Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of Paranoia – Day 15

    Posted on October 15th, 2018 at 23:15 Susan Bradley Comment on the AskWoody Lounge

    We’re on the 15th day of our travels through paranoia and on the day that Paul Allen, one of the founders of Microsoft passed away, I’m touching on the next big disruptor that the Microsoft company is increasingly implementing:  That of cloud services.

    Paul Allen and Bill Gates took mainframe computers from locked away in a freezing room only accessible by the few to where nearly everyone has more power in their desktop and laptop than the old mainframes used to have.  The next disruptor is cloud services.  Especially for small firms, my biggest fear for small businesses that rely on cloud computing is that we won’t get solid guidance on how best to secure and deploy cloud services.

    Too often people see cloud services as easy to set up, and they are, but they don’t take the time to think about security.  I have personally seen where users of cloud services will often share credentials to another person without thinking of the risk of sharing credentials.  I’ve seen where consultants can misconfigure settings or – as often seen in big cloud breaches – leave files in cloud locations and not set the file security properly.

    There’s a lot of good things about cloud services.  And then there’s a lot of risks to cloud services.  Always ask and check on how easy it is move FROM a cloud provider, check on the encryption status, check on the backup status.  And these days I’m seeing more and more vendors providing cloud backup solutions to give users more granular options in restoring files saved in the cloud.

    So read those end user license agreements, and ask questions of your vendors before you sign up.

  • Patch Lady – 7 Metadata problems

    Posted on October 15th, 2018 at 12:40 Susan Bradley Comment on the AskWoody Lounge

    Patch Lady here – I patch over the weekend at my firm and normally the 7’s install their patches and go along their merry way.  But not this weekend.

    I came in this morning and none of my 7’s had installed KB3177467, nor have their received their October security update because the October security update depends on the installation of KB3177467.

    Mind you I installed KB3177467 BACK IN NOVEMBER OF 2016.  So it’s already ON my machines.

    Bottom line metadata and patch dependency is totally screwed up on Windows 7 platform and because of that the October security updates detection are screwed up.

  • Microsoft seems to have pulled the October Win7 Monthly Rollup from Windows Update

    Posted on October 15th, 2018 at 08:11 woody Comment on the AskWoody Lounge

    Reliability. That’s what we need.

    If you’re looking for the Win7 Monthly Rollup, using Windows Update, you probably won’t find it.

    Computerworld Woody on Windows.

  • Microsoft posts official fixes for the bad HP keyboard driver bluescreen, and the bad Intel audio driver

    Posted on October 15th, 2018 at 07:32 woody Comment on the AskWoody Lounge

    I don’t know why anybody would trust Microsoft to push drivers onto their machines.

    At least this time they’ve ‘fessed up and provided a couple of fixes. If you can get your machine to boot, that is.

    Computerworld Woody on Windows.

  • Patch Lady – 31 days of Paranoia – Day 14

    Posted on October 15th, 2018 at 00:34 Susan Bradley Comment on the AskWoody Lounge

    If you have a bit of time on your hands, take a stroll through the FBI’s most wanted for Cyber security attacks.  You’ll find Russian hackers targeting our elections as well as one gentleman who

    is allegedly a North Korean computer programmer who is part of a state-sponsored hacking organization responsible for some of the costliest computer intrusions in history, including the cyber attack on Sony Pictures Entertainment, a series of attacks targeting banks across the world that collectively attempted to steal more than one billion dollars, and the WannaCry ransomware attack that affected tens of thousands of computer systems across the globe.

     

    Park was alleged to be a participant in a wide-ranging criminal conspiracy undertaken by a group of hackers employed by a company that was operated by the North Korean government.  The front company – Chosun Expo Joint Venture, also known as Korea Expo Joint Venture – was affiliated with Lab 110, one of the North Korean government’s hacking organizations.  That hacking group is what some private cybersecurity researchers have labeled the “Lazarus Group.”  On June 8, 2018, a federal arrest warrant was issued for Park Jin Hyok in the United States District Court, Central District of California, after he was charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer-related fraud (computer intrusion).

    The NHS was impacted to an estimated 92 million pounds (assuming I have my monetary naming correct).  The disturbing concern of WannaCry was that most were impacted by the ransomware attack due to the fact that they had not installed updates to protect from the Eternal Blue exploit.  The patch was available but many had not yet installed it for various reasons.

    Yet today we are in a position where many are concerned to patch as well.  Vendor drivers were inadvertently pushed out this week causing some to lose audio (1) and blaming patching as the root cause.  This is now the second such driver related issues with this month’s patching (Woody already posted about the first).  This still gets back to a root cause of loss of trust.  If we cannot trust our vendors, we will place ourselves in a position where cyber villains can get to us.

     

    (1)https://answers.microsoft.com/en-us/windows/forum/all/windows-10-audio-stops-working-after-installing/5a541c88-89e1-4bf3-b356-2837d564b109
    Earlier this week, Intel unintentionally released version 9.21.00.3755 of the Intel Smart Sound Technology (ISST) Driver through Windows Update, and inadvertently offered it to a range of devices running Window 10 version 1803 or 1809. If your device contained a compatible audio driver, the new driver overrode it and caused audio to stop working.