News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • If you have an MSDN account, you can download a clean copy of Win10 1903

    Posted on April 18th, 2019 at 16:18 woody Comment on the AskWoody Lounge

    Unlike my jury-rigged version (see the next post), this one installs clean.

    Per Tero Alhonen, here are the versions that were just posted on MSDN (by subscription only):

    Mary Jo Foley has a detailed explanation on ZDNet.

  • Facebook admits, one hour before the Mueller report press conference, that oh golly “millions” of Instagram users had plain-text passwords exposed

    Posted on April 18th, 2019 at 14:38 woody Comment on the AskWoody Lounge

    Talk about Friday night news dumps…

    Iain Thomson, writing for The Reg, wasn’t distracted by today’s news. Previously, Facebook said that “tens of thousands of Instagram users” had their plain text passwords stored on company servers.

    Now the tech goliath has decided to revise that figure, and, well, let’s just say it massively underestimated that number.

    “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” the amendmentreads today.

    “We now estimate that this issue impacted millions of Instagram users.”

  • Win10 version 1903 shaping up to be a real productivity enhancer

    Posted on April 18th, 2019 at 12:46 woody Comment on the AskWoody Lounge

    I finally got a super-clean copy of Win10 Pro 1903 installed. Local account. No remnants from earlier installs.

    Take a look at the new, improved Start menu. Yes, that’s “Seekers Notes: Hidden Mystery” in the Productivity section.

    Meh.

  • To block the latest zero day, instead of removing Internet Explorer, just short-circuit access to MHT files

    Posted on April 18th, 2019 at 11:26 woody Comment on the AskWoody Lounge

    It’s pretty easy, if you know the tricks.

    Step-by-step details in Computerworld.

  • That Internet Explorer XXE zero day poking through to Edge

    Posted on April 18th, 2019 at 07:51 woody Comment on the AskWoody Lounge

    I’ve been slammed for the past few days, and haven’t kept you folks apprised of the latest Internet Explorer 0day.

    It depends on you opening an infect MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

    It’s a doozy of security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

    When you download files from the internet, they’re marked — the “Mark-Of-The-Web” — to tell programs that special care is required when opening the files. Thus, if you download an infected MHT file, IE will know that it needs to open the MHT file with caution (at “low integrity,” in a sandbox). That severely limits this exploit’s reach.

    There’s a lot of controversy about how bad this XXE hole really is. There have been lots of XXE holes discovered in the past. They’re used to pull files off your machine and send them to the bad guys. Microsoft figured this one isn’t all that bad, in part because of the MOTW mechanism. The folks who discovered this particular hole aren’t so sanguine. They responded to Microsoft’s snub last week by releasing details, proof of concept code, and even a video.

    Yesterday, Mitja Kolsek at 0patch revealed something disconcerting. If you use Edge to download an infected MHT file, Internet Explorer will open it like any other file. Says Kolsek:

    Does Edge not put the mark-of-the-web on downloaded files, or does it do it differently and somehow confuses Internet Explorer? That would be a serious flaw.

    He goes on to explain how Edge changes the permissions on downloaded files and, thus, why IE will open the infected MHT file as if it had no Mark-Of-The-Web.

    All fascinating stuff if you’re into this kind of thing. Ionut Ilascu has a synopsis on BleepingComputer.

    The 0patch company has a quick patch that you can apply, free, if you’re concerned about getting burned. I’m not going to link to it — I don’t want to take responsibility for 3rd-party patches to Windows — but you can find it quite easily if you’re really interested. That said, 0patch is highly regarded, and has made many useful hotfixes for Windows.

    What to do? That’s easy. Don’t open MHT files. And don’t use IE.

    Thx to @Alex5723 and others who have been posting about this problem while I’m off doing other things…..

    Let’s see if I get a definitive answer from this:

    UPDATE: @mkolsek, who published the report yesterday, confirms that reassigning the default handler for MHT files breaks the attack. He tested it. I’ll write this up.