Newsletter Archives

• March Madness patching begins

  Posted on March 8, 2022 at 12:00 CST by Susan Bradley • Comment in the Forums

  While over at Apple they are having a livestream event, Microsoft is releasing their updates. Will Apple release updates today as well?

  Windows 11 gets weather on the left hand side where start menu is in Windows 10.  You know you are getting old when moving the weather icon around annoys you.  While Microsoft said that Windows 11 would only get feature releases once a year, they are dribbling out these task bar changes constantly. Remember the changes that were in preview last time, will be in the Windows 11 updates this month. My advice?  Use Start11 or any of the other classic menu offerings if you are on Windows 11.

  Meanwhile, for those of us on Windows 10, 8.1, 7 and server operating systems, keep an eye out for the security updates releasing today.

  Also be aware that Windows 10 20H2 Home and Pro edition drops out of support on May 10, 2022 and Windows 10 1909 Enterprise and Education drops out on May 10, 2022 as well.

  For those on Linux, look out for “Dirty pipe” a vulnerability that recently came to light and has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022.  A proof of concept has been released.

  As always, pop that popcorn, sit on the sidelines as we weed through the releases and see what side effects will occur.

  I’ll be adding links and resources as the patches and information is released. Of course, full analysis will be in next week’s newsletter.

  Updated info:

  92 vulnerabilities, 2 publicly disclosed, 3 critical

  If you have an on premises Exchange server – once again you want to test and patch as soon as you can.

  Remote Desktop client needs a patch- but it needs a malicious server to trigger the remote control execution.

  Windows 10 2004 and later (only) have a SMBv3 bug and Xbox has a bug unique to it and it alone.

  HEVC video extensions are getting a patch which means if you are one who blocks updates through the Microsoft store, you’ll need to manually update this.

  Gunther Born reports that Remote desktop connection role on Server 2022 is impacted. Note I am not seeing this on Server 2019 or earlier versions.

   

  Security, Windows Patches/Security March 2022 Black Tuesday, Patch Lady Posts

• What can you do?

  Posted on February 27, 2022 at 01:42 CST by Susan Bradley • Comment in the Forums

  Youtube video here

  I’m going to combine a bit of headlines with technology tonight. In watching the news tonight, it saddens me that we can’t all get along. That people tonight are having to fear for their lives and fear for their loved ones.  I know a lot of people that either have relatives, loved ones, technology team members in Ukraine.  So here are some thoughts tonight.

  First for home users and consumers, ensure that your edge device, your router, can’t be used in denial of service attacks. Michael Horowitz always has excellent resources on how to ensure your router is up to date and secured. If you bought your own router, ensure that it’s bios is up to date, your “from remote” password is strong, or better yet, that any remote access isn’t enabled, or is protected by two factor authentication.

  For businesses, do likewise with your firewall. Ensure that these edge devices are secured first and foremost.

  If you get hit by ransomware, know that chances are you are funding unsavory folks. So ensure that you aren’t a victim by having a backup. Always make sure that you can restore your data without having to give money to anyone who doesn’t have your best interests in mind.

  Finally, consider donating to help people who have had to flee their homes. As I’m in my nice warm house, with electricity and technology that I can depend on, it makes me wish and hope that everyone in the world can be as I am tonight. Warm. Safe. With a roof over my head. Here’s hoping that everyone can be content. Someday.

  Security Patch Lady Posts

• Let’s be careful out here

  Posted on February 24, 2022 at 00:06 CST by Susan Bradley • Comment in the Forums

  Tonight as I’m seeing the news, once again our world is in a state of unrest.  Again.  Or still in unrest, depending on your point of view and where you live. For me, there’s a bit of added layer of concern.

  Ask you may be aware, Ukraine and the area around Ukraine has been in the news tonight for traditional attacks (tanks, soldiers, etc). But historically it’s been in the news for cyber style attacks. Often these types of attacks can and do inadvertently impact innocent businesses and individuals.

  Remember Maersk shipping that got hit by ransomware that originally targeted firms in Ukraine?  Cyber attacks don’t stop at borders but can hurt individuals and businesses all over the world.

  Already I’m reading reports of destructive malware that has been targeting businesses in Ukraine. Specifically, “The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboot computer”

  While the CISA site is specifically about warning businesses about the impact of cyber attacks. I want to also give a warning for you, the individuals and small businesses reading this post. Ensure you HAVE A BACKUP. I cannot stress that enough. Ensure that you have an external hard drive, a spare hard drive, a cloud, a …. SOMETHING … that you can use to recover your information.

  As Sargeant Phil Esterhaus used to say “Let’s be careful out there“.  Be extra careful in your clicking and surfing.

  Security Patch Lady Posts

• Closing out January

  Posted on January 28, 2022 at 23:29 CST by Susan Bradley • Comment in the Forums

  
  It’s nearly the end of the month and it’s time to recap and review our computer systems for the month. Updates have been disruptive this month to say the least.

