Monthly Archives: March 2022

  • Apple pushes updates for 2 new zero days

    watchOS 8.5.1
    This update has no published CVE entries.
    Apple Watch Series 3 and later 31 Mar 2022
    macOS Monterey 12.3.1 macOS Monterey 31 Mar 2022
    iOS 15.4.1 and iPadOS 15.4.1 iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) 31 Mar 2022
    tvOS 15.4.1
    This update has no published CVE entries.
    Apple TV 4K and Apple TV HD 31 Mar 2022


    – CVE-2022-22675 in AppleAVD

    – CVE-2022-22674 in Intel Graphics Driver

    2 zero-days in macOS Monterey 12.3.1

    1 zero-day in iOS and iPadOS 15.4.1

    Apparently actively exploited, used to hack iPhones, iPads and Macs.  It’s unsure if it’s merely targeted attacks or more widespread. Apple AVD is a media decoder file so watch (pun intended) what you are watching on your devices until they are patched.

  • License and registration, please

    newsletter banner

    ISSUE 19.13 • 2022-03-28


    Peter Deegan

    By Peter Deegan

    Knowing exactly which version of Office you have is important, but many people forget or don’t know — because it was installed by someone else, it’s been on their system for years, or their record-keeping leaves something to be desired.

    True story: I recently met someone who swore blind they had bought a “Microsoft subscription.” But my quick check of the machine revealed they had Office 2019, the result of having been misled by a computer salesperson.

    First, I’ll talk about the single-purchase, perpetual-license Microsoft Office, from the latest Office 2021 back to Office 2013. Then I’ll tell you how to find the hidden details for Microsoft 365 subscriptions.

    Read the full story in our Plus Newsletter (19.13.0, 2022-03-28).
    This story also appears in our public Newsletter.

  • Check your defenses


    Susan Bradley

    By Susan Bradley

    On March 21, the US president issued a warning about the possibility of Russian cyberattacks against American businesses, an outgrowth of the conflict with Ukraine.

    As part of the administration’s briefing on the topic, the White House issued a fact sheet, “Act Now to Protect Against Potential Cyberattacks.” The short document contains a list of recommendations, along with the exhortation: “We urge companies to execute the following steps with urgency.”

    Here are some of those recommendations.

    Read the full story in our Plus Newsletter (19.13.0, 2022-03-28).

  • Registry backups: Yea or nay?


    Fred Langa

    By Fred Langa

    Windows has had the ability to separately back up and restore its Registry — the essential internal database of software settings — since Windows 98. But do Registry backups still make sense in the era of Windows 10/11?

    Plus: A subscriber seeks clarification of the difference between a Windows Recovery Disk and the Windows Recovery Environment.

    And: A subscriber asks for help tracking down a long-forgotten family photo that was unexpectedly displayed by the Windows lock screen slideshow!

    Read the full story in our Plus Newsletter (19.13.0, 2022-03-28).

  • WA2L/WinTools — hot-rodding Windows!


    Deanna McElveen

    By Deanna McElveen

    Hot-rod enthusiasts like to have cars with features that the factory models don’t have. Geeks like us like to have computers that can do things that a stock install of Windows doesn’t normally allow.

    The open-source toolbox WA2L/WinTools, by Swiss developer and fellow geek Christian Walther, will give you the ability to customize Windows and make it do way more for you. It won’t let you airbrush flames on the hood or add wheelie bars, but it will let you make Windows work the way you want it to work.

    Read the full story in our Plus Newsletter (19.13.0, 2022-03-28).

  • How Windows feature releases have changed


    Susan Bradley

    By Susan Bradley

    There’s a reason why you don’t see “service pack” updates any longer.

    I am often asked why I recommend 21H2 when there are other releases of Windows still under support. The concern stems from the not unreasonable sense that a feature update is massively disruptive and from the reasonable desire to put off that pain as long as possible.

