Newsletter Archives

• Where we stand with the September patches

  Posted on September 28, 2020 at 13:21 CDT by woody • Comment in the Forums

  Although the September Win10 version 2004 “optional, non-security, C/D/E Week” patch still hasn’t surfaced, bumps in this month’s patches have been largely worked out.

  Win10 version 2004 is still beset with bugs. Give it another month to mature.

  Details in Computerworld Woody on Windows.

  Windows Patches/Security September 2020 Black Tuesday

• Can you quantify the damage done by bad patches?

  Posted on September 27, 2020 at 17:02 CDT by woody • Comment in the Forums

  I’ve long concentrated on explaining patches’ bugs and how to work around them. I’ve never really tried to quantify how many PCs got hit, or what financial damage the bad patches have caused.

  Some people think that patches in the last 20 years don’t break stuff. Per Daniel Cuthbert:

  In the late 90s and early 2000s, patches used to break stuff so people never did auto-updates. 20 years later, those still think patches break the world (they do, it’s super damn rare) and yet the pro’s outweigh the cons but an entire IT industry still thinks otherwise

  Here’s a request from Mitja Kolsek that asks about damage:

  Twitter friends! I’m looking for recent (past 5 years) real-world cases where an official vendor update broke stuff AND caused considerable damage. Personal experiences as well as proofs of my poor googling skills welcome.

  So, what do you say? Have any patches in the past five years caused you or your company “considerable damage”?

  Office Patches/Security, Windows Patches/Security Damage

• Dear Microsoft, could you make Edge a little more obnoxious?

  Posted on September 25, 2020 at 14:02 CDT by woody • Comment in the Forums

  So I’m sitting here plunking away on one of my production Win10 version 1909 machines, when a new update appears.

  2020-08 Microsoft Edge Update for Windows 10 Version 1909 for x64-based Systems (KB4576754)

  I needed to reboot the system – it had been running for almost two days without a reboot (sarcasm alert) – and when Windows came back up for air, Edge appeared full-screen. I tried clicking lots of things, but it wouldn’t disengage. In the end I navigated through a four-screen “tutorial” that, by default, wanted me to log Edge in to my Microsoft Account and oh-so-helpfully retain Edge surfing information to, you know, make my shopping experiences more tailored.

  When I finally got through unchecking all of the snoop settings, and closed Edge, it showed this on my Taskbar:

  

  And that didn’t go away until I clicked the “X” in the upper right corner.

  It’s entirely possible that Edge is the greatest browser ever – that it’ll make me brighter, more productive and definitely debonair. But it really twists my gizzard when an app takes over my machine and forces me through a series of privacy search-and-destroy questions.

  I’ve been playing with Edge. I think I’ll give it a pass for a while.

  UPDATE: I see that Shawn Brink on Tenforums has a registry hack to keep Windows Update from installing Chredge. Far as I’m concerned, MS can install it — after all, it is their machine (cough) — but I’m not going to use it for a while.

  Windows News Chredge, Edge

• No good deed goes unpunished: Windows XP source code apparently leaked

  Posted on September 25, 2020 at 03:22 CDT by woody • Comment in the Forums

  I’ve heard rumors about this for years, but it looks like the Real McCoy just hit 4chan.

  Dan Thorp-Lancaster at Windows Central has the story:

  Alleged source code for Windows XP leaked online this week. The leak was spread in a thread on the anonymous forum 4chan, which linked to archives of both the alleged Windows XP source code along with source code for other Microsoft products. Notably, the archive includes the Windows NT 3.5 and original Xbox source code dumps that appeared online in May.

  There’s no official confirmation, of course — and lots of reason to be skeptical. Still, folks who know XP at the bit level are impressed.

  Lawrence Abrams at BleepingComputer points to tweets by @RoninDay, who claims:

  I slept at 4 AM yesterday and got up at 8:30 AM. Now its about to be 2 AM and I just discovered a dump. Life comes to you fast, this amazing healthy lifestyle.

  The main concern is that legacy XP code that has found its way into Win7, 8.1 or 10 may be compromised. That seems pretty far-fetched, but still… the sins of the father visited upon the son, and all that.

  Windows News WinXP

• Get a password-protected ZIP file attachment? Just say “Emotet”

  Posted on September 23, 2020 at 15:48 CDT by woody • Comment in the Forums

  Of course you know that you shouldn’t open file attachments sent via email, without independently verifying with the sender that it’s legit.

  And even then, you should think twice.

  It looks like Emotet, the malware that delivers TrickBot and Qbot data-stealing software, is on the rise once again. Emotet first appeared in 2014, bounced around for a while, went into hibernation, then returned with a vengeance in 2019. It basically disappeared in February, 2020, but it’s now riding high.

