Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • ELSA: How the CIA tracked the location of an infected PC using WiFi signals

    Posted on June 28th, 2017 at 08:28 woody Comment on the AskWoody Lounge

    The latest WikiLeaks release talks about ELSA, reportedly a CIA project that allowed the government (and now, apparently, everybody) to snoop on the location of an infected PC.

    ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp.


  • Massive batch of bug fixes for Windows, Office – KB 4022716, 4022723, with known problems

    Posted on June 27th, 2017 at 23:06 woody Comment on the AskWoody Lounge

    The dust is still settling, but here’s what people are seeing right now:

    • Win10 version 1703 – KB 4022716 includes a long list of bug fixes, brings build up to 15063.447. Known problem with iSCSI targets.
      UPDATE: Neowin reports that, nine hours after announcing this patch, it’s now available via Windows Update. MS also pulled the warning about connecting to iSCSI targets. (Thx, @Kirsty)
    • Win10 version 1607 – KB 4022723 also includes lots and lots of fixes, build 14393.1378, also has a problem with iSCSI. The KB article states that you have to manually download and install this patch, if you want it. Confused yet?
    • Win10 version 1511 – KB 4032693 has a much shorter list of fixes, build 10586.965, no identified problems. You also have to manually download and install this one, if you want it. (Thx, @MrBrian.)
    • Win 8.1 – KB 4022720, the preview of next month’s (July’s) non-security patches, also has a massive list of bug fixes, with a known problem with iSCSI attachment.
    • Win 7 – KB 4022168, also a preview of next month’s patches, has a much shorter list of fixes. I have no idea why Microsoft released the Previews on this, the fourth Tuesday of the month. They’re supposed to come out on the third Tuesday.

    I believe the 1703, Win 8.1 and Win7 patches are currently available through Windows Update and WSUS – but please drop a line if you aren’t seeing yours.

    Just to make life a little more complicated, Microsoft has officially announced that it has released KB 4022716 — the 1703 patch, mentioned above — to the Insiders Program Slow ring. Yes, if the documentation is correct, that means this same patch is available to Insiders Slow Ring (currently at build 10563.413, the same as the “old” build of 1703), but is not available to Insiders Fast Ring — nor is it available to Insiders Release Preview Ring. I think somebody at Microsoft didn’t press the right red button.

    Please tell me if you can translate this paragraph from the announcement:

    When we release a new Windows 10 Fall Creators Update build to Insiders in the Slow ring, they can wait to be targeted to install the new build, or instead of waiting Insiders can manually check for updates via Windows Update to get the new build. We know this is different from our usual “everyone at once” model to the WIP rings, however this testing will provide invaluable insights to ensure this new targeting framework is functioning as expected.

    I’m seeing confused/confusing reports about the Outlook patches – do they fix all of the identified issues, or only some? What and where are they? According to the Outlook known issues in the June 2017 security updates page, these fixes are available:

    Microsoft also says it has fixed the Outlook Search problems, as well as the Internet Explorer printing problems… by the above-mentioned fixes to Windows.

    And of course MrBrian’s reports from the Internet Explorer bug trenches remain clouded.

    Can anybody remember back when patching Windows wasn’t so complicated? Yeah, me neither. It’s becoming increasingly difficult to put lipstick on the pig.

    Until we have some indication of the problems generated by this latest round of patches, I’m keeping us at MS-DEFCON 1:  Current Microsoft patches are causing havoc. Don’t patch.

  • The grugq: PetyaWrap causing lots of havoc, making little profit

    Posted on June 27th, 2017 at 20:56 woody Comment on the AskWoody Lounge

    Dan Goodin at Ars Technica has the definitive report on the latest ransomware outbreak:

    A new ransomware attack similar to last month’s self-replicating WCry outbreak is sweeping the world with at least 80 large companies infected, including drug maker Merck, international shipping company Maersk, law firm DLA Piper, UK advertising firm WPP, and snack food maker Mondelez International. It has attacked at least 12,000 computers, according to one security company.

    If you haven’t seen the grugq’s technical analysis, it’s well worth a gander.

    Although the worm is camouflaged to look like the infamous Petya ransomware, it has an extremely poor payment pipeline.

    Of course, you have nothing to worry about because you installed MS17-010 last month, right?

    Vess Bontchev nudged me about the spreading mechanisms. At this point, we don’t really know how PetyaWrap spread, but once it infects one machine on a system, the MS17-010 patch doesn’t block it from moving from machine to machine on that same network. I have no idea how it spread so rapidly.

    Microsoft has a security blog on the topic. It lists one of the spreading mechanisms and says that one is blocked by MS17-010 — but there are two other identified mechanisms.

