Monthly Archives: April 2022
-
Drenched in patches
PATCH WATCH
By Susan Bradley
As is typical for this time of year, Microsoft is releasing a deluge of security patches for our Windows machines.
One threat has already been used in the wild. CVE-2022-24521 is a vulnerability in the Windows Common Log File System Driver and can lead to elevation of privileges on a system. Troubling to me is CVE-2022-26809, which is a potentially wormable remote code vulnerability that could be especially damaging if the attacker gets inside your firewall or network.
Read the full story in our Plus Newsletter (19.16.0, 2022-04-18).
-
Moving away from basic auth
I have a variety of email accounts. Some business, some personal, some purchased strictly to see how the experience of something is like, some because I’ve had them for years. So I still have the first ISP based email I ever had (remember the old phone company of Pacific Bell? I have an old pacbell.net email account)
So over the years I’ve had to move to different email clients and platforms in order to still use them. Over the years I’ve also moved ways that I’ve accessed email. For example I no longer use pop and pst files. I’ve lost too much data over the years to rely on pop anymore. Also because I use email on phones, tablets, devices, as well as computers and laptops I’ve moved to imap. If your mail is hosted on an Exchange server or hosted Exchange server it allows you to get the same email on different devices and in different locations.
If your email is hosted on Godaddy they have moved to Microsoft 365 a few months (years?) ago. Lately they’ve been phasing out basic authentication. So what you’ve had to do to get your email working again is to delete the account out of your email client and walk through setting it back up again.
In my case I use em email software on one particular computer and when you walk through setting it back up again you get prompts to authenticate to Godaddy using modern authentication. So when you put in your name and email address you get the Godaddy log in window and then an approval screen that looks like the image below:
After you’ve set it back up again in the case of godaddy email it no longer connects to pop or imap but rather https://outlook.office365.com/EWS/Exchange.asmx
So while this has been a PAIN to reset up all of these email accounts on various devices – especially since I’ve had to reset passwords on a few accounts that I couldn’t remember the passwords for all of these years – it’s wise to stop using basic authentication. Why? Because attackers can perform brute force techniques more easily on email that only uses basic authentication.
Bottom line, if all of a sudden your email stops working – it may not be your email client – it may be that you need to reset up your account again so it gets the new more secure setup.
-
Master Patch List as of April 12th 2022
Patches came out yesterday. So far not seeing anything major trending … yet. But it’s honestly too early to tell the impact at this time. E
dit 4/14/2022: Seeing some reports of issues with browsers with Norton and ESET antivirus. I’m not seeing issues here with Defender. Based on comments it’s not widespread and thus too early to determine root cause at this time. I’d also make sure your browser is up to date.Edit 4/14/2022 3:21 pacific – check for updated a/v – this appears to have been resolved at least with ESET.
I’ve updated the Master Patch Listing for the releases this month. Note, other than the browsers, I have pause or defer on everything else at this time.
If there is anything I’ve typed in wrong, forgive me, I’m a bit bleary eyed this week as we are almost to the USA tax due date of April 18th. (No, not the 15th, but the 18th). Take pity on your CPA and stop emailing or texting them photos of your tax documents. Not only is it not secure to be sending your sensitive tax data that way, it makes it EXTREMELY hard for us to print out or save the tax documents. The CPA listserve recently had a thread about how to deal with issue and we were all indicating how often this occurs. Remember if you can see that sensitive social security number as you email or text me that document, so can the attacker.
Stay tuned for the details in the newsletter this weekend about the Patching issues and headlines and as always, I’ll keep the Master Patch Listing up to date with the latest.
As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.
-
April patching showers here we go
It’s that time of the month for all computer users to get in the habit of checking their devices.
While “Patch Tuesday” is the big one for Windows users, it’s also wise to check your Apple devices. I know that my iPhone has been offering – but not pushing – the latest updates. They too are doing a “let’s dribble them out and see how well they go” methodology these days.
But back to Microsoft:
Remember this month they push out “Search highlights will roll out to Windows 10 customers over the next several weeks. We are taking a phased and measured approach. ” in Windows 10.
