News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Windows 10 more vulnerable – revisited

    Home Forums AskWoody blog Windows 10 more vulnerable – revisited

    Viewing 13 reply threads
    • Author
      Posts
      • #2379168
        Susan Bradley
        Manager

        I asked the other day if Windows 10 was more vulnerable. Turns out we have another problem with Windows 10 – and Windows 11 for that matter. CVE-2021-
        [See the full post at: Windows 10 more vulnerable – revisited]

        Susan Bradley Patch Lady

        6 users thanked author for this post.
      • #2379175
        techweenie
        AskWoody Lounger

        Specifically for business users, there are far better ways to handle system recovery actions than relying on shadow copies.  Critical systems should have nightly bare metal backups.  User profile data should be redirected to a central NAS with it’s own snapshot capability.  Performing system restore on a domain joined PC often breaks domain trust.  While that’s not very difficult to fix, it’s just not necessary to do if your infrastructure is setup right.  It’s been my experience that formatting a computer is significantly faster than trying to troubleshoot major problems 90% of the time.  When your user data is disjoined from the PC, the PC is disposable.

        1 user thanked author for this post.
        • #2379211
          Susan Bradley
          Manager

          The reality of small business, my users want their desktops just so.  I feel that at this time the need for VSS, previous versions, an exact image, is too great.  And the recommendations from Microsoft (as that’s not bleeping computers’s mitigations but Microsoft’s) are too much like what ransomware does to our systems to be considered reasonable for anyone other than Government or other high risk entities.

          Susan Bradley Patch Lady

          1 user thanked author for this post.
      • #2379180
        Microfix
        AskWoody MVP

        From a reported workaround via Bleeping Computer

        Restrict access to the contents of %windir%\system32\config:
        Open Command Prompt or Windows PowerShell as an administrator.

        Run this command:
        icacls %windir%\system32\config\*.* /inheritance:e

        Delete Volume Shadow Copy Service (VSS) shadow copies:

        Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config.

        Create a new System Restore point (if desired).

        followed by the bombshell…

        Users should be aware that removing shadow copies from their systems could impact system and file restore operations, such as restoring data using third-party backup apps.

        So, what 3rd party backup software does this affect using the workaround?

        | Quality over Quantity |
        • #2379184
          EricB
          AskWoody Plus

          Probably any backup software that uses VSS to enable backing up open files.

          • #2379202
            ve2mrx
            AskWoody Plus

            Disabling VSS would cause many backup software to have issues, but that’s not what the workaround does. It “fixes” the permission (possibly to pre-1809 permission) and flushes VSS copies with the bad permission.

            As far as breaking backup software by using the work-around, backup software worked fine before the permission was mis-set…

            Martin

            Updated: the work-around is Microsoft-Official

            • This reply was modified 2 weeks ago by ve2mrx. Reason: Added link to Microsoft CVE page
            2 users thanked author for this post.
        • #2379213
          Susan Bradley
          Manager

          To be clear that’s the official Microsoft mitigation.

          Susan Bradley Patch Lady

      • #2379259
        anonymous
        Guest

        SAM has always been relatively insecure.  It’s one of the reasons why Hirens was so useful.

      • #2379283
        kbecker1213
        AskWoody Plus

        does anyone know the CVE score for this?

      • #2379342
        Alex5723
        AskWoody Plus

        I am not effected by HiveNightmare

        cmd : icacls %windir%\system32\config\sam

        I run a daily VSS schedule.

      • #2379336
        anonymous
        Guest

        Specific instance:  Macrium Reflect uses VSS for its disk/partition cloning and imaging.

        • #2379403
          GreatAndPowerfulTech
          AskWoody Lounger

          Reflect 8 worked using a different technique after I removed shadow copies and restore points. So, it is possible to keep making drive images with VSS disabled, using Macrium Reflect 8.

          GreatAndPowerfulTech

          2 users thanked author for this post.
      • #2379506
        Ricard
        AskWoody Plus

        My question: instead of spending time centering the taskbar and such like, why doesn’t Microsoft poke around and discover – and fix – overlooked problems like this? It may not be flashy, but surely people would respond to a simple description of how an update really does make their computer better by being safer.

