News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: December 3, 2019

  • Patch Lady – Office 365 in the cross hairs

    Posted on December 3rd, 2019 at 19:18 Susan Bradley Comment on the AskWoody Lounge

    Over the Thanksgiving weekend I was migrating the firm over to Office 365 and I’ve been also enabling such things as two factor authentication and conditional access based on location.

    Even with the Microsoft 365 business subscription that I have I found that I needed to bump up and purchase an Azure AD P1  license in order to review and audit the logins.

    Because I’m in the process of setting up multi-factor, already I have seen that there are log in attempts from (yes I had to google that one up) Armenia.  Here’s my absolute bare minimum recommendations for small businesses going to Office 365:

    Make sure you’ve enabled the Multi-factor authentication using the Microsoft authenticator app  (MFA is now free and part of the security defaults feature).  Note that you can set up the authenticator app on multiple devices – handy if you forget your phone at home.  You can also whitelist the static IP of the office so desktop users that don’t roam and only log into their applications locally won’t be hit by two factor.  You absolutely want to run everyone through and set up multifactor authentication and lock down access such that multi factor is mandated.  You want to disable basic (or legacy) authentication.

    You’ll want an Azure P1 license for at least the admin account ($6 per month) so that you can review the log ins.

    And then if you are an Office 365 admin, check out these resources.

    Bottom line, know that yes, they really really really are out to get you.

    P.S.  users should be able to access to review their personal logins.

  • December 2019 Office non-Security updates have been released

    Posted on December 3rd, 2019 at 12:55 PKCano Comment on the AskWoody Lounge

    The December 2019 non-Security Office updates have been released Tuesday, December 3, 2019. They are not included in any DEFCON approval for the November 2019 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and  recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2016
    Update for Microsoft Office 2016 (KB4484170)
    Update for Microsoft Outlook 2016 (KB4484172)
    Update for Skype for Business 2016 (KB4484133)

    There were no non-security listings for Office 2007 (which is out of support), Office 2010, or Office 2013.

    Updates are for the .msi version (persistent). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

  • Where we stand with the November 2019 patches

    Posted on December 3rd, 2019 at 10:28 woody Comment on the AskWoody Lounge

    Sifting through the list of patches and patches-of-patches, we’re in pretty good shape.

    Susan has full patch-by-patch details in her latest AskWoody Plus Newsletter Patch Watch column. If you’re in charge of installing individual patches, that’s the list to watch.

    If you’re looking at the big picture, or working on an individual machine, I have an overview in Computerworld Woody on Windows.

  • Avast snooping gets called out by Firefox

    Posted on December 3rd, 2019 at 07:25 woody Comment on the AskWoody Lounge

    And for good reason.

    Martin Brinkmann reports:

    If you search for Avast or AVG on the official Mozilla Add-ons website, you may notice that no results by these companies are returned. Neither Avast Online Security or SafePrice… are returned by the Store currently even though these extensions exist. It appears that Mozilla removed these extensions from its Store.

    He goes on to quote a security researcher (the creator of AdBlock Plus) who determined two months ago that Avast snoops like crazy:

    The data collected here goes far beyond merely exposing the sites that you visit and your search history. Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier.

    Back in August, @satrow observed:

    They’ve been interfering with browser HTTPS connections for almost 5 years now.

    Seems like the chickens have come home to roost.

    Brinkmann says Avast extensions are still available in Chrome – but I can’t find any.

    (By the by… Avast owns AVG. Avast bought a majority stake in AVG more than three years ago. The products are similar, but not identical. Wouldn’t surprise me a bit if AVG were up to similar shenanigans.)

  • About that nonsense FBI warning about TVs stalking you

    Posted on December 3rd, 2019 at 06:41 woody Comment on the AskWoody Lounge