Replies

[Steve S]

Keyboard should be English QWERTY. How to Confirm?

When I try to type in the password, it is completely blank. Nothing showing up.

No eye to click.

On Screen keyboard act the same as the hardware one. (no characters shown)

 

Opened an Command prompt, typed test (which I can see there), then tried typing in PW area. no text shown whether symbols, letters, or numbers.

EDIT: Problem fixed. The Touch Screen service was off. And this computer is NOT a touch screen. I noticed when I tried to use the sticky pad, no text there. But Please explain Microsoft why a service that seems to have no purpose on a computer that with NO TOUCH SCREEN is needing a touch screen service? Name of the service is : Touch Keyboard and Handwriting Panel Service.

 

 

• This reply was modified 5 years, 8 months ago by Steve S.

Got a couple suggestion for you. First these are easier to do in Control Panel. The best way to get there is to right click This Pc and choice Properties. On the Address Bar Click the arrow by Control Panel then Highlight All Control Panel Items.

Next you will want to click on Administrative Tools. When the Next window opens click on services. Click on name if you want them in order, then scroll down to Background Intelligent Transfer Service. Right Click on this and choice properties. Make the start up type disabled. Then click ok which will bring you back to the main area. Scroll down to Windows Update and disable that as well. The next two services that need disabled are tricker. Windows Update Medic Service and Update Orchestrator Service. If you want to continue on those let me know. Also again in the advanced class is disabling the task.

[Steve S]

You might be missing the question. BlueKeep is a big Deal. Yes I agree you can find it there, but the KB pages you think would also mention it and the Security Updates notes, it definitely should be there. Yes I see this

“The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.”.

But again notice what the security update notes are suppose to be

“For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.”

as big a deal at BlueKeep is IT Should be in the Security update guide. Please find it there.

(as in notes of security patches, not general like you did.)

Also the KB’s mention some CVE, but CVE 2019-0708 is not there.

The point is why is such a Big deal not mentioned where it should be. If a users want to confirm that, yes this does patch BlueKeep, if it is not listed in the KB or the notes, how would they know for sure that, yes this is the right patch?

 

• This reply was modified 5 years, 10 months ago by Steve S.
• This reply was modified 5 years, 10 months ago by Steve S.

I got a question and this might be the best place to put it.

 

First BlueKeep is CVE 2019-0708

https://en.wikipedia.org/wiki/BlueKeep

https://www.bleepingcomputer.com/news/security/bluekeep-remote-desktop-exploits-are-coming-patch-now/

https://answers.microsoft.com/en-us/windows/forum/all/how-install-bluekeep-patch-for-windows-7/e1582d6b-9669-408c-a58f-0f7c7c1be651

I am now going to explain why that is important. Here is ms advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Using Windows 7 Sp1 32 bit as example. The Kb’s are 4499164 and 4499175.

Starting with 4499175. https://support.microsoft.com/en-us/help/4499175/windows-7-update-kb4499175

Note this line:

“Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions, but disabled by default for Windows Server OS editions).”

First this is talking about 64 bit not 32bit. Second no mention of CVE 2019-0708 (BlueKeep)

Same in 4499164: https://support.microsoft.com/en-us/help/4499164/windows-7-update-kb4499164

Also let check security only for 64 bit. which are the same exact KB’s

One more part

the page has this:  “For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.” Lets do that:

https://portal.msrc.microsoft.com/en-us/security-guidance

Searching that page again has no mention of CVE 2019-0708. I checked the listed under

March https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d

April https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d

May https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d

June https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573

and July https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573

If this was really patched, why no mention above in either the Security Update Release notes or KB pages?

There is one major problem with telemetry that either most are ignoring or simply not thinking about. Think about what telemetry is. It is an open door to data on your computer, A door that by its existence means your so called “secure” computer is not really secure. After all if m$ can go through the door, that others can as well. That data is likely not just going to m$, but possibly malware writer as well.