        Win 7 Pro, 64-Bit, Group B ESU,Ivy Bridge i3-3110M, 2.4GHz, 4GB, XP Mode VM, WordPerfect
        2 users thanked author for this post.
        • #2379522
          doriel
          AskWoody Lounger

          Microsoft is giant company with many many spare programmers. Its a gargantuan organisation with wise-sounding people in the lead. And those people want round corners, centered menu and othe stuff. From my angle of view, W10 and W11 are good for home users, but for enterprise environment its a disaster.
          They try really hard to make Windows secure and stabel ,but by adding that bloatware and features like “Weather and interest”, they are unwatedly downgrading their so called operating system, aka service.
          Fine tuning Windows 10 so it will become stable, reliable and slim does not seem to be goal of Microsoft.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          PRUSA i3 MK3S+

      • #2379524
        Alex5723
        AskWoody Plus

        Fine tuning Windows 10 so it will become stable, reliable and slim does not seem to be goal of Microsoft.

        Microsoft has stable, reliable, slim, no bloat.. Windows OS. It is called LTSC. There is a workstation version as well. Pity they don’t sell it to home users.

        1 user thanked author for this post.
        • #2379525
          doriel
          AskWoody Lounger

          LSTC is good we use them on 10-15% of our computers and honestly, I cant see why you cant use the version for your notebook at home, for example. Im not aware, that home users cant buy LSTC, but I belive your statement, why would you tell the lie.

          The Long-Term Servicing Channel (LTSC) is designed for Windows 10 devices and use cases where the key requirement is that functionality and features don’t change over time.

          LSTC version

          We use LSTC for kiosk-mode computers, touch panels and so. Bottom line is, that offline computer with Windows 7 can do the same job 😉 But some computers must communicate with ERPs, so we need them on the network. Thats where LSTC comes handy.

          I really dislike the fact, that Windows 10 Pro (upgraded to Enterprise with license key) comes with Candy Crush saga, Solitaire and other bloat preinstalled. And with the cadence that Windows 10 updates comes, my USB image with Windows instalation is obsolete literally two weeks later. If I fine tune my Windows, create image of it and want to deploy that image (PXE, SCCM or USB flash disk, …), I should do that very frequently.
          If I install that USB image or SCCM image to PC, user must go through the process of patching and fixing bugs. Downloading from internet or WSUS, waiting, restarting, .. And sometimes users call, that update broke something.
          I mean this is really poorly designed. Windows is pretty schizofrenic – targeting home users and selling them stuff from Store? Or targeting enterprise ans selling them mothly subscriptions? This “One system fits all” is quite crappy in the end. Its a hybrid, that promises more security and functionality, but at the same time its adding more and more features, thus making the system vulnerable.
          I know Im complaining all the time, but this situation is.. unprecedent and I dislike the amount of attention it requires. Not metioning the betatesting amongst unaware users.

          Cospiracy: The goal is to have all users on the internet so Microsoft can have the control over all. Disagree or not, you are forced to do so (Windows and O365 updates, Cloud PC). How is that safe to connect all PCs to the internet?

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          PRUSA i3 MK3S+

          3 users thanked author for this post.
          • #2379543
            ve2mrx
            AskWoody Plus

            I think what you described ressembles Windows Server 2019… I downloaded a copy to “play” with it, and it is pretty bare. It does, however, use the 1809 core and updates, so their bugs will still affect you.

            Martin

      • #2379549
        MrToad28
        AskWoody Lounger

        Off topic warning to Small Biz folks: A friend tells me hackers got his signature and enough info to attempt to transfer several million $’s from his co’s account to a Chinese bank..fortunately the bank checked and the transfer didn’t go through. My takeaway would be to instruct bank to block & check transfers over a certain amount or to a foreign domiciled entity unless that’s in the regular course of biz.

        1 user thanked author for this post.
      • #2379631
        Susan Bradley
        Manager

        Susan Bradley Patch Lady

        1 user thanked author for this post.
      • #2379665
        Noel Carboni
        AskWoody_MVP

        W/regard to the title of this thread…

        Sometimes it helps to think in extremes.

        Is the latest Win 10, with upwards of 200 processes doing all kinds of things online with hundreds of different servers more or less likely to be compromised than a Win 7 or 8.1 system that’s had many now well-known configuration changes to keep it from contacting, well, virtually anything online? I think the answer’s clear.

        That’s ignoring the fact that these things don’t accomplish quite the same things. The industry wants us to have our calendars and our communications and our purchases all integrated. And our choices to be less ours.

        Anyone can look around and see that their surroundings are becoming richer with programs and information from elsewhere. I dare say a lot smaller percentage of folks today than ever before write any software of any kind for their computers. It’s possible that most folks now only consume what others have made available.