  You’re most likely to get infected if you open infected Word files or, increasingly, password-protected ZIPs. Per Catalin Cimpanu at ZDNet:

  The Emotet gang operates an email spam infrastructure that it uses to infect end-users with the Emotet trojan. It then uses this initial foothold to deploy other malware, either for its own interest (such as deploying a banking trojan module) or for other cybercrime groups who rent access to infected hosts (such as ransomware gangs, other malware operators such as Trickbot, etc.).

  The latest from Cimpanu:

  The Emotet crew was hoping for a quick return to full capacity, but its comeback was spoiled and delayed for almost a month by a vigilante who kept hacking into Emotet’s infrastructure and replacing its malware with animated GIFs.

  Many times, and especially in large corporate environments, an Emotet infection can turn into a ransomware attack within hours.

  Be careful out there. And never, never, never click on an attachment unless you independently confirm with the sender that it’s safe.

  Windows Security Emotet

• What does “Exploitation less likely” really mean?

  Posted on September 19, 2020 at 16:11 CDT by woody • Comment in the Forums

  All of Microsoft’s separately identified security holes – CVEs in the parlance – are given an “Exploitability Index” level. Microsoft’s official definition looks like this:

  1 – Exploitation More Likely
  Microsoft analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability. Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited. This would make it an attractive target for attackers, and therefore more likely that exploits could be created. As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with a higher priority.

  2 – Exploitation Less Likely
  Microsoft analysis has shown that while exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product. Moreover, Microsoft has not recently observed a trend of this type of vulnerability being actively exploited in the wild. This makes it a less attractive target for attackers. That said, customers who reviewed the security update and determined its applicability within their environment should still treat this as a material update. If they are prioritizing against other highly exploitable vulnerabilities, they could rank this lower in their deployment priority.

  3 – Exploitation Unlikely
  Microsoft analysis shows that successfully functioning exploit code is unlikely to be utilized in real attacks. This means that while it might be possible for exploit code to be released that could trigger the vulnerability and cause abnormal behavior, the full impact of exploitation will be more limited. Moreover, Microsoft has not observed instances of this type of vulnerability being actively exploited in the past. Thus, the actual risk of being exploited from this vulnerability is significantly lower. Therefore, customers who have reviewed the security update to determine its applicability within their environment could prioritize this update below other vulnerabilities within a release.

  There’s a series of tweets that explains the situation in a much more accessible manner:

  Jake Williams

  Yesterday, Microsoft announced there’s a remotely exploitable heap overflow in MS DNS on Server 2012R2 and later. Infosec, how are we not talking about this?!

  SwiftOnSecurity

  Microsoft marking exploitability as “less likely” has significantly impacted deployment efforts and awareness. I wish this rating was more detailed. Risk teams get put in crossfire for justifying emergency patches on vague info. Criticality is made irrelevant by this category.

  I recognize Microsoft is in an impossible position here, I just don’t know what I’m supposed to do when a 1-click global network compromise CVE is tagged “exploitation less likely.”

  Like, does “exploitation less likely” mean it’s so complex you think an attacker can’t figure it out, or that individual exploitation attempts are unlikely to succeed? What if they try 1000x a second across 50 Domain Controllers? If so, how do I detect these attempts?

  Katie Moussouris

  It means that within 2 weeks of the patch release, unless exploit code is released, it is less likely that attackers will use this vulnerability versus others that are more easily exploitable. It’s a bet meant to differentiate between highly reliable exploitation vs less likely.

  It’s because customers were using the criticality rating that indicates the max impact *if exploited*, and leaving highly exploitable lower severity issues unpatched for a Very Unwise Amount of Time.

  And that, to me, is the definitive answer. Thx Clément Notin

  Windows Patches/Security Exploitability Index

• In memoriam

  Posted on September 18, 2020 at 19:20 CDT by woody • Comment in the Forums

  

  Other

• Windows 10 version 20H2 rolling out to the Windows Insider Release Preview Channel

  Posted on September 18, 2020 at 12:23 CDT by woody • Comment in the Forums

  The new version is coming. Expect Win10 version 20H2 to start appearing on forced-out PCs in a couple of weeks.

  In case you haven’t been keeping up on the version numbers, the most recent versions of Win10 are:

  Win10 version 1903
  Win10 version 1909
  Win10 version 2004
  Win10 version 20H2

  Let’s hear it for consistency in naming/branding, and failing to foretell a completely predictable conflict. I guess the new names are better than “Fall in the Northern Hemisphere Conflicted Creators Update” or whatever it was called.

