AskWoody

Tasks for the weekend – May 8th – Should I remove KB4023057?

Youtube here

KB4023057 is an update that comes out normally before a feature update is released. In theory it’s supposed to help a machine get the feature update installed by ensuring that there’s enough hard drive space, that the system won’t snooze and that the windows update components are “healthy” to then install the feature release.

Now if it really wanted to help machine get a feature release installed, it would check drivers, flag which ones would cause issues and warn you in plain English what issues you would face. If  I were coding it up, I would make it so that when it found a machine with Conexant drivers it would remove them and ensure it was set to install 2004. But I digress…

Because it doesn’t have a reputation of being well behaved, you’ll see it recommended to either block the  install (use Wushowhide from Oldergeeks or your favorite hiding tool of choice), or if it sneaked in while you weren’t looking, to uninstall it. If it snuck in, look for “Microsoft Update Health Tools” in the classic control panel/programs and features and remove it.

Conexant and the 2004 saga continues

I’m scratching my head a bit this morning reading the post on Bleeping computer.

Microsoft has addressed the last remaining known issues affecting Windows 10 computers with Conexant or Synaptics devices causing errors and problems when updating to Windows 10 versions 2004 or 20H2.

But when you go to the underlying Windows Health dashboard item it still is the same lousy resolution as before:

Resolution: The safeguard hold with safeguard IDs 25702617, 25702660, 25702662, and 25702673 has been removed for all devices as of May 7, 2021, including devices with affected drivers. If updated drivers are not available for your device and you are offered Windows 10, version 2004 or Windows 10, version 20H2, a small number of devices might roll back to the previous version of Windows 10 when attempting to update. If this occurs, you should attempt to update to Windows 10, version 2004 or Windows 10, version 20H2 again.

I don’t read “gee, we scan your computer, see that it has an impacted driver, remove it DURING the 2004 install so that you have a nice install process”, I still read that you will have a horrible upgrade experience and you’ll have to try it several times before it completes.

Should we trust our routers?

Michael Horowitz has a story about how the Asus GT-AC2900 router had THREE password bypass flaws….

The Asus GT-AC2900 router had 3 password bypass flaws. They were fixed. But . . . what about the many other Asus routers? Neither Asus nor the researcher addressed this. It is hard to trust *any* Asus router.
https://t.co/pH6ALelv4d

— Michael Horowitz (@defensivecomput) May 7, 2021

Dell computers put at risk

So today’s headline that I wrote above is one that I see too often. It gets you to be worried about something that I honestly don’t think attackers will use as a means to attack us.

Here’s the background (thanks to reader RougeSec58 for the links:)

Dell support article

Reddit thread with N-Able script to remove it.

So the other day I read this twitter post….

Due to the introduction of Driver Signature Enforcement & Kernel Patch Protection, it’s become increasingly rare for attackers to create and execute #Windows rootkits.

All of these firmware/rootkit headlines make me ponder… gee… why is it that attackers use phishing lures so much? Because that’s the low hanging fruit. It’s not easy to attack us to go after Spectre style attacks. I see this Dell issue in the same way. It’s way easier to get us with phishing lures and click baits than it is with these sort of attacks.

“there is no evidence at this time that its flaws have been exploited in the wild.”

Just because there is a possibility of attack doesn’t mean it is probable that it’s  being attacked.

As always, feel free to disagree with me and educate me that I’m in the wrong. That’s what security is all about anyway ….weighing the risks and trying to determine if THAT is going to get me or if it’s just headlines to make me worry.

Ghacks report Defender bug

https://www.ghacks.net/2021/05/05/windows-defender-bug-may-fill-your-hard-drive-with-thousands-of-files/

Martin reports postings about defender scan files filling up hard drives. I’m plain old Defender here and not seeing this issue so it appears like it’s an interaction between Defender and possibly Sophos? Note that to see that location you’ll need to have “Show/hide” box ticked to show Hidden items and then you’ll have to click through a UAC prompt to see into that Store folder.

