Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – beware of email credential harvesting

    Posted on May 31st, 2018 at 14:21 Susan Bradley Comment on the AskWoody Lounge

    A recent email came into the firm and it was sent from payment@paychex.com with a “wetransfer” file.  Enough red flags that of course I wanted to see what it was attempting to do.

    The email itself wasn’t flagged as malicious, nor the links in the email when I sent them through virustotal.com.  I ended up using reverse.it to determine that it was attempting to harvest email credentials

    All the major email services are there ready to be harvested.

    On the attacker front I have seen and heard of many stories where the attackers harvest email credentials and then gain access to the mail account.  They then set up email forwarding rules and filters so that their malicious activity (possibly money transfers or setting up new credit card accounts) are all automatically forwarded and then deleted out of the email account so that you don’t see the activity going on.  For any email service you use, consider turning on two factor authentication for when you log into a new device, bookmark the location where you can log in to review access.

    In the case of a Microsoft account it’s here:  https://account.live.com/Activity?mkt=en-US&refd=account.microsoft.com&refp=security

    Google I will go here: https://myaccount.google.com/u/2/notifications

    Bottom line –  ask yourself what do you use – especially in authentication –  and if an attacker gained access to it – how would you start digging in to determine when and if they gained access?

  • Microsoft on forced Win10 1803 upgrades: “We are aware of these reports and actively investigating this issue”

    Posted on May 30th, 2018 at 11:51 woody Comment on the AskWoody Lounge

    At least, that’s what Bogdan Popa says Microsoft told him. Reporting on Softpedia, Polpa says:

    Details aren’t yet available, but the company said it’s looking into this to determine what exactly happened. No specifics were provided though.

    “We are aware of these reports and actively investigating this issue,” a Microsoft spokesperson told us.

    ‘Course Microsoft hasn’t exactly been beating down my door, but that’s to be expected. Just as well. I couldn’t tell them anything more than what I’ve already reported.

    Anybody out there have additional insight into this, the first “ooops” forced upgrade to 1803? We’re still behind the Win10 1709 “ooops” upgrade count, which stands at three.

  • Microsoft Patch Alert: Lots of bugs introduced, most fixed, but Win7 is still tied up in NIC knots, and Microsoft hasn’t increased the pay for its 1803 beta testers

    Posted on May 30th, 2018 at 02:28 woody Comment on the AskWoody Lounge

    Lots of activity this month in the wonderful world of wacky Windows patches.

    Computerworld Woody on Windows.

  • Keizer: Windows 10 Pro is a dead end for the enterprise, Gartner says

    Posted on May 29th, 2018 at 23:08 woody Comment on the AskWoody Lounge

    I agree with Gartner about once every two blue moons, but this one’s right on.

    Read Gregg Keizer’s synopsis in Computerworld.

    Enterprise is the only hope for enterprises that want to keep up. The Pro patch cycle is a killa.

  • Patch Lady – reboot your routers

    Posted on May 26th, 2018 at 22:16 Susan Bradley Comment on the AskWoody Lounge

    Just spotted this on the FBI site – https://www.ic3.gov/media/2018/180525.aspx The FBI seized the domain that was holding over 500,000 home routers that were taken over by an attacker as part of a plot (supposedly) to take over power grids.  Most of the routers are located in the Ukraine, but to be safe the FBI is recommended to reboot your home and small business routers to be safe.

    As the page states:

    The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

     

    And while you are logging into your router, check for any firmware updates.  If you are unsure how to reboot your router, unplug the power and replug it back in.

  • Patch Lady – so what about the “B” patchers?

    Posted on May 26th, 2018 at 20:07 Susan Bradley Comment on the AskWoody Lounge

    To those of you out there in Patching land that are “B” patchers – that is you do a more Enterprise patching and only install the Windows 7 security only updates and the IE security updates rather than the cumulative rollup model, (aka https://support.microsoft.com/en-us/help/4103712 ) please note that I have not seen in my personal testing the networking issues referred to in the cumulative update.  I honestly think you will be okay installing the May updates in the “B” fashion.

    Note for those of you that are cumulative update patchers, this issue with the loss of networking is *not* widespread.  Again I really wish that Microsoft would be more forthcoming about which vendor, and even better which network card in question was seen having this issue.  I’m asking around on the patchmanagement.org list but in the meantime, this post hints at Intel as well as this post on Reddit.

    What I would recommend you do, and honestly it’s wise to do these days in general, is to visit the vendor of your computer or the vendor of your network card and update both your bios and network drivers from the vendor’s web site.

    To see if you have intel nics, go into the properties of your network card.  It will typically be Intel or Broadcom but there may be other vendors.

    Again I will stress that I’m not seeing this impact ALL Intel networking cards, I honestly think it’s just certain machines, certain vendors, but I can’t say with 100% certainty it’s X model of computer – which is what I’d really like to do.  Print out these instruction ahead of time… bottom line what you are doing is telling the machine to re-find the drivers.

    To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
    To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
    a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

  • Patch Lady – KB 4103718 and the “third party problem”

    Posted on May 26th, 2018 at 16:59 Susan Bradley Comment on the AskWoody Lounge

    You remember when I posted the other day that KB 4103718 removed the “we’re researching” note from Microsoft?  Well later that day it changed… again.

    Now it says that a “third party driver” is the cause of the loss of networking, yet it doesn’t say which third party driver is at fault.  With my deepest respect to all that work at Microsoft, as I know all of you work hard and care about your customers, but obviously, but come on, stop tip toe-ing around your business partners and remember that you have a responsibility first and foremost to your customers.

    WHAT third party OEM driver?  As knowing that will help all of us patch quicker.  As it is now we’re stuck in this limbo land of not knowing what *exactly* is the trigger and *exactly* what vendor we need to look out for.

    There is an issue with Windows and a third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.

    To locate the network device, launch devmgmt.msc; it may appear under Other Devices.

    To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

    a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

  • Avast says Microsoft to blame for the Win10 1803 upgrade bluescreens and non-sensical boot loop options

    Posted on May 25th, 2018 at 12:53 woody Comment on the AskWoody Lounge

    Avast has released a new version of their antivirus software and, in a carefully worded explanation, take a jab at Microsoft’s botched Win10 1803 installer.

    Computerworld Woody on Windows.