  I still don’t recommend that you move to Win10 version 2004 — still too many bugs, most of which aren’t acknowledged — but I strongly recommend that you download and hold onto a clean, free copy of Win10 version 2004.

  Windows 10 Releases Win10 20H2

• Win10 version 2004 systemwide password “amnesia”

  Posted on September 18, 2020 at 08:13 CDT by woody • Comment in the Forums

  This from WarningU2:

  I’ve made two attempts to update to 2004 without success.  2004 applies fine but I keep getting prompted for passwords to sign into applications, google, facebook, outlook, and others.   It seems the credential manager is not remembering passwords with a local admin account.  It will for a while but the password is getting wiped out.

  If you use a Microsoft account log in, it does remember.  Is this a strategy for MS to force us to use their login method?

  I’ve tried all the suggestions at https://answers.microsoft.com/en-us/windows/forum/all/systemwide-password-amnesia-v2004-build-19041173/232381f8-e2c6-4e8a-b01c-712fceb0e39e to no avail.   I’ve reverted back to 1909.

  From the topic above on the Microsoft community forum that many are having this issue.   Has anyone from the distinguished experts here on this forum experienced the same and found a solution other than removing a local admin account?

  There’s more than 100 replies on that Answers thread.

  Anybody out there have an idea? It seems to be a version 2004-specific problem.

  Windows Security Win10 2004 bugs

• Outlook 365 update bug with iCloud: Changing a contact throws “Your changes cannot be saved” error

  Posted on September 18, 2020 at 04:52 CDT by woody • Comment in the Forums

  I first heard about this from WSsabfish:

  Both my wife and I are having the identical problem on our PC’s running Office 2016 (I have Windows 8.1; she has Windows 10). I believe this problem was caused by an Office update. Both computers have an iCloud account tied to them. When we attempt to change a contact in Outlook, we are greeted with a message stating “Your changes cannot be saved because you do not have permission to modify some or all of the items in this folder. Do you want to save a copy of this item in the default folder for this item?

  Microsoft has acknowledged the bug – in a one-line post to the Microsoft Answers forum:

  A fix is being worked on and ETA by end of week ~9/18.

  I’ve seen the bug reported for Office 2010, Office 2016, and Microsoft (nee Office) 365.

  We’ll see if the fix actually fixes the problem, and how it gets distributed.

  Office Patches/Security September 2020 Black Tuesday

• MS acknowledges blue screen bug when installing the Aug or Sept cumulative update on Win10 version 2004 Lenovo machines

  Posted on September 17, 2020 at 14:29 CDT by woody • Comment in the Forums

  Mayank Parmar at Windows Latest has the rundown on Microsoft’s latest confession:

  In a new support document that was quietly published over the weekend, Microsoft has warned that it has observed a number of other critical errors caused by KB4568831 or newer, which also includes the September 2020 patch…

  The problem appears to have been caused by a compatibility issue between Windows 10’s cumulative update, UEFI settings, and Lenovo’s Vantage app. With a cumulative update, Microsoft made a change that restricts how processes can access PCI device configuration and feature in UEFI could trigger this behaviour, which causes a Blue Screen.

  KB 4568831 is the Win10 version 2004 “optional, non-security, C/D/E Week” preview patch released in late July.

  Yes, the bug’s been around for six weeks. No, it hasn’t been fixed. But there is a manual workaround, discussed in Parmar’s article.

  Tell me again how version 2004 is ready for prime time.

  Windows Patches/Security August 2020 Black Tuesday, September 2020 Black Tuesday

• Keizer: PatchLady: Win10 upgrades aren’t worth the effort, per poll

  Posted on September 17, 2020 at 09:47 CDT by woody • Comment in the Forums

  Gregg Keizer at Computerworld has another look at Susan Bradley’s latest poll.

  A majority of IT administrators polled this summer said that the twice-a-year Windows 10 feature upgrades are not useful – or rarely so – a stunning stance considering how much effort Microsoft puts into building the updates.

  About 58% of nearly 500 business professionals who are responsible for servicing Windows at their workplaces said that Windows 10 feature upgrades – two annually, one each in the spring and fall – were either not useful (24%) or rarely useful (34%)…

  “Microsoft spends the greatest amount of development in releasing these twice-a-year feature releases and … enterprises are not rolling them out fast enough to take advantage of them,” noted Bradley in an email reply to questions.

  If you’re a Plus Member, you can read the full results of the poll in the Plus Newsletter 17.33.0.

  Survey, Windows Patches/Security Patching experience survey, PatchLady
• « Older Entries

  Newer Entries »