News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Daily Archives: January 16, 2021

  • Tasks for the weekend – January 16, 2021

    Posted on January 16th, 2021 at 22:06 Comment on the AskWoody Lounge

    YouTube video here

    Included in January’s updates was a fix to Microsoft Defender.  If you use a third party antivirus are you at risk? In a word?  NO.

    As per CVE-2021-1647 – Security Update Guide – Microsoft – Microsoft Defender Remote Code Execution Vulnerability,  systems that have disabled Microsoft Defender are not in an exploitable state.

    Do you need to take any action if you have a third party antivirus?  No.  Do you need to take any action if you use Defender?  No because it’s been automatically fixed.

    To check click on Start, then Settings, then Update and security, Windows Security, Open windows security, Look for the gear, About.  For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.17700.4 or later.

     

  • Zero day Windows 10 bug

    Posted on January 16th, 2021 at 18:48 Comment on the AskWoody Lounge

    Topic: A Zero-day Windows 10 bug corrupts your hard drive on seeing this file’s icon @ AskWoody

    This is one of those … okay let’s be careful out there…. bugs.

    Alex points to a Windows 10 bug that is triggered by merely extract the zip file or look at a folder that contains the malicious shortcut.

    Remember whenever you get something via email that you didn’t expect, don’t open it.  If you are really curious, check out the file or link on www.virustotal.com or www.reverse.it

    Security researcher Jonas L first warned about the bug earlier this week, describing it as a “nasty vulnerability.” Attackers can hide a specially crafted line inside a ZIP file, folder, or even a simple Windows shortcut. All a Windows 10 user needs to do is extract the ZIP file or simply look at a folder that contains a malicious shortcut and it will automatically trigger hard drive corruption.

     

    Edit:  I spotted on Windows 10 NTFS $i30 File Corruption | AttackerKB

    Attackers can remotely exploit this vulnerability to make Windows think a drive is corrupted even though it is not. Successfully resolving this issue will require users to reboot Windows and run a disk check on the corrupted drive, after which Windows will be convinced that the drive is no longer corrupted.

    It’s not really corrupted after all.

  • Security update for Secure Boot DBX can be skipped (KB4535680)

    Posted on January 16th, 2021 at 11:32 Comment on the AskWoody Lounge

    Security update for Secure Boot DBX can be skipped (KB4535680)

    Just a heads up – this  will be in the Plus newsletter later on this weekend but due to the severe impact it had on my Saturday morning for one of my HyperV servers I’m going to post it here as an advanced heads up:  the KB4535680 causes a “double reboot” on machines and for those folks that manage HyperV servers this has a VERY nasty side effect:

    It puts your HyperV machines in “saved” state.  In order to recover I had to reboot the host an additional time – even had to hard reboot it as it was stuck on shutting down the HyperV management services.  Once it rebooted it let me restart the virtual machines but then I had to reboot the VMs to get them back behaving.

    “If you have Windows Defender Credential Guard (Virtual Secure Mode) enabled, your device will restart two times.”

    I don’t have that enabled.  I DO have HyperV.  I’m also recommending that you skip it on consumer machines as well.  If you are in charge of nuclear weopons or state secrets, then maybe install it.  For us mere mortals. it’s a skip.  If you ended up installing it anyway and had no issues, don’t remove the update.  But for us that patch HyperV (servers that host other servers) this one is VERY disruptive.  BornCity has a write up on it as well.