News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Monthly Archives: June 2021

  • Print Nightmare is going to be a nightmare

    Posted on June 30th, 2021 at 14:38 Comment on the AskWoody Lounge

    This is me. This is me trying to figure out what best to do with a security issue in the news today. CVE-2021-1675 Or rather it’s what I’d like to be doing but I can’t.

    So here’s the deal. There’s a security vulnerability for Print spooler that was patched back on June 8th but the patch didn’t fully fix the issue.  On June 21, the vuln was updated to critical severity as a potential for remote code execution was found. There is now a zero day proof of concept of this issue out on Github and various places.  Specifically the proof of concept is for Windows Server 2019 but as I understand it, it impact more platforms as well.

    Edit:  Turns out this appears to be a new bug and not an unfixed vulnerability. Bottom line it’s still just as bad but now just a regular old zero day instead of a slightly unfixed zero day. And it also works on Windows 11 as well.

    Edit 7-2-2021 Micropatches from 0patch have been released for this issue 

    Action items if you are a consumer and DO print.

    As I’m reading it, this is a big deal on domain controllers – not so much on stand alone computers. This allows attackers to wiggle in via a remote authenticated user and raise the rights of that account.  Since home computers do not have “remote authenticated users”  I’m not freaking out here and recommending that you disable print spooler (yet).  I don’t know about you but I DO print so I cannot disable the print spooler service without severely impacting my productivity. I’ll keep monitoring the situation and update if I see anything where I think consumers/home users/small peer to peer networks should be taking action other than the usual “be careful out here” and watch what you click on. So for now if you run windows and print, take no action, other than to be your normal, careful, slightly paranoid self.

    Action items if you are a consumer and DON’T print.

    Print spooler lately has been a big target. If you know you don’t ever print or print to pdf or anything like that you can proactively click on the search box and type in “services”, scroll down to print spooler, double click and click to change the service to stop and then to disable the startup type. Note you need to be an administrator (or have admin rights) to be able to stop this service.

    Action items if you are a IT pro or MSP.

    Determine if you can follow this post and disable the print spooler service especially on Servers, Domain controllers in particular. You might want to go through server hardening guidance while you are at it.  Bottom line evaluate your risk for this attack and take action accordingly.  Recommendation is to disable the print spooler service on the Domain controllers first. If you are a SMB consultant where your Domain controller is ALSO your Print server there’s no good alternative especially if your folks have to print.

    TrueSec have come out with a workaround that allows you to deny permissions to keep attackers from gaining system rights and leave print spooler service as is.

    And if you are running Mint, Chromebook, Apple, etc. etc.  just try not to look so smug, okay?

  • Windows 11 announced

    Posted on June 28th, 2021 at 02:45 Comment on the AskWoody Lounge
    AskWoody Plus Newsletter Logo
    ISSUE 18.24 • 2021-06-28
    Watch for our special issue on July 5!

    MICROSOFT NEWS

    Will Fastie

    By Will Fastie

    Why this? Why now? And what the heck is going on?

    On June 24, 2021, Microsoft announced Windows 11. I have no idea why. It is surely not for the cobbled-together reasons the company gave during its rather brief briefing on Thursday.

    Windows 11 Bloom Visit our new Windows 11 section in the forums and these topics:
    Questions about Windows 11
    Hardware questions relating to Windows 11

    Read the full story in the AskWoody Plus Newsletter 18.24.0 (2021-06-28).
    This story also appears in the AskWoody Free Newsletter 18.24.F (2021-06-28).

  • You can be like Muhammad Ali – or Alibaba

    Posted on June 28th, 2021 at 02:44 Comment on the AskWoody Lounge

    LEGAL BRIEF

    Max Oppenheimer

    By Max Stul Oppenheimer, Esq.

    What do you think of when you hear “Ali?”

    Muhammad Ali Enterprises wants to be sure that you think of them and the great boxer — and the fine line of ring tones, computer games, sunglasses, and other products they plan to sell under that name.