The May 2021 Office non-Security Updates have been published

The May 2021 Office non-Security updates have been released Tuesday, May 4, 2021. They are not included in the DEFCON-4 approval for the April 2021 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

Office 2016
Update for Microsoft Office 2016 (KB4462117)
Update for Skype for Business 2016 (KB4493155)
Update for Microsoft Outlook 2016 (KB5001921)

There were no non-security listings for Office 2010 (which reached EOS on October 13, 2020) nor for Office 2013.
On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support will end for Office 2013 on April 11, 2023.
Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

Office current branch triggers Outlook Bug

@b pointed me to several threads in the answers forums where in Version 2104 ” quite a few home users and companies have found that Version 2104 (Build 13929.20296) of April 29 introduces a bug which causes To: field autocomplete dropdown to go up off screen instead of down. Not everyone is affected; It probably depends on screen resolution and text scaling”  He said he has that version but is not seeing the bug. Rolling back to the prior version 2103 (Build 13901.20462) of April 23, does seem to work for everyone (including Office 2019).

This is why I recommend moving back to the semi annual branch  where you don’t get quite as many bugs.

You can read the threads here:

Outlook 2016 Autocomplete is doing something weird

Outlook 2019 autocomplete view changed after update

Outlook 2019 Address Autocomplete Broken

You seeing anything?

Take control of your Mac’s privacy

ISSUE 18.16 • 2021-05-03

APPLE

By Nathan Parker

Apple’s emphasis on privacy is focused on personal devices, such as iPads and iPhones. But Macs have privacy settings, too.

In my recent article “Take control of your privacy — iPhone & iPad” (AskWoody 18.12, 2021-04-05), I discussed many of the settings provided by iOS and iPadOS to control the privacy and security of the device and the apps running on it. Although one might think all Apple systems would be in lockstep, I have noticed that the settings in macOS are not quite as granular, not quite as detailed, as those in iOS/iPadOS.

Read the full story in the AskWoody Plus Newsletter 18.16.0 (2021-05-03).
This story also appears in the AskWoody Free Newsletter 18.16.F (2021-05-03).

More on OneDrive, and Symlinks

LANGALIST

By Fred Langa

A recent column on OneDrive problems brought a ton of email from readers asking for help with overcoming OneDrive’s poor documentation, weak user interface, and other limitations.

The largest group of questions was about using symlinks to allow OneDrive to automatically sync and process files or folders without having to first move and fit them all into the local C:\…\OneDrive\ folder.

Read the full story in the AskWoody Plus Newsletter 18.16.0 (2021-05-03).

Microsoft Casual: It ain’t all fun ’n’ games

PUBLIC DEFENDER

By Brian Livingston

New shoot-’em-up and twitch videogames get all the attention, but lots of people still like good ol’ strategy games, such as Solitaire and Minesweeper.

Microsoft removed its games from Windows 8, but they’re just lightly hidden in Windows 10. In addition, the whole Microsoft Casual Games package is downloadable — and boy, are people having problems.

Read the full story in the AskWoody Plus Newsletter 18.16.0 (2021-05-03).

How to control the privacy of your Microsoft account

MICROSOFT

By Lance Whitney

You can review and manage a host of privacy settings and collected data for your Microsoft account via a dedicated account website.

I know that some Windows users shy away from creating a Microsoft account because they’re concerned about the software giant siphoning up too much information about them. That’s certainly a valid concern. Like other tech companies, Microsoft will track many of your activities to “customize your experience” but also, sadly, to serve you targeted ads and other content.

Read the full story in the AskWoody Plus Newsletter 18.16.0 (2021-05-03).

Last call for 1909

PATCH WATCH

By Susan Bradley

All’s clear for updating. Plus, I bid farewell to the man who saved the Internet.

As noted in my Alert last week, I’ve given the all-clear to install updates this month. The printing bugs have been squashed, and no other issues are apparent.

If you have still not installed updates, review your deferral settings. If you’ve chosen to defer updates to a specific date, click on Start, Settings, Windows update. If updates are deferred, you will see a bold notice that updates are paused plus a Resume updates button. Clicking that button will clear any deferrals you have set.

Read the full story in the AskWoody Plus Newsletter 18.16.0 (2021-05-03).