|
MS-DEFCON 4:
There are isolated problems with current patches, but they are well-known and documented on this site.
|
Blog Archives
-
Easiest way to make it easy for attackers
Posted on November 18th, 2020 at 21:37 Comment on the AskWoody LoungeWe are really bad at picking passwords. Truly we are. I’ve also seen that many folks use the same passwords in many web sites. So attackers only have to get a data dump from one hacked database and then they can try to reuse these passwords in other places.
Do yourself a big favor: Over the holiday season see if you can 1. pick better passwords (passphrases) and 2. see if the site allows you to add two factor authentication.
-
Security shouldn’t be political
Posted on November 17th, 2020 at 23:40 Comment on the AskWoody LoungeTonight I heard on the news that President Trump fired Chris Krebs (no relation to Brian Krebs) who was head of the Cybersecurity and Infrastructure Security Agency. If you aren’t familiar with CISA they send out a ton of good security information – most of which inspires me to write security articles.
Mr. Krebs first came to government from Microsoft and was instrumental in developing relationships between business and government.
Given the HUGE HUGE risk we all have from ransomware we need more people like Chris Krebs in government, not less.
Then there's #Ransomware – we’re focused on ramping up a national strategic effort to combat this global scourge. We MUST improve defenses, break the business model, and take the bad guys out of the game. This is the most visible, disruptive cyber threat as I see it right now.
— Chris Krebs #Protect2020 (@CISAKrebs) November 16, 2020
Tonight, we fired that guy. We need more defenses against ransomware. We still make it way way too easy for attackers to get us. Not a day goes by that bleepingcomputer.com doesn’t post up another ransomware nailed yet another business post. I still see way too many malicious emails wiggle in. Too many malicious sites. Too many attacks. We need more people pushing for solutions, not less.
We need good people to help us in protecting us against ransomware. Comments now turned off at this time and apologies for doing so.
-
Patch side effects November updates – Domains only
Posted on November 17th, 2020 at 23:05 Comment on the AskWoody LoungeHat’s off to EP for spotting these:Addresses issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update. The following issues might occur on writable and read-only domain controllers (DC) :
- Kerberos service tickets and ticket-granting tickets (TGT) might not renew for non-Windows Kerberos clients when PerformTicketSignature is set to 1 (the default).
- Service for User (S4U) scenarios, such as scheduled tasks, clustering, and services for line-of-business applications, might fail for all clients when PerformTicketSignature is set to 0.
- S4UProxy delegation fails during ticket referral in cross-domain scenarios if DCs in intermediate domains are inconsistently updated and PerformTicketSignature is set to 1.
The issue ONLY effects those with domains (businesses). It will not impact peer to peer or standalone computers. I expect to see more of these fixes for other platforms.
Spotted another one… https://support.microsoft.com/en-us/help/4594442 November 17, 2020—KB4594442 (OS Build 17763.1579) for 1809 Out-of-band (uh no that’s not an out of band patch for security the way I define out of band…)And more (thanks EP):KB4594441 for Win10 v1607:
https://support.microsoft.com/help/4594441KB4594443 for Win10 v1903 & 1909:
https://support.microsoft.com/help/4594443/KB4594440 for Win10 v2004 & 20H2:
https://support.microsoft.com/help/4594440/ -
Patch Lady – make sure you are protected
Posted on October 28th, 2020 at 21:14 Comment on the AskWoody LoungeTo specifically target hospitals and healthcare with ransomware is pure evil.
Brian Krebs reports that the “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” Earlier today a webcast was also talking about this risk.
I’ve installed the October patches.
I’ve checked to make sure backups are working (and not backing up to a drive that is accessible by the user making the backup – look to your backup vendor/ask them if their solution does this).
I’ve made sure that my email has spam filters and email hygiene turned on.
I’ve repositioned my tinfoil hat so my paranoia is turned full on.
If you work for healthcare or know of someone in healthcare reach out to them and warn them that they are being targeted by cyber attackers and be extra careful.