  For those of you that are not Plus members, one of the key items I work on and update several times during the month is the “Master patch list”. In it I recap the updates released during the month and track if you should – or should not – install the updates.  I place the listing on an Excel spreadsheet and also save it in csv, pdf and html formats. For those of you that would like a sneak peak, you can see it here.  Note I’ve opened it up for a sneak peek at the end of the month for your use and review for anyone – plus member or not – given that this has been a rough month.

  For those of you that are Plus members, remember that I update the spreadsheet on a regular basis and post additional notes on this page. (Plus members only)

  Currently we also send out an alert that gets emailed when we change the MS-DEFCON and alert you to patching issues. In addition, there is a twitter account you can follow as well as sign up for text alerts.

  Question for those that follow the twitter account and the blog?  Would you want me to post a new post when I update the Master Patch Listing?  I don’t want to send out an email or an alert as we reserve those actions for the newsletters and the MS-DEFCON alerts, but I can certainly put a note here so that you know when it’s updated. Please let me know in the comment section as to your preferences!

   

   

  Security MS-DEFCON 4, Patch Lady Posts

• January 2022 patch day is here

  Posted on January 11, 2022 at 12:11 CST by Susan Bradley • Comment in the Forums

  It’s that time of the month again for Windows updates where we all pause, ensure we have a GOOD backup of our machines and that we have deferrals in place in the form of “date deferrals”, or “metered”, or all the ways that we can hold back a bit.

  The raw MSRC guide is out, and it looks like this month we have .NET security patches. That means that this month I’ll recommend that you install them rather than being a bit wishy washy as to whether or not to hold back when they don’t contain security content. I know .NET patching is confusing.

  It’s unclear if these updates still trigger a problem with indexing in Outlook desktop.  Outlook searching has never been that great, if I really need an email I will launch outlook on the web and use that search box as well.

  Those of you that run desktop Exchange mail servers – there’s an update out for Exchange. Test and patch accordingly.

  There’s a couple of those “you need to update the store” as there’s a HEVC extension bug. So if you’ve disabled your Microsoft store updating, be aware we have another Store bug this month.

  Already seeing issues with L2TP vpn connections source:  —  KB5009543 – January 11, 2022 Breaks L2TP VPN Connections : sysadmin (reddit.com)  Note this is not consumer vpn software, but business style vpn software.

  Seeing issues with servers stuck in a boot loop   “So it sounds like the monthly Microsoft screw-up is going to be 2012 DCs getting stuck in boot loop?” ” Not just 2012R2’s, we also have a report of a 2019 in the mix.”   Source:  Patch Tuesday Megathread (2022-01-12) : sysadmin (reddit.com) and Patchday: Windows 8.1/Server 2012 R2 Updates (January 11, 2022), boot loop reported | Born’s Tech and Windows World (borncity.com)

  For those of you on Apple devices, by now you should make sure your December updates are installed.

  If you are one of the  “take one for the team” members that do have a backup and do early testing on behalf of the rest of us, as always I ask that you report patching successes as well as failures.

  Edit 1-13-2022 hearing that Microsoft has pulled updates from Windows update/Microsoft update – not sure if WSUS patches have been pulled.

  Security, Windows Security January 2022 Black Tuesday, Patch Lady Posts

• Tip for the weekend – scanning for Log4j vulnerabilities

  Posted on January 9, 2022 at 00:32 CST by Susan Bradley • Comment in the Forums

  Video here

  I wrote about this the other day in the newsletter to check your computer for the Log4j2 vulnerability. So far the good news is that I’ve not seen active attacks in consumer computers, but I have seen vendors taking action to patch their software in business software. Now comes word that the Federal Trade Commission is reaching out to warn vendors to step up and ensure that their software is patched.

  While I don’t see this as an issue for consumers, it’s still a concern for those of us in small businesses, as we don’t have the power to demand stuff from our vendors. For us, it is what it is.

  I’ve found a tool that does a better job of identifying if your system has vulnerable code. It’s from Qualys and can be downloaded here. 

  You download the zip file, extract it. Now open up a command window, right mouse click to run as admin and leave it open. (watch the video for a demonstration)

  Get yourself to where you downloaded the file (this is often the tricky part) and then run the command log4jscanner.exe

  

  Now wait for it to scan your drives. This may take some time. On my laptop it found nothing on the drive. On my machine that I am typing this up from, it found some old files on my spare E drive.  I can remove them with no issues. But on my office computers, it found files on some line of business vendor software that I use.

  So now what? It’s active software so I can’t uninstall it. But keep in mind that the attacker has to get on to your system first, unlike the cloud vendors I don’t have the vulnerable software exposed directly to the web. So they have to get on my system first. And that means to me that they can nail me lots of OTHER ways first. So while I am going to reach out to my vendor, I’m not panicking.  But it is interesting to see how the FTC is getting into the act of pushing our vendors to get better.

  So if you are a small business tech person like me?  Check your computers to see what vendors you need to push.

   

   

  Security, Small Business Computing

• Gravatar data leak

  Posted on December 6, 2021 at 21:50 CST by Susan Bradley

  You may have seen in the news that the site that provides the icons/images for this site and other WordPress based sites has been involved in a breach. But as I read it, it’s not really a breach, but rather sloppy coding.

