Monthly Archives: May 2022
-
Zero day in office – but don’t panic
Microsoft Releases Workaround Guidance for MSDT “Follina”; Vulnerability
05/31/2022 11:11 AM EDT
Original release date: May 31, 2022
Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.
CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.
Here at Askwoody we are a bit more savvy. WE DON’T OPEN THINGS WE AREN’T EXPECTING. That said if you do want to proactively protect yourself ….
Group policy fix – Just disable “Troubleshooting wizards” by GPO see the location here:
Registry fix:
click on the search box, type in cmd
Right mouse click on cmd in the menu bar to RUN AS ADMIN
type in reg delete HKEY_CLASSES_ROOT\ms-msdt /f
Click enter
If you want to restore it back:
This registry key will restore the troubleshooting wizard – link here
Click on the downloads, double click to launch, follow the slightly scary instructions to import the registry key back in.
=================
Update 6/1/2022
Now the URI for Search is being abused.
Once again if you want to proactively protect yourself
Run Command Prompt as Administrator.
Execute the command “reg delete HKEY_CLASSES_ROOT\search-ms /f”
If you want to restore it back, click here
-
Hasleo Windows ISO Downloader — easily get Windows from Microsoft
ISSUE 19.22 • 2022-05-30 FREEWARE SPOTLIGHT
By Deanna McElveen
There was a time when getting your hands on an ISO of Windows to fix your computer meant borrowing one from a friend or visiting pirated software sites.
These days, Microsoft lets you stay on the good side of the Internet neighborhood by allowing you to download copies. You can go through the steps on Microsoft’s website to get Windows, or you can do it the easy way.
Hasleo Software has been around for years, making some of my favorite commercial tools, but they also have a few free ones. Hasleo Windows ISO Downloader is their free, portable program to download Windows 8.1, Windows 10, or Windows 11 straight from Microsoft’s official servers.
Read the full story in our Plus Newsletter (19.22.0, 2022-05-30).
This story also appears in our public Newsletter. -
With its Radeon graphics technology, AMD is a powerhouse
SILICON
By Brian Livingston
At today’s breakneck pace of technological change, the semiconductor industry’s product cycles run faster than a one-legged man at a butt-kicking contest. This month, the scrappy multinational chip company AMD tried to kick some butt by claiming that its newest GPUs (graphics processing units) deliver far better price/performance ratios than Nvidia’s.
The predictable result was a good ol’ pissing match between the two archrivals. But this takes nothing away from the fact that both AMD and Nvidia — as well as the industry’s Old Faithful, Intel — are permanently changing our expectations about how fast our machines can compute for a given fistful of dollars.
Read the full story in our Plus Newsletter (19.22.0, 2022-05-30).
-
Why is email authentication changing?
ON SECURITY
By Susan Bradley
Throughout the lifetime of Internet-based email, we’ve been told over and over that it was dying, or soon to be dead.
Then why are we still on a dead platform? Why aren’t we using some new, whiz-bang thing that was touted as so much better than email? There have been some proposed ideas, but they died off.
I have a rather simple theory: Email comes to you — you don’t have to go find it. And it’s ubiquitous, too. No matter what device you’re using, what vendor it comes from, or what operating system it runs, email works.
Read the full story in our Plus Newsletter (19.22.0, 2022-05-30).
-
Do you use a different browser for…..?
With many things ranging from banks to your local router using web interfaces to log into them, do you…..
Close all other web site tabs when you are managing your router?
Use a different browser that you reserve for highly secure tasks?
Use in private browsing when managing sensitive sites and devices?
Don’t save sensitive passwords in your browser?
What do you do to keep the password of your router a bit more protected?
Your browser brand for doing online banking should be a different browser than what you use for Twitter and other general web activity, which should be a different browser than what you use for managing things on your network.
From Will Dormann on Twitter
-
Ewaste or usable – week 4
Previous posts: Week 1 here, Week 2 here
So this weekend I’ve installed various versions of Linux Mint on the Acer Aspire One. I’ve been sticking to using 32 bit versions and have tried Tricia and then Tina . For Tina I’m trying the XFCE version — the reason? Even Cinnamon Tricia was causing the system to be slow. It IS an old laptop after all.
So I started out downloading RUFUS . If you aren’t aware of what this tool does, it allows you to easily build a bootable flash drive.
You click start and off it goes to install the downloaded ISO to a bootable flash drive.
Once you’ve installed it on a flash drive, then comes the fun part – booting the laptop so that it grabs the operating system from the flash drive rather than the hard drive itself. In the Acer One case, you hit F2, go into the bios and change the boot order to where the usb flash drive is the primary boot device. Boot from the flash drive and then choose Install Linux Mint.
Click install mint and off you go. It will ask you for the wifi password if it’s seen the network card. Installing it is straightforward – you are asked if you want to replace the OS that is on the computer or do a dual boot. In my case I want to replace the OS because regardless if I let this unit go to anyone or ewaste it, I have to have the existing data totally wiped.