I’ll be adding more links as folks post up analysis. Here at Askwoody we track the side effects and try to weed out what is “corner cases” from those issues that are widespread.
1 publicly disclosed
10 critical
.NET security updates are included in the April 2022 updates for denial of service issues.
Dustin Child’s zero day write up here. Clearly we have a difference between home users and business computers this year with a bug that will provide lateral movement inside a network once they get in. Port 135 is a typical file and printer sharing port – but it not exposed to the outside world. But in an office network, once they get in, ouchie!
-
The Last Langalist
ISSUE 19.15 • 2022-04-11 EDITORIAL
By Will Fastie
Fred’s retiring.
I don’t know where to start, but people keep telling me I should start from the beginning. For me, that was about 30 years ago, when I visited Fred at CMP in search of an editing job after PC Tech Journal unexpectedly shuttered. We knew each other by reputation, of course, but had never met in person — remarkable because we both endured the same, endless trade shows, and most editors knew one another.
He didn’t hire me. I forgive him.
Read the full story in our Plus Newsletter (19.15.0, 2022-04-11).
This story also appears in our public Newsletter. -
Shutdown.exe /f
LANGALIST
By Fred Langa
As this weekly column reaches the end of its 25-year run, it’s a bittersweet moment for me.
But in large part because of you, dear reader, there’s far more sweet than bitter!
Thank you!Read the full story in our Plus Newsletter (19.15.0, 2022-04-11).
This story also appears in our public Newsletter. -
What technology will run your life a few years from now?
SILICON
By Brian Livingston
“My interest is in the future, because I’m going to spend the rest of my life there,” said Charles Kettering, the head of research at General Motors from 1920 to 1947.
I’m sure his statement is true. Time travel into the future isn’t science fiction — we all do it every day at the usual speed. But what kind of a future will it be, and can we head off the worst aspects of it?
Read the full story in our Plus Newsletter (19.15.0, 2022-04-11).
This story also appears in our public Newsletter. -
DockFolders — it’s the pretty things …
FREEWARE SPOTLIGHT
By Deanna McElveen
I would like to start out with an apology to those I have neglected this year. I have been so nerdy with the software, and then I remember that some of you just want pretty things.
No worries! I have what you need! Pretty and useful! DockFolders by Silon Systems is beta freeware (you know I have to be the first to try anything) that creates a gorgeous, curved folder dock/menu on your desktop. The program works on Windows 7, 10, and 11.
Read the full story in our Plus Newsletter (19.15.0, 2022-04-11).
-
Is this the end of the road for Windows 7?
ON SECURITY
By Susan Bradley
Vendors start to draw the line.
Ahh, Windows 7. I remember when you first came out. I remember when people hated — truly hated — your User Account Control (UAC) system that required administrator approval any time they wanted to do something that had been perfectly normal in Windows XP. I remember that UAC was so annoying that Apple lampooned it (more like harpooned it) in several of its famous Mac-versus-PC TV ads.
I went so far as having a cartoon made, urging people to “zip up” their UAC setting rather than disabling it, because I saw both users and administrators removing the UAC prompt entirely. But that represented a lowering of security for Windows 7. I thus urged people not to disable it, despite the annoyance. I told them to zip the slider all the way to the top. Remember the slider?
Read the full story in our Plus Newsletter (19.15.0, 2022-04-11).
-
New Apple forums
We’ve once again expanded the Apple forums with some more categories. Since Apple is making big changes in hardware we’re added a specific venue for hardware. If you are confused about what can – and can’t be done with the new M1 hardware this is the place to ask questions.
Also just like the Windows forum, we’ve now separated the macOS by versions (noting which ones are and are not supported)
Remember to post a new topic, find the category and look for the button for new topic.
This button shows up when you are in a sub forum.
As always you can look in the upper right side where we have shortcuts for the major categories! Let me know what you think!
-
Microsoft’s announcements this week
Q: So Susan, I see that Microsoft held this event this week to make announcements regarding hybrid work, what are your thoughts about what was discussed?
