News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: November 17, 2020

  • Security shouldn’t be political

    Posted on November 17th, 2020 at 23:40 Susan Bradley Comment on the AskWoody Lounge

    Tonight I heard on the news that President Trump fired Chris Krebs (no relation to Brian Krebs) who was head of the Cybersecurity and Infrastructure Security Agency.  If you aren’t familiar with CISA they send out a ton of good security information – most of which inspires me to write security articles.

    Mr. Krebs first came to government from Microsoft and was instrumental in developing relationships between business and government.

    Given the HUGE HUGE risk we all have from ransomware we need more people like Chris Krebs in government, not less.

    Tonight, we fired that guy.  We need more defenses against ransomware.  We still make it way way too easy for attackers to get us.  Not a day goes by that bleepingcomputer.com doesn’t post up another ransomware nailed yet another business post.  I still see way too many malicious emails wiggle in.  Too many malicious sites.  Too many attacks.  We need more people pushing for solutions, not less.

    We need good people to help us in protecting us against ransomware.  Comments now turned off at this time and apologies for doing so.

     

  • Patch side effects November updates – Domains only

    Posted on November 17th, 2020 at 23:05 Susan Bradley Comment on the AskWoody Lounge
    Hat’s off to EP for spotting these:

    Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC) :

    • Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
    • Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
    • S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.

    The issue ONLY effects those with domains (businesses).  It will not impact peer to peer or standalone computers.  I expect to see more of these fixes for other platforms.

    Spotted another one… https://support.microsoft.com/en-us/help/4594442  November 17, 2020—KB4594442 (OS Build 17763.1579) for 1809 Out-of-band  (uh no that’s not an out of band patch for security the way I define out of band…)
    And more (thanks EP):KB4594441 for Win10 v1607:
    https://support.microsoft.com/help/4594441

    KB4594443 for Win10 v1903 & 1909:
    https://support.microsoft.com/help/4594443/

    KB4594440 for Win10 v2004 & 20H2:
    https://support.microsoft.com/help/4594440/

  • Apple – Big Sur big problem?

    Posted on November 17th, 2020 at 00:18 Susan Bradley Comment on the AskWoody Lounge

    Apple has released Big Sur and already I’m seeing vendors urge you to not upgrade at this time.

    Furthermore I’ve seen several posts about issues bypassing firewalls and VPN protection.

    Just like with windows, don’t be too quick to upgrade without doing your homework.