    Alibaba Group is concerned that this will confuse their billion or so customers and has taken issue — several hundred pages’ worth — with the United States Patent and Trademark Office’s decision to allow Muhammad Ali Enterprises to register the trademark “Ali.” Whoever wins, it’s going to be expensive.

    Read the full story in the AskWoody Plus Newsletter 18.24.0 (2021-06-28).

  • Have a smart home? A company may change your thermostat.

    Posted on June 28th, 2021 at 02:43 Comment on the AskWoody Lounge

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    You may be surprised to learn that installing “smart home” devices could mean that a private company can turn your thermostat up and down — no matter what setting you thought you had entered.

    As parts of the US swelter in a heat wave — Houston hit a blistering 95°F (35°C) on June 19 — area residents reported to local station KHOU-TV that energy companies had remotely raised their thermostats from 74°F to 78°F without their knowledge.

    Read the full story in the AskWoody Plus Newsletter 18.24.0 (2021-06-28).

  • Locked out of his own PC’s Desktop!

    Posted on June 28th, 2021 at 02:42 Comment on the AskWoody Lounge

    LANGALIST

    Fred Langa

    By Fred Langa

    There’s no such thing as a small permissions problem in Windows! When things go wrong, they can go very, very wrong, as today’s first reader-submitted question illustrates.

    In this issue’s second question, a reader wonders whether he should try updating his PC’s firmware (i.e., BIOS/UEFI and similar low-level hardware) via Windows’ Device Manager.

    And in the third, a reader seeks help when his device fails to restart after a power outage.

    Read the full story in the AskWoody Plus Newsletter 18.24.0 (2021-06-28).

  • Microsoft account or local account – which one should you choose?

    Posted on June 28th, 2021 at 02:41 Comment on the AskWoody Lounge

    MICROSOFT

    Lance Whitney

    By Lance Whitney

    Which type of account should you use for your personal Windows 10 computer? That depends on your situation, though there are benefits and drawbacks to each.

    When you set up a Windows 10 PC for personal use, Microsoft makes you select which type of account you want to use to sign in. A Microsoft account will synchronize certain apps and settings across multiple devices and give you access to services beyond Windows. A local account provides an entryway solely to your current PC.

    Read the full story in the AskWoody Plus Newsletter 18.24.0 (2021-06-28).

  • The confusion of .NET

    Posted on June 28th, 2021 at 02:40 Comment on the AskWoody Lounge

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    Recently I’ve noticed that some folks are getting a bit confused about my recommendations regarding .NET updates.

    If you are a regular follower of my Master Patch Lists, you know that I don’t always recommend installing .NET updates right away, in the months they are released. Why? Because I’m trying to encourage the “business-style” of patching, in which you focus only on the offered security updates and skip the non-security fixes. By configuring your systems this way, the automatic patching process approves and installs only the security-related patches, not the quality fixes.

    Read the full story in the AskWoody Plus Newsletter 18.24.0 (2021-06-28).

  • Tasks for the weekend – June 26 – dealing with the Store

    Posted on June 26th, 2021 at 23:19 Comment on the AskWoody Lounge

    Youtube here

    So yesterday and earlier today I had to deal with two computers that spontaneously had an Xbox gaming widget on the system that greyed out the screen. (you can see it in action here)

    Once I rebooted the systems the widget went away and I proactively put a registry key to ensure it didn’t come back. I think, based on reviewing the event logs on both systems, that a Microsoft Store update that got installed yesterday on my home pc and early this morning at the office.

    EventData
    updateTitle 9WZDNCRFJBD8-Microsoft.XboxApp
    updateGuid {69e8be91-65f1-4436-96b8-9025450413d7}

    Remember that there is more that gets updated behind the scenes than just the Windows updates that you visually see. Office 365 click to run silently updates in the background unless you overtly stop the Office updating process. The Microsoft store is another behind the scenes updating process as well.

    If you want to stop/block the Microsoft store, there are ways to do it as well as following PK’s excellent tutorial. Now mind you this is advanced stuff and not for all.  Many a system has been rendered unbootable if removing the apps weren’t done correctly. So I recommend this only for advanced users.