A. Well, it’s like this. While as you can imagine I’m totally excited about the security announcements, but I’m a realist. So I ALWAYS look a these announcements with either my home computer or my small business computing needs in mind. Too many of Microsoft’s security these days are hooked to subscription enterprise licenses so while all of these security announcements sound cool, unless normal users like you can I can take advantage of this, it’s not keeping us secure.
Q. What do you mean?
A: Well take this list: The Windows 11 Security Announcements include Pluton (new security specific chip) SHIPPING, HVCI/VBS (Hypervisor-Protected Code Integrity (HVCI) ) on default ALL CPUs, Credguard default ON, LSASS Protection default ON, EXE signed or rep REQUIRED, Script Blocking from Internet ON, Enhanced Phishing ON, File Layer Encryption with Hello ON. Some of those features I KNOW are only in Enterprise and in E3 or E5 and thus only available for businesses with subscription agreements. So like ” In the future, Credential Guard will be enabled by default for organizations using the Enterprise edition of Windows 11. ” Translation – that’s businesses with enterprise subscription agreements ONLY. You and I won’t be able to get that.
Q. But isn’t security important for Enterprises?
A. Oh, don’t get me wrong, I love security enhancements. It PAINS me every time someone in the forum talks about how they still run Windows XP and they consider it secure (If you still are using it and it’s connected to the Internet and not isolated, it’s honestly not, you can’t install a modern browser on it) or love Windows 7 (I’ll be covering Windows 7 and the future in this week’s newsletter — stay tuned). But it also PAINS me every time something that I feel should be available to all Windows users from home users to small business to big business without restriction. For example “The enhanced phishing detection and protection built into Windows with Microsoft Defender SmartScreen will help protect users from phishing attacks by identifying and alerting users when they are entering their Microsoft credentials into a malicious application or hacked website”. That shouldn’t just be for “Microsoft credentials”. That should be ANY credentials. And it remains to be seen if that’s tied to certain Enterprise only subscription models.
Q. What about this new thing called “Smart app control “that prevents users from running malicious applications on Windows devices that default blocks untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level. Using code signing along with AI, our new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud. Model inference occurs 24 hours a day on the latest threat intelligence that provides trillions of signals. When a new application is run on Windows 11, its core signing and core features are checked against this model, ensuring only known safe applications are allowed to run. This means Windows 11 users can be confident they are using only safe and reliable applications on their new Windows devices. Smart App Control will ship on new devices with Windows 11 installed. Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature. “
A. First off have you tried buying a computer or laptop right now? Most/many of my IT folks are scrambling to buy equipment because of supply chain issues. Next “clean installation of Windows 11” is a heavy burden. Do you know where all of your product keys are? I guarantee there is some older app you probably will have a hard time reinstalling clean. Finally – and again – what license is needed for this? And show me a home user or small business and I GUARANTEE you that I STILL find an application that isn’t code signed. So I’m going to bet that we’re going to have to either whitelist apps or find workarounds. Realistically this only will be helpful in an Office only worker computer – someone that only uses Windows and Office, not a key line of business type of computer.
Q. So these announcements weren’t important?
A. No, I’m not saying that. I’m just saying that I don’t parrot public relations blasts and immediately post about them. That’s not what we’re about here at Askwoody.com I wait until actual software is released, I can test it, I can see if it’s useful (or not) and most importantly to me and I’m sure the readers of Askwoody.com, I wait to see how it’s licensed. If it’s not either default to all users – or reasonably priced – it’s not going to be a realistic security solution to the folks that need help. We’re about what really works here on Askwoody.com, not what isn’t yet released. So the readers of Askwoody.com will get reality, not public relations blasts regurgitation.
Q. You always plan to talk to yourself like this and ask yourself questions?
A. It’s Friday. What can I say. Have a good weekend all. Patch Tuesday is next week, make sure you defer those updates!
-
MS-DEFCON 2: Deferring April
ISSUE 19.14.2 • 2022-04-07 By Susan Bradley
Don’t let April showers rain on your PCs.
I love April. It’s the end of the busy tax season at the office, and it’s spring where I live — the tulips are in bloom. But what I don’t love is updates disrupting my business before the end of the busy season. So I urge you to do what I do at the office: defer those updates.
Anyone can read the full Plus Alert (19.14.2, 2022-04-07).