        IMO Win 10 (and other modern fruity OSs) aren’t doing things anywhere near as efficiently as is possible – or as privately as we’d like. Why? Because they want to sell you their new hardware.

        Maybe we’re just in a transition. Maybe things’ll get better. Or maybe they’ll get so much worse we haven’t a prayer of living our lives without intrusion. Losing everything will become just one more thing to deal with. Time after time.

        Fast forward a few decades and imagine generations of folks who will then have grown up being forced to trust their service providers with all aspects of their lives. No one will even flip an eyelash. We oldsters who know “better” will die off soon enough. We’ve already been marginalized as “outdated”. Yet look closely at what the youngsters who “know it all” actually accomplish.

        We’ve come in just 30 short years from Windows Defender being an anti-adware/spyware application to something that jealously protects Microsoft’s ability to do exactly those things, for business gain and – being fair – a few gains to users in capabilities. Or the promises of gains at least.

        -Noel

        2 users thanked author for this post.
        • #2379666
          Noel Carboni
          AskWoody_MVP

          BTW, my Win 10 computer system, on which I’m typing this, which has been online now for just 3 hours and with which I browsed a few web comics sites, listened to Pandora via their website, and interacted with you here, has attempted to communicate with 154 unique different servers online. A whole bunch of servers I never overtly visited have names that include “microsoft”, “msft”, “office”, “edge”, “skype”, “teams”, etc. The way of the future is to create programs of such online promiscuity that there is no way to track or even enumerate all the accesses.

          My small locked down Win 7 system that sits in the corner and hums (and provides me some essential services), by contrast and which has NOT been used for web browsing, but which has been online 24/7 for years, in the past 11 hours has communicated with exactly 13 servers, 12 of which I can attribute specifically to scheduled jobs to do useful things I’ve set up such as download blacklists of servers never to contact, to check if my business website remains online, etc. The one and only server Windows itself contacted was http://www.microsoft.com.

          -Noel

          3 users thanked author for this post.
      • #2379718
        OscarCP
        AskWoody Plus

        Noel Carboni: “Fast forward a few decades and imagine generations of folks who will then have grown up being forced to trust their service providers with all aspects of their lives. No one will even flip an eyelash. We oldsters who know “better” will die off soon enough. We’ve already been marginalized as “outdated”. Yet look closely at what the youngsters who “know it all” actually accomplish.”

        I can imagine that. But I have no need to worry about what others might think or do themselves. Being marginalized and ignored? Well, not really: as long as we do our jobs and perform well, our efforts shall be recognized by those who really count.

        We and each one of us “old ones” should do what is right to do and ignore those who don’t.  One of those “right to do” things is not to use Windows, except in the unlikely case that MS changes its spots for the better. There are other fully functional OS out there, and some are known to respect their users. I stopped years ago using Windows for my actual work, and about a year and a half since I stopped using it altogether. And even so, here I am, with all modern computer capabilities still at my disposal and still doing my job as usual.

        Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Mojave & sometimes, Linux (Mint)

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        Waterfox "Current" and (now and then) Chrome. Intego AV and Malwarebytes.

        • #2379765
          Paul T
          AskWoody MVP

          I stopped years ago using Windows for my actual work, and about a year and a half since I stopped using it altogether

          Contrary to your signature!?

          Not using Windows will not make MS change. Too many users are committed to it, particularly in business, which is where the money is.

          cheers, Paul

          • #2379985
            OscarCP
            AskWoody Plus

            Paul T: Thanks for reminding me to change my signature.

            I am not trying to make MS change; I am trying to simplify my life, a goal that I have pursued for many years on different ways, about many different things that I decided needed simplifying. I am pretty sure doing this is a big part of the secret of living to a ripe old age while keeping most of one’s marbles until one’s very last breath.

            Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Mojave & sometimes, Linux (Mint)

            MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
            Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
            Waterfox "Current" and (now and then) Chrome. Intego AV and Malwarebytes.

            • #2379993
              OscarCP
              AskWoody Plus

              And this is my new signature, which should please Paul T, I hope.

              Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Mojave & sometimes, Linux (Mint)

              MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
              Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
              Waterfox "Current" and (now and then) Chrome. Intego AV and Malwarebytes.

              • #2381084
                Paul T
                AskWoody MVP

                Nope, too long and complex for my taste.  🙂

                cheers, Paul

                1 user thanked author for this post.
      • #2379882
        Stephanie_Sy
        AskWoody Lounger

        If you haven’t updated Windows recently, now would be a good time.

    Viewing 13 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Windows 10 more vulnerable – revisited

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.