• Long file names used in user redirected folders trigger issues

    Michael McElrath reported this yesterday and Born city follows up that after the Excel patch is installed that files with a long path length – meaning that the ending name and location of the file results in a LONG path, an error is reported.

    When he opens an excel file it will open from the desktop but not the redirected folder on a 2019 server.  The error is “The file format and extension of “file.xlsx” don’t match. The file could be corrupted or unsafe. Unless you trust it’s source, don’t open it. Do you want to open it anyway?”

    When he copied the file to other shared locations the issue went away so it looks like it’s a redirected folder issue.

    “If you shorten the file name it goes away.

    Follow up, I copied the file to several other shared locations on the server and it opened fine. It appears to be a User Redirected folder issue.

    Next, I changed the name from ‘longfilenameofexcelfile.xlsx’ to ‘shortname.xlsx’ and it worked fine. ‘shortername.xlsx’ also worked.

    The path is:

    \\Servername\FolderRedirections\username\Documents\Accounting\Banking\longfilenameofexcelfile.xlsx

    The file above it wouldn’t open either until I shorten the name to ‘Loan.xlsx’.

    It appears to be a path length problem.”

    It’s been reported on 2013 but I’d keep an eye out for 2016 as well.

    5002242 8/9/2022 Defer Security Excel 2013
    5002232 8/9/2022 Defer Security Excel 2016

    I am not using folder redirection here and with click to run Excel, I’m not seeing this issue so you may need to test to see if this applies to you.

  • It’s time for those August updates to be deferred

    Annnndddd here we go again….

    It’s Second Tuesday of the Month and Microsoft is releasing their updates:

    Remember first and foremost to always update your browsers so ensure Firefox, Chrome, Brave, Tor, Edge, Safari, whatever you use is up to date.

    Now onto the updates:  https://patchtuesdaydashboard.com/

    21 Critical

    2 already in the wild and exploited

    227 vulnerabilities patched

    The majority are “elevation of privilege” — translation the attackers want to get inside the office.

    I’ll link up more as we know it and in the meantime I’ll keep an eye out for side effects.

    Dustin Child’s zero day write up – https://www.zerodayinitiative.com/blog/2022/8/9/the-august-2022-security-update-review

    Dogwalk Zero day (the OTHER Microsoft support tool bug) got fixed

    There is a “Secure boot patch” I’ll be recommending you defer at least until we know more about it. Impacting all the way back to Windows 8.1.

     

  • The new privacy policy’s here! The new privacy policy’s here!

    newsletter banner

    ISSUE 19.32 • 2022-08-08

    LEGAL BRIEF

    Max Oppenheimer

    By Max Stul Oppenheimer, Esq.

    On July 26, Meta (aka Facebook) changed its privacy policy.

    So this is a good time to ask two questions: what’s in the new policy, and what should you do about it?

    You can find the new privacy policy here. Settle in — it’s enormous.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).
    This story also appears in our public Newsletter.

  • $52 billion for semiconductor giants — but will we get more chips?

    SILICON

    Brian Livingston

    By Brian Livingston

    President Joe Biden recently signed a $52 billion subsidy program for the semiconductor industry, within an overall $280 billion package called the Chips and Science Act, but will we see an easing of today’s maddening chip shortages any time soon?

    The short answer is “no,” but the reasons might surprise you — and you shouldn’t assume we’ll get no bang for our bucks at all.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).

  • Restored desktop computers must work flawlessly

    HARDWARE

    Ben Myers

    By Ben Myers

    Test, test, and test again — just to be on the safe side.

    In my last article, I covered the basic and essential tests needed to assure that a computer was in generally sound operating condition. As the late-night TV pitchman always says: “But wait! There’s more!” More testing, that is.

    There are still electronics that need to be working right for the entire computer to be fully functional. Along the way, you need to do at least a visual inspection to see that all the ports and connectors — in back, in front, and even on top of a computer — are not damaged.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).

  • Can you trust technology?

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    The other day, a reader asked why I use a Lenovo laptop, expressing concern that it was built overseas and contained sensitive technology.

    He noted that the US Department of Defense had recommended that its divisions stop buying technology that included components suspected of containing (or known to contain) spying capabilities.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).

  • After you install updates that impact printers….

    I have several printers at home and several printers at the office.  Some drive me crazy, others are well behaved.  Generally speaking HP drive me crazy, Brother and Lexmark printers are more well behaved.  The big copiers/printers at the office that we lease are Ricohs and once you get the drivers just so most of the time we’ve left them to just do their thing.  But lately Microsoft has been working on security issues with the print spooler code that attackers use to gain access to our networks.  So our nice well behaved printers are now slightly driving us crazy as a result. .

    So, these days after updating, here are some steps I recommend that you review.