    But after so many years of updates that represented total swaps of Windows for a new version (remember service packs?), Windows 10 has brought welcome changes.

    Read the full story in our Plus Newsletter (19.13.0, 2022-03-28).

  • The browser is your operating system – patch it!

    Tonight’s topic is …. are you up to date on the platform that is REALLY the one you should be worried about?  Your browser.  No matter what underlying operating system you use, you really need to pay attention to how patched your Browser is.

    With more and more things going to the web, with more and more things going through the web, it’s the browser that is the most important software to keep up to date.  And lately I’ve noticed that the one that gets the zero days most often is Google Chrome.  Don’t use Chrome, you say?  Not so fast. Much of the time the other platforms browsers are built on the Chromium engine and thus (for example) you may be using Brave browser but you still need to be aware of the issues as Brave is built on the Chromium engine.

    So which browsers use Chromium?

    • Chrome obviously.
    • Edge
    • Opera
    • Vivaldi
    • Brave
    • Colibri
    • Epic
    • Iron
    • Among others

    For Chrome you need to be on 99.0.4844.84 to be protected from this zero day bug that has been seen in use in attacks on the web.

    There are not a lot of details about who or what was using the bug but it appears that it was used in targeted attacks.

    While Firefox (and it’s versions) are not impacted, it’s still wise to check and make sure you are fully up to date. At this time you need to be on 98.0.2 for Firefox.

    For all of these browsers you can check if you are up to date by clicking on the help menu or about menu and that usually triggers them to download a new update if they are out of date. Alternatively you can go to their direct download site and download a new version and install over the top.

    For those of you that are Plus members I’ve put the versions or build numbers of the major Browsers on the Master patch listing that you need to be sure you are up to date on.  I’m not sure I’ll be able to keep up with every release of every browser, but for sure when there is a patch like this that is fixing a known in the wild and what appears to me to be a realistic risk of attack, I’ll be sure to flag it and also send out a tweet and a text message if you need to update your browser for known in the wild attacks.

    So remember, tonight or in the morning, launch your browser, click on (typically) the dot dot dot in the menu bar at the top, then on help and about.

    Make sure your browser is fully patched!

  • Should we panic?

    Gordon Kelly is out with a headline regarding to Quit Windows. Once again he has overblown the problem and overestimated the impact.

    First regarding side effects regarding DNS or domain name services, first off it only impacts Server 2019 and then only servers running the DNS server role.  We’re talking a narrow amount of impacted servers here, not BILLIONS.  I am running a Windows 2019 server with the DNS server role and not noting any issues, I use DNS forwarders and I have not seen anyone complain about this widely.  Microsoft has acknowledged the issue and Gordon is using Microsoft’s own transparency about an issue seen by a small subset to beat them up.

    Next the concerns over the local privilege escalation bug.  Unless how this is able to be attacked has changed,  CVE-2021-34484, isn’t easily exploited.  Per an October write up of the bug

    “While this is a critical vulnerability, exploitation would require threat actors to know the username and password of two different users, making an attack very difficult in the wild.”

    Excuse me?

    “Subsequently, vulnerability analysis specialist Will Dormann tested the flaw and found that the attack could not always be successfully completed.”

    Do we need to overinflate patching issues?  Absolutely not.

    Do we need to beat them up over quality of updates, yes.  But that’s true for all vendors including Apple.

    Edit:  As Carl points out in the comments you want to update your Browser today. THAT’S what you should be really worried about. Chrome is fixing a zero day that was under attack, Edge does not (as far as I can tell) have the fix yet.

    Edit 2:  Edge/Brave have the fix for the Chrome zero day as of 3/26/2022.  Make sure you update your browser.

  • Seeing battery drain issues on your iPhone?

    The Apple twitter account is seeing an uptick of folks complaining (**) about the battery drain issue after the latest update to 15.4.

    My Dad and a Co-worker are seeing the issue.