If you want security at home, you do not leave an open door. No, you control the ins and outs. That alone means Windows 7 without telemetry is greatly more secure that build in hole for  telemetry that 10 has. It is one thing to say ms, my computer crashed. Here the data about it. It is another for ms to enter your computer have a look around, maybe take the Vincent Van Gogh and leave behind the three year old scribbling. Again any opening no matter how small is still a hole in your security. Better no holes if you want to be secure.

Finally a famous Quote: Those who desire to give up freedom in order to gain security will not have either one.
Benjamin Franklin

Do we really want to give to ms the power to get anything, anywhere on our computers? Remember they write the code and can make more back doors and thus even more security holes. And malware comes in through those bugs and back doors.

6 users thanked author for this post.

Elly, Sessh, SkipH, johnf, ryegrass, Canadian Tech

https://www.securitynewspaper.com/2019/06/05/new-vulnerability-in-windows-rdp-bluekeep-patch-is-not-working/

As I have not seen any mention of this even though it was back in June. Three questions.

First look at the last line of the Three set process:

• The target user connects to a Windows 10 or Server system via RDP
• The user blocks their session and leaves the device unattended
• The attacker with access to the device can interrupt the user’s connection and access the RDP session without having to authenticate.

In other words to exploit this vulnerability, the attacker must have physical access to the device (computer) . Then the computer will be compromised. As most know if one has physical access to a computer, it can be hacked and not patch or security program on the computer will stop it. So the remote part requires being at the computer in question. Have you read or heard anything about that?

next this:

The later versions of Windows 10 1803 and Windows Server 2019 are those that present this vulnerability, because with the most recent update it changed the handling of the NLA-based Windows RDP sessions so that an unexpected performance can be generated in the session lock, mentions the web application security test specialist.

Notice this vulnerability was caused by an update. If the computer in question was not fully updated, that this vulnerability would not be possible. Right?

Last this part

The company was notified since last April 9th, but responded to the flaw report by mentioning that “this behavior does not meet the criteria established by the Microsoft Security Center for Windows”, so the failure will not be corrected, at least not now.

So did Ms patch this or just say they did. What was the real reason for all the doomsday hype?

 

[Steve S]

Same here. Around 4MT got a 502 Bad Gateway.

• This reply was modified 6 years ago by Steve S.

1 user thanked author for this post.

Woody Lounger

Sounds like a Group Policy. Do the Following:

Type Gpedit.msc in the run box. Then click on computer configuration. Then Administrative Templates. Then Window Components. Then Window Updates and see if any are set.

https://www.technewsworld.com/story/Microsoft-Becomes-Master-of-Its-Own-Linux-Kernel-86007.html

What are your thoughts? Should we be scared? Is Windows on its way of becoming Open Source and thus Linux? Can microsoft be trusted not to destroy this like they are currently doing with 10 (IMO)?

 

You could also use other “true” Disposal Email. I like mailinator.com as no account is needed. just pick a email name and it will let you check that box. Google disposable email for more options.

Oh, Lovely Eternal Blue. I learned about that exploit from a Malwarebyte’s Newsletter talking about another possibly nastier uses of that Exploit, Emotet. Links

https://en.wikipedia.org/wiki/EternalBlue

https://blog.malwarebytes.com/cybercrime/2018/09/emotet-rise-heavy-spam-campaign

https://blog.malwarebytes.com/detections/trojan-emotet

https://blog.comodo.com/comodo-news/new-immense-attack-emotet-trojan-targeted-thousands-users/

https://securityintelligence.com/news/emotet-trojan-uses-complex-modules-to-evade-standard-protection/

https://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/

https://https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010/kb/en-us/127218

Why I bring this up? Because it is easy to avoid be detected by antivirus scanners.

From the last link:

IMPORTANT: Emotet is a very advanced polymorphic network worm that has multiple ways to avoid detection. Stopping this worm requires every machine on an infected network to be protected with Anti-Virus, it is also critical that you are following best practice advice. Specifically, you must have Behavior Monitoring (HIPS) enabled including the Detect malicious traffic option also enabled.

The Best Protection from this is simple. Even though it currently MS-DEFCON -1, IMO if you are missing the Patch for this Exploit, get Patched now!