Now comes the question – is it usable? Compared to my trusty Thinkpad, it’s slow. I’m trying the XFCE version as it’s meant to use less resources. Once you boot up you have a functional browser (Firefox) and programs like LibreOffice and Thunderbird. Are all of those functional? Absolutely yes.
If you have questions, remember the forums on this site as well as the Linux Mint forums.
What’s the major difference? Well like anytime you make changes from one platform to another, there’s a lot of “I did this here, how do I do that there?”
Case in point? Want to know the IP address of the computer? Instead of the windows version of ipconfig /all it’s ip a in the command window . You do much more command line work in Linux than you do in modern Windows or even Macintosh.
Next up – to find tools to remote into the computer similar to RDP. I always like to have ways to go from one computer to another. Once tool I should be able to use is RealVNC. There is also XRDP (more on this in a later post)
Decision so far? I definitely wouldn’t rely on this for my main computer. I can still protect and defend myself on a Windows computer. But if you have spare time and old hardware, you can certainly entertain yourself for a while!
-
22H2 coming in September?
Microsoft Build, the online event for Microsoft developers is in the bag and there’s public posts hinting at release dates for 22H2.
From a hardware compatibility blog post “Windows 11, version 22H2 based systems may ship with drivers that have achieved compatibility with Windows 11, version 21H2 until Sept 5th, 2022.”
To me that kinda hints to a time table. I’m starting to see some of my fellow geeks indicate that they are just now starting to consider rolling out 11 rather than standardizing on 10. I’m still keeping the firm on 10 even on those workstations that can support 11. Too many people also have computers at home that only support 10 and thus they don’t want a different desktop at home than at the office.
What about you? Are you keeping things the same at home and at the office?
-
MS-DEFCON 4: A mixed bag for May
ISSUE 19.21.1 • 2022-05-24 By Susan Bradley
Good news! Most consumer and home users should be just fine after installing this month’s updates.
I’m not seeing any major, trending issues with patches for the bulk of users, so I’m lowering the MS-DEFCON level to 4.
But there’s a “but”: I’m still seeing some corner-case oddities and just can’t quite put my finger on the root cause. For example, reader Ray G reports:
… after the updates are installed, I still have a black screen and have to wait for about 5 minutes for the desktop to appear.
Anyone can read the full MS-DEFCON Alert (19.21.1, 2022-05-24).
-
Want laptop graphics power specs? They might not be easy to find.
ISSUE 19.21 • 2022-05-23 PUBLIC DEFENDER
By Brian Livingston
Some well-known manufacturers of laptops make it a little hard to discover the power ratings that determine their machines’ LCD display performance, even though graphics-chip suppliers such as Nvidia and AMD order the laptop makers to do so.
One of the suppliers — the graphics-processor giant Nvidia — says about this situation, “We’re requiring OEMs to update their product pages” to reveal a crucial laptop feature known variously as Total Graphics Power (TGP) by Nvidia and Typical Board Power (TBP) by AMD, as I explain.
Read the full story in our Plus Newsletter (19.21.0, 2022-05-23).
This story also appears in our public Newsletter. -
Discover the useful but hidden extras at Office.com
MICROSOFT 365
By Peter Deegan
Microsoft has done a lot of work on the Office.com home page, especially for business and enterprise users.
There’s a lot more available on those pages than first appearances indicate. In fact, some of the most useful features are hiding behind faint, almost hidden, icons.
Office.com is a useful portal to access recent documents saved on OneDrive or SharePoint/Teams across all your Office apps and document types. I’ll first look at the many changes for Business, Enterprise, and Education users, and then I’ll explore some hidden extras for Microsoft 365 Family/Personal.
Read the full story in our Plus Newsletter (19.21.0, 2022-05-23).
-
Solid-state drives — from bespoke to commodity
HARDWARE
By Ben Myers
Solid-state drives (SSDs) have a surprisingly long history, leading up to the types commonly in use today.
It takes some planning and analysis to make best use of them, but significant improvements in speed and reliability over electromechanical hard drives make SSD investments worthwhile.
For this article, let’s stick with name brands such as Crucial, SK hynix, Kioxia, Samsung, SanDisk, and Western Digital — all with comparable performance levels. Note that SK hynix acquired Intel’s SSD business, SanDisk is now a subsidiary of Western Digital, and Kioxia is a spinoff of Toshiba.
Read the full story in our Plus Newsletter (19.21.0, 2022-05-23).
-
Debugging feature-update failures
PATCH WATCH
By Susan Bradley
A long-time reader recently got in touch to mention his difficulty in getting a PC update past Windows 10 version 1909.
Plus member Lee Gruenfeld indicated that he had worked with several Microsoft support agents to get a more contemporary version installed, a process that lasted several months and resulted in continued failure.
Read the full story in our Plus Newsletter (19.21.0, 2022-05-23).