacker puts in a rule to forward emails and then automatically deletes them so that the phishee never realizes he’s sending outbound emails up the wazoo until it’s too late.

But if you want an on premise mail server?  Better start saving up as you will need a beefier server for sure.

Horowitz: Windows Update on Win7 is not secure

Interesting discussion from Michael Horowitz:

When you run Windows Update on Windows 7 (I did not test other versions of Windows) it opens MANY connections to computers on the Internet over port 80. HTTP use port 80 and it is not secure. Not only can data sent with HTTP be spied on, it can also be modified in-flight. That is, what the sender sends is not necessarily what the receiver gets. Secure transmissions use HTTPS and travel over port 443.

The title does not say it all. In addition to not being secure, Windows Update is also buggy with poor diagnostics. I’ll start there.

He goes on to identify the leaky parts. Consider:

When my router is blocking the IP addresses used by Cortana, Windows Update on Windows 7 fails.

Yes, you read that correctly. Cortana.

My takeaway from the Ignite conference

Satya Nadella gave the keynote speech at the Ignite conference in Orlando this morning.

In this era of the intelligent cloud and intelligent edge, businesses in every industry are looking for a trusted partner to help them transform. We are pushing the bounds in AI, edge computing, and IoT, while providing end-to-end security to empower every organization to build its own digital capability and thrive in this new era.

Meanwhile, back here on Planet Earth, we can’t get Windows updated properly.

Sure wish there were some sort of intelligence — artificial, organic, human, military or otherwise — applied to the problems with creating reliable patches and getting them distributed in a credible way.

/Rant off

Help us unravel the Win10 updating Gordian knot

For those of you running Win10 version 1709 and 1803… I’m trying to figure out under what circumstances people are getting upgraded to the latest versions, 17134.319 and 16299.697 respectively.

It looks like “seekers” — those who manually clicked on “Check for updates” — were upgraded, but only if they “seeked” (sought?) on Thursday, and (?) they had defer quality upgrades set to 0.

If you manually downloaded and installed the cumulative update, well, you got what you asked for. If you’re attached to an update server, your admin gets to tear their hair out. I’m interested in knowing what’s happening to everybody else.

Computerworld Woody on Windows.

Born, WZor: Win10 build 17763 declared RTM

Trying to nail the “final, final” version of Win10 1809 is a thankless task. Even if the latest build — number 17763 — has been signed off, and distribution to hardware manufacturers has begun, history tells us (or at least me) that there will be several cumulative updates before real customers will be running the final, final version.

I also wonder if the Thursday cumulative updates were backported error corrections, covering bugs fixed in 1809 and now finding their way back to 1803, 1709, 1703, and 1611.

WZor, the presumably Russian person/group that leaked many builds of Windows many years ago, posted his/her/its/their official announcement about 20 hours ago:

😜📢Microsoft's #OEM partners told me that on September 21, 2018, the final release of Windows Server 2019, Version 1809, #LTSC and #SAC was signed.
⚙️The release for #OEM partners will be based on build 17763. pic.twitter.com/YWXx9jZqdW

— WZor (@WZorNET) September 23, 2018

Snazzy graphics, as usual.

Günter Born has an extended discussion, based on a discovery by Abbodi, that the Microsoft program WindowsUpdateBox (which I had never seen before) definitively nails the next version of Windows as file version 10.0.17763.1.

Your reading of the chicken entrails may vary from mine.

More WSUS Sync failures

Those of you working on update servers over the weekend have my sympathy.

There’s a lot of confusion over last Thursday’s KB 4458469 cumulative update for Win10 1803, KB 4457136 for 1709, KB 4457141 for 1703, and KB 4457127 for 1607. As best I can tell, all of those patches have been pulled — except they’re still in the Update Catalog.

To add to the mayhem, we have this report from @nazzy:

Getting intermittent sync failures again starting 9/17 for both scheduled AND manual syncs.  Can anyone else confirm?

and from an anonymous poster:

I can confirm that It was working up until 9/21/2018 then all day today (22 Sept) fails WSUS sync

Of course, a big chunk of Microsoft staff is in Orlando, getting ready for Ignite. Are we going to see any sort of resolution on this in the near term?

Great way to treat your corporate customers….

The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

One of this month’s security patches has taken on a more prominent position.

CVE-2018-8440 — the ALPC privilege escalation bug — has just been added to the Metasploit trove.

No, the sky isn’t falling. Yes, you’re going to see the ALPC exploit more frequently.

Remember, CVE-2018-8440 is a privilege escalation security hole, which means it only comes into play if your machine is already running an invasive program.

This just turns up the pressure to get this month’s patches installed. Which means I’m looking hard at the MS-DEFCON 2 setting, and cursing the fickle Win10 cumulative update gods, who gave us three cumulative updates in the past 10 days. The third of which may well be malfunctioning and pulled already.

No rest for the weary.

Win7 Servicing Stack updates: Managing change and appreciating cumulative updates

You may recall the problem we had earlier this month with Error 0x8000FFFF in the Win7 Cumulative Update?

John Wilcox has just posted an item in the Windows IT Pro Blog with some (eminently readable!) details:

Some Windows 7 devices recently experienced issues installing either the August or September 2018 Monthly Rollups or Security-only updates. The intent of this blog is to share why these issues occurred, what we are doing about it, and how this relates to Windows 10 cumulative updates.
To tell this story, we need to travel back to October of 2016, when we released the Windows 7 Service Pack 1 (SP1) servicing stack update (KB 3177467). Servicing stack updates, or SSUs, are periodic updates released to specifically service or update the software stack for Windows platforms. These are fixes to the code that process and manage updates that need separate servicing periodically to improve the reliability of the update process, or address issue(s) that prevent patching some other part of the OS with the monthly latest cumulative update (LCU).

It’s an interesting tale, well worth reading.