What kind of backup do you need?

Seeing the devastation in Florida reminds me that having key records stored someplace else is wise. But there are two things to always keep in mind:

1. Security of where that is stored
2. Where that is stored

Should you have digital records stored on a portable flash drive or external usb hard drive?  Should you have it in a cloud service?

When deciding what it key to keep, think in terms of what is important for recovery purposes as well as what is important for your legacy and memories.

If extreme events occur, having things stored on the cloud is actually not a bad thing.  You can sign up for inexpensive storage on onedrive.  If you are a small business you can look at products like Cyber Fortress (used to be called Jungle Drive) .

Another option you can use is products that “sync” your data.  Now I’m not talking about Onedrive, but rather products that Sync to Onedrive or other cloud services. So you still have your full file structure locally, but then there is a copy elsewhere.  The one I use personally is SyncBackPro.  It works for both business settings as well as personal settings (they have a free personal version).  For many years Microsoft had this tool called Synctoy that worked great.  Too great.  They killed it. Yeah…

One command line tool that still works wonders is robocopy – but mind you it’s best with mapped drives or local drives.  Depending on the Cloud service it may not work to copy items.

Do you use syncing software?  If so, what do you use and why do you like it?  What do you sync and where do you sync it to?

Microsoft email zero day

What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already fully patched.

If we have online email with Microsoft, are we at risk?  No.

Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

If you are an Exchange admin and need help, pile on here

(note I am sending this out as a defcon text alert but not an email alert)

Follow the guidance in the MSRC post to protect your on premise email servers:

The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns

Note:

If you don’t run Microsoft Exchange on premise, and don’t have Outlook Web App facing the internet, you are not impacted.

Preparing yourself

First off to anyone in the path of Hurricane Ian, please stay safe.

All of us need to remind ourselves that while we may not be facing Hurricanes, we may be facing some other destruction.  I’ll be doing some articles and videos on backups and best practices but this is also a reminder to not be so quick to blow off any cloud solution in your backup plans because of the subscription model (which it has) or the risk of cloud access by attackers (which should also not be blown off as a non issue). As the images and videos out of Florida showcase, this is when you can not have enough backups.  Having your key information somewhere in a secure cloud is actually a GOOD thing.  Often your local devices are damaged, you can’t get back into your home, your office, or your bank where you stored your offsite backup.

Also think of alternative ways you can access your information on a non standard device. Rather than a desktop computer, think of a device like an ipad or a chromebook which is much more portable and you can take it with you.

Here are some other tips from the Florida Red Cross:

Hurricane Ian | Press Release | American Red Cross

Download the free Red Cross Emergency App for real-time weather alerts, open Red Cross shelters, and expert advice on emergency situations. Search “American Red Cross” in app stores or go to redcross.org/apps. You can also enable the Red Cross Hurricane Alert skill on Amazon Alexa-enabled devices to receive warnings about an approaching hurricane and preparedness information.

And if you like… donate to the red cross who are often one of the first folks back in to help clean up.

MS-DEFCON 4: A well-behaved September

By Susan Bradley

September updates have few side effects.

It’s always nice when the monthly update process is calm, with no storms. But due to a few snags, the best I can do is lower the MS-DEFCON level to 4.

These side effects are limited to issues seen in businesses; we ordinary, consumer mortals are not much affected.

Anyone can read the full MS-DEFCON Alert (19.39.1, 2022-09-27).

Windows 11 2H22 released, mostly

MICROSOFT NEWS

By Will Fastie

Well, it wasn’t really 2H22. It was 2022.

The entire news cycle about Windows 11, starting with its announcement over 18 months ago, has been different. Maybe weird is a better descriptor.

The announcement wasn’t an event; nothing was live. There wasn’t even a video from Panos Panay, who was simply noted as the author of a blog post. The surprise twist in all this, especially from the perspective of someone in the press, was that the announcement was not accompanied by a press release in Microsoft’s usual location. Instead, it was given its own microsite. The release was not mentioned on Microsoft’s home page and was noted only on the Windows page with an eyebrow link at the very top.

Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).
This story also appears in our public Newsletter.

Should you get a free credit report for any data breach?

PUBLIC DEFENDER

By Brian Livingston

Samsung Electronics — the giant multinational that sells 28% of all the smartphones in the world, as well as many other consumer devices — has sent notices to some of its users that their personal information in Samsung’s database has been hacked.

In a statement, the company says the hackers didn’t obtain users’ credit-card or debit-card numbers. But the intrusion did reveal some customers’ names, addresses, birthdates, and the Samsung products they’d registered. As a result, the corporation’s notices recommend that affected users obtain a copy of their credit report from major reporting agencies.

Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).

Space flight is impossible

LEGAL BRIEF

By Max Stul Oppenheimer, Esq.