    We recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. Until you can apply the patch, we also recommend two possible workarounds to reduce the attack surface:

    If you want to double down on your protection, you can also block PetyaWrap by creating a read-only file called c:\Windows\perfc. Full instructions on Bleeping Computer.

  • Update on Internet Explorer printing problems

    Posted on June 27th, 2017 at 18:54 PKCano Comment on the AskWoody Lounge

    @mrbrian reports these patches are available for printing problems in Internet Explorer.
    NOTE: there is a caveat. This update removes the protection from CVE-2017-8529.

    From CVE-2017-8529 | Microsoft Browser Information Disclosure Vulnerability:

    “Microsoft is announcing the release of the following updates to address a known issue customers may experience when printing from Internet Explorer or Microsoft Edge: 4032782 for Internet Explorer 11 on Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on Windows Server 2012; 4032695 for Internet Explorer 11 and Microsoft Edge on Windows 10; 4032693 for Internet Explorer 11 and Microsoft Edge on Windows 10 1511; 4022723 for Internet Explorer 11 and Microsoft Edge on Windows 10 1607; 4022716 for Internet Explorer 11 and Microsoft Edge on Windows 10 1703; 4022720 which is the monthly rollup preview for Windows 8.1 and Windows Server 2012 R2; 4022721 which is the monthly rollup preview for Windows Server 2012; 4022168 which is the monthly rollup preview for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1.  This update removes the protection from CVE-2017-8529. All updates are available only on the Microsoft Update Catalog, with the exceptions of 4022720, 4022721, 4022168, and 4022716, which are also available through Windows Update.”

    See @mrbrian ‘s post

  • EU Anti-Trust investigation hits Google with biggest fine yet

    Posted on June 27th, 2017 at 15:30 Kirsty Comment on the AskWoody Lounge

    Google has been fined $2.7 Billion US, in its European Union anti-trust ruling, after a 7 year probe.

    From Financial Times:

    “Google’s strategy for its comparison shopping service wasn’t just about attracting customers by making its product better than those of its rivals. Instead, Google abused its market dominance as a search engine by promoting its own comparison shopping service in its search results and demoting those of competitors. What Google has done is illegal under EU antitrust rules”, said EU’s competition commissioner, Margrethe Vestager.

    Google is understood to be considering appealing the ruling. Other reports say that even if the fine is paid, it is unlikely to cripple Google/Alphabet financially, but Alphabet’s share price has dropped since the ruling was announced.

    You can read the European Commission press release here

  • Update on Recent Issues in Outlook for Windows

    Posted on June 27th, 2017 at 15:25 PKCano Comment on the AskWoody Lounge

    Microsoft has updated its Fixes or Workarounds for recent issues in Outlook for Windows as of June 26, 2017

    Non-security patches (fixes and enhancements) for Office are normally released on the first Tuesday of the month, which will be July 4. 2017. Security updates are issued on the second Tuesday.

  • New cyber attack is a ransomware worm

    Posted on June 27th, 2017 at 15:00 Kirsty Comment on the AskWoody Lounge

    Details are still sketchy as to the nature of today’s cyber attack, but it is a ransomware worm from details currently available.

    However, what its actual nature of this threat is is still being discovered and debated, much like Wannacry’s was last month.

    @MrBrian posted about this on Code Red – security alerts – information and discussion topic page:
    Variant of Petya ransomware is spreading fast

  • Office 2007 End of Life, Outlook 2007 connections to Office 365 mailboxes ends Oct. 31, 2017

    Posted on June 26th, 2017 at 18:15 PKCano Comment on the AskWoody Lounge

    Office 2007 will reach End of Life on October 10, 2017. That’s a little over three months away.

    What that means is, there will be no new security updates, non-security updates, free or paid assisted support options, or online technical content updates. According to Microsoft

    In addition, as of October 31, 2017, Outlook 2007 will be unable to connect to Office 365 mailboxes, which means Outlook 2007 clients using Office 365 will not be able to receive and send mail. For more information, see RPC over HTTP deprecated in Office 365 on October 31, 2017.

    With some exceptions like Outlook, mentioned above, Office 2007 programs will continue to  run after support ends, But Users will be taking a risk of malware infections exploiting unpatched flaws, and existing bugs will no longer be fixed.

    Microsoft provides 3 options to upgrade Office 2007

    • Upgrade to Office 365 ProPlus, the subscription version of Office that comes with many Office 365 plans.
    • Upgrade to Office 2016, which is sold as a one-time purchase and available for one computer per license.
    • Upgrade to an earlier version of Office, such as Office 2013.

    For further reading on Office 2007 EOL and upgrade options:
    From ComputerWorld.com  When does support end for Microsoft Office 2007? | By

    From Microsoft: Office 2007 End of Life roadmap
    and Resources to help you upgrade from Office 2007 servers and clients