News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: July 15, 2020

  • Massive Twitter hack: Don’t send bitcoin in response to a Twitter request

    Posted on July 15th, 2020 at 17:23 woody Comment on the AskWoody Lounge

    This is happening right now…

    The Twitter accounts of Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber and many more were compromised by persons unknown. They’re sending out tweets that look like this:

    Not sure how Twitter is going to fix it.

    P.S. You can watch the Bitcoin account get larger here. As of 3.30 pm Pacific time, it’s at 12.86030607 bitcoin, which is worth roughly $118,000.

  • Bad Office Click-to-Run (and installed MSI version?) update blamed for Outlook freeze

    Posted on July 15th, 2020 at 12:24 woody Comment on the AskWoody Lounge

    Lots of reports this morning about Outlook freezing on start.

    From an anonymous poster on AskWoody:

    Today when I went to check my email, Outlook would not open; it would load the “Starting Outlook…” splash screen, which would close without opening the Outlook window itself, and the taskbar icon went away. Looking in Reliability History, it states that Outlook has crashed.

    I tried opening in safe mode (it does the exact same process as described above) and restarting the computer to no avail. I even tried the full repair (not the quick one), redownloading and reactivating MS Office 2019, but no go.

    Quintalis on Reddit:

    Outlook immediately crashing on open after patching last night

    Even in safe mode, appcrash. Full online repair no good, rolling back updates, anyone seeing this?

    edit: appcrash, exception code 0xc0000005, re-install no good, rollback no good. We also regedited for sigred mitigation last night, I’m tempted to temporarily undo that and test…

    edit2: temporarily unpatched sigred, tested, not the culprit!

    edit3: Had some copies of Office 2019 C2R lying around, installed version 1808 (Build 10363.20015 Click-to-run) and it’s working. Yay?

    From tenebrousrogue:

    I’ve got a fix, after this hit several of our clients. Performing a rollback fixed it, must be a bad office update. open cmd, run:

    cd “\Program Files\Common Files\microsoft shared\ClickToRun”

    then:

    officec2rclient.exe /update user updatetoversion=16.0.6366.2062

    EDIT: u/peEtr had success as well, with a more recent version (June24th). Change the second command to:

    officec2rclient.exe /update user updatetoversion=16.0.12827.20470

    Additional reports (1, 2, 3)

    UPDATE: From @rpodric

    I assumed the update they were talking about was server side, since I’ve been on the same C2R (Beta) build for a week, but who knows. Nothing should have changed build-wise here. My third attempt running it this morning was successful somehow.

    In the past few minutes, Microsoft has acknowledged the bug, but you’re on your own. “As a workaround, users can utilize Outlook on the web or their mobile clients.” Golly. My PC doesn’t work for email, so I need to whip out my iPad?

    ANOTHER UPDATE: Microsoft says “We’re rolling out a fix for this issue, and we expect the mitigation to reach all customers over the next few hours.” No details about version numbers – or even the method being used to roll out the fix.

    Says Ralph Carothers: “So, by reach them do you mean its going to back door patch them? Because this happened middle of the day to most of the users I’ve had impacted, and I certainly didn’t push out a patch.”

  • FAQ: The Windows DNS Server security hole, CVE-2020-1350, from a “normal” user’s perspective

    Posted on July 15th, 2020 at 05:41 woody Comment on the AskWoody Lounge

    You’re going to see a lot of sand flying about a Windows security hole that was plugged yesterday. Here’s what most people need to know about CVE-2020-1350, also known as SIGRed:

    Q: Do I need to be worried about it?

    A: Unless you’re in charge of a Windows DNS Server, no.

    Q: How do I know if I’m in charge of a Windows DNS Server?

    A: If you had to ask the question, you aren’t.

    Q: If I am in charge of a Windows DNS Server, should I be concerned?

    A: Yes. You need to get the latest Server cumulative update installed.

    Q: What if all of my Windows DNS Servers are internal only?

    A: You need to get patched anyway. It’s likely easier to exploit the hole on a publicly-facing Windows DNS Server, but internal servers aren’t immune. Marcus Hutchins says:

    Can affect Windows Servers that expose DNS externally, or can be triggered by getting a user to visit a malicious website using IE or pre-Chromium Edge… While technically wormable, it seems unlikely. A more likely scenario would be ransomware actors using it to gain a access to the Domain Controller, then pushing ransomware to all network clients.

    Q: Is it really that serious?

    A: Yep, it’s a significant security hole that’s been around for at least 17 years. Several people have remarked that variations on the exploit have existed for a decade. Good advice from @SwiftOnSecurity:

    Microsoft has issued an unusual private push alert to Premier customers under NDA about CVE-2020-1350. Patch or apply workaround now. Note workaround requires DNS service restart do not just hand this to admins. I do NOT trust the registry key workaround. Its effect is not auditable and provable. Apply the patch. Something this big with no signs of current exploit means Microsoft went through in-depth testing to prove it out before telling the world. Apply patch and validate and deploy it now.

    Q: Should we bend over and kiss our cumulative keesters goodbye?

    A. Depends on your keester, I guess. We’ll see an active exploit soon, but not right away. Per Kevin Beaumont:

    I don’t expect a quick turnaround to RCE in public, the discoverers didn’t reach it, it requires time and skill… after every big RCE vulnerability announcement, Twitter becomes ‘this would take 5 minutes to write an exploit for!’ Then rarely anybody writes a public RCE exploit quickly, unless it’s a GET web request. If there’s some degree of skill required, a barrier.

    For 99.9% of you, there’s nothing to be concerned about. For the other 0.1%, it’s showtime.

    There’s a technical description from Sagi Tzadik on the Check Point Research web site.