I read it in the New York Times.

Two cases currently making their way through the federal court system may determine what you will or will not be able to post and see on the Internet.

The states of Missouri and Louisiana have sued President Biden, his former press secretary Psaki, Surgeon General Murthy, HHS Secretary Becerra, National Institute of Allergy and Infectious Diseases (and Chief Medical Advisor to the President) Fauci, Homeland Security Secretary Mayorkas, Director of the Cybersecurity and Infrastructure Security Agency Easterly, and Director Jankowicz of the so-called “Disinformation Governance Board” of the Department of Homeland Security.

The suit is, as would be expected, highly political. Putting aside the specific allegations of the case, it does raise important issues for the control of social media.

Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).

Keeping out the bad applications

ON SECURITY

By Susan Bradley

Both Microsoft and Apple are trying to tackle an ongoing problem that plagues us — keeping our systems secure and protected.

But the vendors are not tackling the problem in the same ways.

Apple has a huge user base of small devices, especially the iPhone, which provide the user with instantaneous access to real-time human interaction. Microsoft, on the other hand, has a huge user base of “traditional devices” (e.g., PCs) that certainly connect to the Internet but don’t involve phone calls, text messages, or anything else — such as FaceTime, the built-in visual medium.

Although the companies share the overall security challenge, their approaches are different.

Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).

The “Intel Processor”

INTEL NEWS

By Will Fastie

For two decades, it’s been confusing to figure out what the name of an Intel processor or an Intel processor family meant.

Now, Intel has thrown a real wrench into the works by announcing the “Intel Processor.”

Funny — I thought that phrase referred to all Intel processors, not a family or a segment. I thought I could just write, “That PC has an Intel processor inside” and then wait for the inevitable question: “Which one?”

No longer, apparently.

Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).

Can you install 22H2 without a Microsoft account?

Can you install Windows 11 22H2 without a Microsoft account?

In a word yes.

There is a new way you have to do it. In the past the way you got around the Microsoft account mandate on a Home computer was to disable the internet connection right before it asked you to set up a Microsoft account. Now there is a new way to get around the mandate.

First off, you can no longer get around turning off the Internet on Windows 11 22H2 home – or at least not in my testing. But don’t worry when it gets to that screen where it asks you for your Microsoft account, don’t say that you need to set up one, rather use a bogus email address. Or rather it’s an email address that really exists but is locked.

Type in no@thankyou.com with ANY password. The system will indicate “that didn’t work” and then let you set up a local account.

Video here showcasing how it’s done

The trick here is that the email address of no@thankyou.com is an account that has been locked and can no longer be logged into.

For Windows 11 22H2 professional, it too allows you to set up a user without a Microsoft account.

In addition, Rufus has been updated to version 3.19 which includes the ability to bypass Windows 11 22H2 Microsoft account mandate during the setup progress. It is a new feature in Rufus 3.19 and later.

Microsoft Endpoint Configuration Manager out of band

What is it? There is an out of band security update for Microsoft Endpoint Configuration Manager. This is a business only tool used to manage computers.

What’s the risk? An attacker could exploit this vulnerability to obtain sensitive information. It’s a spoofing vulnerability.

Does it impact consumers or home users?  No.

Does it impact businesses who only use WSUS or only Intune or even those who have standalone Windows 10 or 11 computers?  No. This is only for those customers running Config manager a separate standalone management tool.

How can you get the patch?  “The update – KB 15498768 – will be listed in the Updates and Servicing node of the Configuration Manager console for customers running Microsoft Endpoint Configuration Manager, versions 2103 – 2207.

Environments using versions of Configuration Manager current branch prior to 2103 are encouraged to update to a later supported version. Administrators can also disable use of automatic and manual client push installation methods to remove the risk of exposure to this issue. Refer to Support for Configuration Manager current branch versions.

Source: CISA alert

MSRC alert

I’ll update the master patch list later tonight, but be aware this out of band is for a narrow band of Microsoft customers.

22H2 for Windows 11 is out

Well it’s official, 22H2 for Windows 11 is out for those who go to “check for updates”.

I’m not sure if 22H2 is out for Windows 10 as well?

What’s new for IT pros link

Reduced package size link

“With this update we’re also taking steps to improve the Windows Update experience. Windows Update is now carbon aware, making it easier for your devices to reduce carbon emissions. When devices are plugged in, turned on, connected to the Internet and regional carbon intensity data is available, Windows Update will schedule installations at specific times of the day when doing so may result in lower carbon emissions because a higher proportion of electricity is coming from lower-carbon sources on the electric grid. We’ve also made some changes to the default power setting for Sleep and Screen off to help reduce carbon emissions when PCs are idle.”

Say what?  How about just making sure that they are bug free will ya?