    • If you have it set up to be connected via a network connection, that is you have your printer on a wireless or wired connection and it normally is on a specific IP address, click on start, settings, devices, printers and scanners and review your printer setup.
    • First recommendation is to ensure that you have disabled the setting in Windows 10 where it decides what printer you are going to use. Ensure that “Let Windows manage my default printer” is NOT checked. Every time I’ve had this enabled, I end up with the wrong printer in use.

    • Next, I always set up my wired or wireless printers via tcp/ip address.  I will go into the settings and ensure that in settings, printers and scanners, click the printer name, click on manage, click on printer properties and then review the port setting.  Make sure it’s  set for IP address if you’ve set up the devices on the network.  You can determine what IP address by typically printing out a demo printer page from the printer itself. This will tell you what the IP address is. Then review the setting and make sure it’s set for an IP address that your printer has picked up from your router. Newer printers like to pick up a WSD port and I still have issues when I use that protocol.
    • If your printer is connected via USB the process is similar. Go into settings, then click on the printer name, click on manage, printer properties and review the port settings. Ensure that you see it connected to the proper USB port.
    • The next thing I do for any printer I set up is give them a reasonable printer name. So if it’s on my computer, I’ll rename it Susan’s Color printer rather than Lexmark HD-2425. This is especially handy when I have printers  remotely as well as locally and I need to know which one is which.

    Doesn’t everyone have a Barbie doll that is a Computer geek for decoration in their home office?

    If all of that was confusing to you, here is a video showcasing what I mean.

  • Two factor authentication – the old fashioned way

    Today I went to the bank to get something out of a lockbox at my bank. To gain access to the box I used …. what I’m going to describe as…. two factor authentication. I brought my key into the lockbox room; the bank employee had her key to unlock the safe. It took the two keys to open the door to the safety deposit box.  Earlier in the day we had to remember WHERE we had hidden the key for the lockbox in our house. (We finally found it after searching our brains and trying several locations).

    When I was inside the vault, I could tell that several safety deposit boxes had been drilled out as someone had forgotten where the keys were.

    Worse yet is when someone passes away and you don’t realize where all of the documents are stored. It reminded me to remind all of the readers to make sure you write down, document, talk to your heirs, pass along to your loved ones, all of the information that will be needed to get into the sensitive information no matter where it is stored. I have had to help friends who had loved ones reset passwords because they didn’t leave behind information on how to get into their computers and passwords.

    So just like the information in that bank vault, ensure that you protect sensitive information. But make sure that someone else knows how to access that sensitive information should they need to.

  • MS-DEFCON 2: Printing issues, again

    alert banner

    ISSUE 19.31.1 • 2022-08-04
    MS-DEFCON 2

    By Susan Bradley

    This time we’re forewarned, and the problem probably won’t affect many.

    Here we go again. Month after month this year, updates have affected printing in some way, and the side effects have ranged from minor to major (such as printers being completely disabled).

    Fasten your seatbelts anyway, although chances are that many of us won’t notice this side effect at all. In fact, the security fix causing this side effect has actually been installed on our systems for over a year. Starting with the July and August updates, “hardening” is finally being enabled. Still, prudence demands raising the MS-DEFCON level to 2.

    Anyone can read the full MS-DEFCON Alert (19.31.1, 2022-08-04).

  • August 2022 Office non-Security Updates have been released

    The August 2022 Office non-Security updates have been released Tuesday, August 2, 2022. They are not included in the DEFCON-4 approval for the July 2022 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2016
    Update for Microsoft Office 2016 (KB5002248)

    Office 2013
    Update for Microsoft Office 2013 (KB5002250)

    On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support ended for Office 2013 on April 11, 2023.
    Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

    Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday

  • What to do first with Windows 11

    newsletter banner

    ISSUE 19.31 • 2022-08-01

    WINDOWS 11

    Susan Bradley

    By Susan Bradley

    You just decided that the deal at the local computer store was too great to pass up, and you took home a new Windows 11 computer.

    Nevertheless, you’ve heard us complain about menus, taskbars, and other annoyances. Not quite sure what you’ve gotten yourself into? Never fear, it’s still a Windows computer that you can make behave as you like.

    Read the full story in our Plus Newsletter (19.31.0, 2022-08-01).
    This story also appears in our public Newsletter.

  • Amazon releases Ring videos without consent. Should you care?

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    Giant retailer Amazon.com, the parent company of Ring video and audio doorbells and other devices, admits in a letter to a United States senator that it sometimes releases recorded files to law-enforcement agencies without a court-ordered warrant or the consent of the recording’s owner.

    In response to a request for information from Sen. Edward Markey (Democrat of Massachusetts), Amazon vice president for public policy Brian Huseman revealed: “Ring has provided videos to law enforcement in response to an emergency request only 11 times” in the first half of 2022.

    Read the full story in our Plus Newsletter (19.31.0, 2022-08-01).