News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: May 29, 2019

  • Update: The “wormable” Win XP/Win7 RDP security hole, BlueKeep, still hasn’t been cracked

    Posted on May 29th, 2019 at 14:32 woody Comment on the AskWoody Lounge

    Forgive me for joining the Chicken Little crowd a couple of weeks ago and recommending that all of you folks running

    • Windows XP (including Embedded)
    • Windows Server 2003, Server 2003 Datacenter Edition
    • Windows 7
    • Windows Server 2008, Server 2008 R2

    install the latest patches for the “wormable” RDP security hole. (Kevin Beaumont has taken to calling the security hole “BlueKeep” and it seems the name has caught on.)

    Fortunately, I’m not aware of any problems arising from installing the patches. Unfortunately (???), the pressing need just wasn’t there.

    Why? Ends up that turning BlueKeep into a real exploit is a very difficult job. According to Beaumont:

    I’ve asked every expert I can find about an obvious solution — isn’t it sufficient to simply turn off the Remote Desktop Protocol in the user interface? (In Win7, Start > Control Panel > System and Security > System > Remote Settings, in the System Properties dialog box, click Don’t Allow Connections to This Computer.) That, and/or blocking port 3389 (the port RDP uses by default) should be enough to keep any RDP-related malware at bay. At least, it appears that way to me.

    But I haven’t received a positive response from any of those experts. The ones who know ain’t sayin’. And the ones who probably do know aren’t willing to stick their necks out. It’s hard to fault them: Microsoft hasn’t provided any guidance on the matter, one way or another, so if blocking RDP ends up being insufficient — no matter how logical — there’s a lot of exposure to the person making the recommendation.

    I’ll keep you posted as I hear more, but it looks like the Sky Ain’t Fallin’.

  • Microsoft: Enabling innovation and opportunity on the Intelligent Edge

    Posted on May 29th, 2019 at 14:10 woody Comment on the AskWoody Lounge

    I get hives when I see “Intelligent Edge” capitalized…

    Yesterday Microsoft Corporate VP Nick Parker gave a keynote at Computex in Taipei. It’s a wonderfully jolly pastiche of marketing memes, culminating in this vision of our operating system future (I’m looking at YOU, Windows):

    These new modern PCs and innovative devices the ecosystem will continue to build and bring to market in the future require a modern operating system. An OS  that provides a set of enablers that deliver the foundational experiences customers expect from their devices, and includes a set of delighters that deliver innovative human centric experiences. Enablers include seamless updates – with a modern OS updates are invisibly done in the background; the update experience is deterministic, reliable, and instant with no interruptions! A modern OS, is also secure by default, the state is separated from the operating system; compute is separated from applications; this protects the user from malicious attacks throughout the device lifecycle. Always connected -with a modern OS Wifi, LTE 5G will just work – and users never have to worry about a deadspot. All of a users devices are aware and connected to each other. A modern OS provides sustained performance, from the moment a user picks up their device – everything is ready to go – without having to worry about the next time the PC needs to be charged. These enablers will satisfy customer’s basic needs, but to truly differentiate we must also delight them. A modern OS does this by enabling cloud-connected experiences that use the compute power of the cloud to enhance users experiences on their devices.  These experiences are powered by AI, so a modern OS is aware of what a user is doing tomorrow and helps them get it done, and it enhances applications making them more intelligent. A modern OS is also multi-sense. People can use pen, voice, touch, even gaze – what ever input method a user wants to use works just as well as the keyboard and mouse. Finally, a modern OS provides the ultimate in form factor agility. A modern OS has the right sensor support and posture awareness to enable the breadth of innovative form factors and applications that our partner ecosystem will deliver.

    Brushing aside gaze input, enablers, delighters, an OS that knows what you’re doing tomorrow, and posture awareness — and acknowledging that the human centric stuff is the raison d’être for the mess we’re now in —  I want to ask a serious question.

    How far is ChromeOS from achieving this kind of Nerd Nirvana?