  Nothing breached. Someone found Gravatar is using sequential id’s with JSON based API, which means they can very easily get your publicly available data. Slightly easier than scraping the page. But nothing has leaked, everything that was/is available came under a notice that Gravatar would make those details publicly available. Nothing has leaked, just perhaps Gravatar shouldn’t have made it so easy to get details.

  That said, take the time during this holiday season to review your passwords and especially stop reusing passwords. One of the best proactive things you can do this holiday season is to make yourself a big mug of hot chocolate, sit down in front of your computer or iPad and review the passwords on ALL of your sites. Ensure that you change passwords to much longer and stronger versions of what you are currently using. Do not reuse passwords over and over again on different web sites, as all it takes is an attacker to gain access to one password in an account and the attacker will attempt to reuse it on other accounts. Even if you don’t reuse passwords over and over again, if you haven’t changed passwords in a while, it’s wise to update and revise them. Next look to see if you can add multi-factor authentication on sensitive accounts such as banking as well as email. Review your options for setting up multi-factor. Often you can set up services to trust a browser you use all the time and to send multi-factor prompts when you – or an attacker – tries to log in from a new location.

  Action items for 2022: Choose better passwords and add multi-factor wherever you can.

  Security Patch Lady Posts

• You are being investigated

  Posted on November 29, 2021 at 21:57 CST by Susan Bradley • Comment in the Forums

  A female friend of my Dad (he’s 93) called tonight and relayed to him that she got a call from someone indicating that she was under investigation and that as part of the process she needed to buy and provide them the codes from gift cards.  The scammers were able to get $1,000 out of her before she finally realized that something was wrong.

  Please warn anyone that you interact with and talk to that NO ONE asks anyone for gift card numbers. No one is calling from the IRS, the Social Security, or any other agency to ask for payment via gift cards.

  Don’t fall for this, and warn anyone you know not to fall for this either.

  Security Patch Lady Posts

• Small business Saturday

  Posted on November 26, 2021 at 14:24 CST by Susan Bradley • Comment in the Forums

  Here at Askwoody.com we’re a small business. So in the United States we have a tradition of supporting local small businesses on “Small Business Saturday”.  So rather than ordering from that smile box retailer, spend your funds tomorrow at a local business!

  What are you doing to support Small Business Saturday in your city or town?

  If you do online shopping this year, follow the guidance from the Australian Cyber Security center has some tips for you. Online shop on a device that is up to date with it’s patches – especially your browser.

  Security Patch Lady Posts

• Thanks to our subscribers

  Posted on November 24, 2021 at 20:15 CST by Susan Bradley • Comment in the Forums

  Ransomware warning – the holiday season is the time for attacks

  As we enter the American Thanksgiving time, everyone at AskWoody would like to wish you a happy and healthy holiday season … unless you are an attacker.

  And if you are an attacker, we wish you clumps in your turkey gravy and coal in your Christmas stocking.

  The Cybersecurity and Infrastructure Security Agency (CISA) reminds us not to let our guard down.

  Just recently Edge added the “Super Duper secure mode” to their stable channel. (I wrote about this a bit back). Always review your settings in your browser to ensure it’s as secure as you can be and when in doubt, don’t click. Sometimes picking up the phone or using an alternative method to get the information you need is wiser.

  For home users, be extra careful of scams. Gift cards are not always the greatest gift to give someone. Just ask my Dad who had to buy his own Ruth’s Chris steak house dinner when the gift card we bought him was already used by someone else. Buy from the stores directly, not from the card hanging up at the aisle in your grocery or convenience store.  Of course, I think a perfect gift idea is a subscription to the AskWoody newsletter, but I’m very biased.

  Stay safe this holiday season and click carefully.

  Security Patch Lady Posts

• Kape Technologies, formerly Crossrider, now owns 4 top VPNs

  Posted on September 27, 2021 at 02:43 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  A holding company with a controversial history — Kape Technologies — announced this month that it had purchased a leading virtual private network, ExpressVPN, adding it to a collection of three other major VPN companies that Kape acquired in 2017 through 2019.

  This concentration of VPN services has raised concerns.

  Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).

  AskWoody Plus Newsletter, Public Defender, Security AskWoody Plus Newsletter, Privacy, Public Defender, Security, VPN

• Firewalls don’t stop dragons

  Posted on August 4, 2021 at 23:47 CDT by Susan Bradley • Comment in the Forums

  Are you familiar with the podcast “Firewalls don’t stop dragons“?

  This week’s episode is about online advertising and about how you are the product.

  Every time you load a web page, your personal data is being shared with thousands of companies. The ad spaces on the page are being auctioned off to the highest bidder in fractions of a second. The Irish Council for Civil Liberties calls this the biggest data breach in history, and is suing the ad tech companies on your behalf to stop this needlessly invasive and dangerous practice. My guest Johnny Ryan will explain how this real-time bidding process works and has insider documentation on the types of extremely personal data that’s being shared in order to target those ads to you.

   

  Have a listen!

  Security Patch Lady Posts
• « Older Entries

  Newer Entries »