-
Patch Lady – saying goodbye to Flash
Posted on October 27th, 2020 at 18:15 Comment on the AskWoody Loungehttps://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
Saying unofficial goodbye to Flash. Note this is on the catalog site at this time so that folks can be testing the removal process. Those behind Windows update will get this later (Decemberish) those on WSUS will get it in 2021.
-
Patch Lady – kind reminder to NOT CLICK
Posted on October 2nd, 2020 at 15:19 Comment on the AskWoody Lounge
-
Patch Lady – make sure your domain controllers are patched
Posted on September 24th, 2020 at 11:06 Comment on the AskWoody LoungeMicrosoft is seeing active attacks for the “Zerologon” exploit that could take over a domain. Note this is not important for home users, only domain controllers in a domain. If you have not installed the August updates (or September) on your Domain controllers you need to do so as soon as possible.
Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.
— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020
-
Get a password-protected ZIP file attachment? Just say “Emotet”
Posted on September 23rd, 2020 at 15:48 Comment on the AskWoody LoungeOf course you know that you shouldn’t open file attachments sent via email, without independently verifying with the sender that it’s legit.
And even then, you should think twice.
It looks like Emotet, the malware that delivers TrickBot and Qbot data-stealing software, is on the rise once again. Emotet first appeared in 2014, bounced around for a while, went into hibernation, then returned with a vengeance in 2019. It basically disappeared in February, 2020, but it’s now riding high.
You’re most likely to get infected if you open infected Word files or, increasingly, password-protected ZIPs. Per Catalin Cimpanu at ZDNet:
The Emotet gang operates an email spam infrastructure that it uses to infect end-users with the Emotet trojan. It then uses this initial foothold to deploy other malware, either for its own interest (such as deploying a banking trojan module) or for other cybercrime groups who rent access to infected hosts (such as ransomware gangs, other malware operators such as Trickbot, etc.).
The latest from Cimpanu:
The Emotet crew was hoping for a quick return to full capacity, but its comeback was spoiled and delayed for almost a month by a vigilante who kept hacking into Emotet’s infrastructure and replacing its malware with animated GIFs.
Many times, and especially in large corporate environments, an Emotet infection can turn into a ransomware attack within hours.
Be careful out there. And never, never, never click on an attachment unless you independently confirm with the sender that it’s safe.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Recent Replies
access-mdb on Transferring photos from Google Photos to OneDrive
30 minutes agoChris B on How old is your router?
45 minutes agoPKCano on Standalone installer script for Windows 7 ESU, regardless the license
53 minutes agoanonymous on Standalone installer script for Windows 7 ESU, regardless the license
55 minutes agoScotchJohn on Wi-Fi Calling Limits
59 minutes agodoriel on Windows 10 Quick Assist: Fast, simple, and free
2 hours, 17 minutes agoberniec on Why didn’t my task happen?
2 hours, 19 minutes ago- 3 hours, 17 minutes ago
Alex5723 on Warning: Win10 20H2 lsass.exe has an issue
3 hours, 19 minutes agoSinclair on How old is your router?
3 hours, 20 minutes ago- 3 hours, 21 minutes ago
- 3 hours, 27 minutes ago
- 5 hours, 16 minutes ago
Kirsty on What’s WassMedic Agent?
6 hours, 42 minutes agoPaul T on What’s WassMedic Agent?
6 hours, 42 minutes ago- 6 hours, 49 minutes ago
- 6 hours, 54 minutes ago
- 6 hours, 59 minutes ago
- 7 hours, 16 minutes ago
- 7 hours, 19 minutes ago
Ascaris on How old is your router?
7 hours, 24 minutes agokrism on windowsre ptn added between Win10 and Win8.1 by 20H2
7 hours, 24 minutes agoNathan Parker on “No Shave November” Through Photoshop
7 hours, 34 minutes ago- 7 hours, 38 minutes ago
- 7 hours, 40 minutes ago
- 7 hours, 45 minutes ago
- 7 hours, 49 minutes ago
Matador on Updates jitters in Windows 10 Home!
7 hours, 50 minutes agoECWS on New to Windows 10
7 hours, 51 minutes ago- 7 hours, 56 minutes ago