News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Microsoft is enabling Win10 version 1903 “Tamper Protection”

    Posted on October 15th, 2019 at 07:50 woody Comment on the AskWoody Lounge

    Yesterday, Microsoft program manager Shweta Jha posted an announcement on the Microsoft Tech Community blog, saying that a feature called “Tamper protection” has reached general availability for Win10 version 1903. Permit me to parse that sentence:

    • Tamper protection is a switch that prevents programs from altering Defender security settings. (You may be surprised to know that programs can alter Defender settings.)
    • General availability in this case means that Microsoft will be turning on the switch on updated Win10 version 1903 machines. The precise mechanism for turning it on isn’t described, and we don’t explicitly know which build number will be required, but “We’re currently turning on the feature gradually; some customers will start seeing the setting on their devices.”

    To me, the rollout sounds a whole lot like the remote feature enabling we’ve been warned about in Win10 version 1909, which is due next month.

    At any rate, the feature sounds worthwhile (should I say “long overdue”?) and it’s easy to set manually if you’re so inclined.

    For details, Lawrence Abrams at BleepingComputer has a good rundown.

  • Office 365 ProPlus to get support on Windows 7 after January 14, 2020

    Posted on October 7th, 2019 at 17:25 joep517 Comment on the AskWoody Lounge

    Microsoft has decided to give Office 365 ProPlus users running Windows 7 some grace time after Windows 7 goes out of support on January 14, 2020. Office 365 ProPlus users will continue to get security updates for Office 365 ProPlus until January 2023. According to Microsoft this is to transition to a “support operating system”.

    See Windows 7 end of support and Office 365 ProPlus for details and more information.

  • Patch Lady – 31 days of security

    Posted on October 1st, 2019 at 23:59 Susan Bradley Comment on the AskWoody Lounge

    October is the national cyber security awareness month and I’m kicking off the month by linking to another author.  John Opdenakker posts about why everyone should care about online security.

    Are you making any changes to your online security due to what’s going on?  I know that I’m adding more multi-factor authentication to my accounts.  What about you?

     

  • Patch Lady – we have an “out of band” release

    Posted on September 23rd, 2019 at 14:03 Susan Bradley Comment on the AskWoody Lounge

    https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/

    We get them so rarely these days it probably needs a bit of explanation:

    For those of you that use Windows update, you will get a security patch pushed out to your machine and it will demand a reboot.

    Susan update:  The KBs state that these will not be pushed out via Windows update, but instead come down only if you go to the catalog.  Thus totally BREAKING the definition of “out of band update”.  Geeze Microsoft.

    For those on Windows 10 it will be a cumulative update:

    4522016 for 1903

    4522015 for 1809

    4522014 for 1803

    4522012 for 1709

    4522011 for 1703

    4522009 for RTM of Windows 10

    4522010 for Windows Server 2016

    4522015 for Windows Server 2019

    4522007 for Windows 8.1, Windows 7, Server 2012, Server 2012 R2 it’s a patch JUST for Internet explorer – so both A and B patchers can install it.

    For those of you with WSUS updating rules or quality update deferrals, this will respect those settings.

    Bottom line, there’s a security issue for which Microsoft sees active targeted attacks to their customers and thus they’ve determined it should be pushed out now rather than waiting for the second week of next month to fix it. 

    Bottom line, there’s a security issue for which Microsoft has apparently deemed it an “out of band” but not enough of an “out of band” to be pushed out to automatically update.  Confused?  I am.  Should you install it?  Obviously not given how they are handling this update.

    Updated note:  Per Nick from the patchmanagement.org list, Microsoft has told Enterprise customers that this will be on Windows update and WSUS on Tuesday, September 24 Redmond time (aka the D week release).  So unless you have deferrals in place you will be getting it tomorrow on your Windows 10 machines.  I’ve always been informed that attackers can call a specific program so even though you aren’t using IE, that doesn’t mean it’s not embedded into the software.

     

  • Patch Lady – Avast does…what?

    Posted on August 29th, 2019 at 05:05 Susan Bradley Comment on the AskWoody Lounge

    Spying on HTTPS

    Spotted that post.  Read it.  Now why this appears to be the RIGHT way for the vendor do to this inspection process, it still makes me shudder.  As is pointed out in the post, all it takes for a vulnerability to be introduced into the implementation or some other extension or add in that is nefarious to slither in and get this information and there’s your encrypted info out the door.

    While antivirus can be great as Symantec showcased lately it can also be our worst enemy.

  • Patch Lady – ransomware attacks

    Posted on August 21st, 2019 at 22:42 Susan Bradley Comment on the AskWoody Lounge

    Have you seen the news about all of the small Texas towns hit with ransomware? Bobby Allyn at NPR has a good overview.

    Texas is the latest state to be hit with a cyberattack, with state officials confirming this week that computer systems in 22 municipalities have been infiltrated by hackers demanding a ransom. A mayor of one of those cities said the attackers are asking for $2.5 million to unlock the files.

    Scary, huh!

    So if you are a small business and you use consultants ask them if they use two factor authentication in order to access your resources.  If they say no, tell them to check out Duo.  And it’s free for up to 10 users.

    I had it recommended to me today (and no this isn’t a vendor plug, I’m just pointing out options to small businesses)

    Bottom line have a backup.  Have another one.

  • Patch Lady – we have another Spectre/Meltdown

    Posted on August 6th, 2019 at 21:52 Susan Bradley Comment on the AskWoody Lounge

    So included in the July patches was another Spectre/Meltdown patch that the information about it is just coming out today.  I’m still not convinced that we’ve seen actual attacks using Spectre/Meltdown nor am I convinced that we will see it in the wild.  Rather it’s my opinion that it will be used in targeted attacks but not in widespread ones.  Nevertheless, once again there’s another variant that got patched in the July updates:

     

    08/06/2019 08:21 PM EDT

     

    Original release date: August 6, 2019
    The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems’ memory.

    Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from “speculative execution”—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers.

    CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available:

  • BlueKeep exploitation expected soon

    Posted on July 23rd, 2019 at 02:59 Kirsty Comment on the AskWoody Lounge

    Several hours ago, there was a lot of noise on Twitter about a Github explanation on how to “weaponize” BlueKeep, triggering fears it could soon be widely expolited.

    Dan Goodin‘s article on ArsTechnica.com is fairly succinct:

    BEWARE OF WORMABLE EXPLOITS —
    Chances of destructive BlueKeep exploit rise with new explainer posted online

     
    We’ll be keeping an eye on Kevin Beaumont’s Twitter feed, to see what he posts about it today.

    Are you protected?

     
    UPDATE:
    Kevin Beaumont is also warning about a more imminent threat from BlueKeep