    • Try rebooting.
    • Try letting it sit overnight.
    • Try backing it up and totally restoring it (ugh)(*)

    (*)Or wait until enough of us complain and they send out another update to fix the issue.  You may want to click on settings, general, software updates and if you do NOT have iOS 15.4 turn off auto updates until we see what is going on.

    (**) Seeing it specifically being reported on the newest iPhone models. I’m also seeing reports that it makes the phones run “hot”.

  • Microsoft hacked? What’s OKTA?

    The security buzz today is all about two related events. First off the reports are that source code from Microsoft’s Bing Search engine, Bing Maps and Cortana virtual assistance was obtained and dumped out for all to see.

    First off I typically don’t panic on these “source code” leaks. It doesn’t mean that Bing is now insecure. Rather it just means that like open source software more people can look at it and POTENTIALLY find vulnerabilities.  Doesn’t mean they WILL, just that it’s been exposed to more eyeballs. What is more interesting (concerning?) to me is HOW this group was able to gain access.  I’m more interested in the how of an attack than the what.  “Microsoft is investigating”.  Yeah.  I bet they are.  I feel sorry for the investigation team that now has to comb through log files.

    Next this same group called Lapsus$ out of Brazil was able to obtain access to a support personnel for the OKTA single sign on authentication software for Enterprises is the bigger “oh dear” of the day. Lapsus$ also is the group that has stolen source code from Nivida, Samsung, Ubisoft among others.  OKTA CEO is saying that this event is related to an event in January where an engineer got “popped” and compromised.

    So… while the timing may make you think this is related to yesterday’s White House announcement regarding possible Russian cyber attacks, it doesn’t appear to be a direct cause and effect.

    But that said, in light of yesterday’s statement what should you and I do?

    Well if you weren’t doing this stuff before, it may be already too late… but here’s my list:

    1. BACKUP.  Oh, you aren’t doing this now?  You should have been doing this for YEARS already and be expert at this.
    2. Password review and multi factor where you can.  I don’t want you to run out and immediately change all of your passwords because that would most likely cause you to choose really bad ones as a result. Don’t just change passwords for change sake. But certainly look at those services and sites that are your high risk ones like banking and financial. Is THAT password unique? Passphrase? For banks (that are always the slowest to upgrade to new authentication) can you at least ensure some sort of two factor mechanism? Stop reusing passwords and get a password storing solution (either a paper journal and write them down or a solution like Lastpass, Keypass, etc)
    3. Ensure that March updates are installed at this time (Windows, Apple, ChromeBook) all should be deployed now.
    4. Review if your router was patched in this century (just kidding, but kinda seriously). If you can’t remember the last time your router got a firmware update it may be time to consider a new router?

    As always if you have any questions either post in the comments to this post or head on over to the CyberSecurity for Home users forum.

    Needless to say we will be discussing these topics and more in the AskWoody Newsletter.

    P.S. Black Hills Information security will be doing a webcast on Youtube  at 4:30 p.m. eastern time (now)

  • MS-DEFCON 4: March madness? Mostly quiet

    alert banner

    ISSUE 19.12.1 • 2022-03-22


    By Susan Bradley

    For the majority of computer users, it’s time to get the updates rolled out.

    I’m tracking some issues this month, but not so many as for a typical March. Thus I’m lowering the MS-DEFCON level to 4.

    An unusual occurrence is a problem with a Windows 8.1 update.

    Anyone can read the full AskWoody Plus Alert 19.12.1 (2022-03-22).

  • Master Patch List as of March 22, 2022

    We have yet to see the preview releases for Windows 11 either last week or this week (I’m guessing they may be coming out tomorrow?), but I’ve published the updates to the Master Patch List tonight as of March 22, 2022 and we’re getting ready to send out the alert tomorrow regarding the Patch status for March.

    Thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    If Microsoft does release the preview updates for Windows 11, I’ll update the Master Patch List but remember, I don’t recommend installing preview releases.