    Bottom line when your computer does weird things, sometimes it’s not you. It’s REALLY not you.

  • WUshowhide is back!

    Posted on June 25th, 2021 at 22:05 Comment on the AskWoody Lounge

    A big thank you to Bruce to providing feedback to Microsoft to get WUshowhide resigned with a SHA-2 certificate. It’s now been reposted to the download site.

    Sure enough it was what we thought….

    Thank you all for your patience. The troubleshooter was initially removed as part of our SHA-1 deprecation, where we removed all content on the DLC which had only SHA-1 signing. We are working to re-sign this with a SHA-2 certificate and verify that it works as expected, and will re-publish. I will follow up again shortly.

    He did and just reposted it tonight.

    http://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab 

    The full URL is there.

     

  • Got a Western Digital My book?

    Posted on June 24th, 2021 at 18:37 Comment on the AskWoody Lounge

    Dan Goodwin on Twitter says:

    Western Digital is advising customers to disconnect their My Book storage devices while the company investigates the mass wiping of data from devices all over the world.
    See more here
  • MS-DEFCON 4: Get those June updates installed

    Posted on June 24th, 2021 at 02:50 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.23.1 • 2021-06-24
    MS-DEFCON 4: Get those June updates installed

    MS-DEFCON 4

    By Susan Bradley

    It’s time to deal with “News and Interests.”

    Consumer and home users

    If you’ve been procrastinating with the June updates so you didn’t have to deal with the new “News and Interests” feature and its side effects, the time has come.

    Microsoft has released KB5003698 to fix issues with blurry images in 1909 for Enterprise. Windows 10 2004/20H2 and 21H1 received KB5003690 to fix the blurry text on the News and Interests button for some screen resolutions. KB5003690 also fixes a problem with search box graphics on the Windows taskbar, which occurs if you right-click the taskbar and turn off News and Interests. This graphics issue is especially visible when using dark mode. If it is a problem for you, install this optional update.

    There are other issues to work out, such as interactions with the desktop if you are using Classic Shell or other menu programs. AskWoody readers have noted cases in which sign in to customize the news selections did not work. If you have problems with the News and interests feature, try setting it to icons only instead of icons and text.

    For Office updates, open up any Office software application, click on File, Account, Office Updates, and enable updates. Then click on Update Now to trigger their installation.

    Business users

    This month’s releases showcase that timing is everything. If you apply updates to workstations before applying them to servers and then attempt to use remote event-log tools, you will find that you cannot access the event logs. As noted by Microsoft, affected apps are using certain legacy Event Logging APIs. Ensure that you apply the updates for both workstations and servers before attempting to use such software.

    References

    Read the full story in the AskWoody Plus Alert 18.23.1 (2021-06-24).

  • 2004’s being pushed?

    Posted on June 24th, 2021 at 00:01 Comment on the AskWoody Lounge

    In the Windows update twitter account they indicate:

    Today we are starting a new rollout phase for Windows 10, version 21H1 using our latest machine learning model to begin the multi-month process to automatically update devices running Windows 10, version 2004, that are approaching end of servicing.

    So. What does that mean? Same old, same old, unfortunately.

    If you have a device on 2004 and do not have the targetreleaseversion in place to keep it on 2004, Microsoft will begin pushing you to 21H1.

    Well first I think they are pushing a little too quickly as 2004 doesn’t age out until December.  Furthermore I still see people struggling to get off of 1909 and on to 2004. So if you have a reason to stay on 2004 – even if that reason is that you are too busy right now to deal with it- make sure you have the targetreleaseversion setting in place otherwise you may find yourself rebooting when you don’t want it.

    I’ll be soon adding the approval of 21H1 to my recommended versions.  Bottom line my recommendation is to use the TRV (aka targetreleaseversion) setting to be the guard rails on your system.  You then get to choose exactly when you want to go through the feature upgrade process. It’s on your time schedule, not Microsoft.

    Will spotted this video the other day… scroll to the 9 minute mark and listen.