News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

AskWoody Free Newsletter Logo
ISSUE 18.27.F • 2021-07-19

In this issue

PATCH WATCH: Windows 10 more vulnerable?

FROM THE FORUMS: New forum topics added

Additional articles in the PLUS issue

PUBLIC DEFENDER: How to tell whether a fintech app such as Chime is a scam

WINDOWS 11: Windows 11 says good-bye to these familiar features

LANGALIST: Window 10 Home vs. Pro: A real-life test drive

PRODUCTIVITY: Sliding over to LibreOffice — or not

 

MAKING A DIFFERENCE
Feeding American Logo

For 40 years, Feeding America has responded to the hunger crisis in America by providing food to people in need through a nationwide network of food banks.

Join Fred Langa in helping the hunger crisis this summer.

Thank you.

Fred Langa, Columnist

AskWoody Tech LLC donated the space for this message and receives no compensation of any kind.

PATCH WATCH

Windows 10 more vulnerable?

Susan Bradley

By Susan Bradley

Every month brings the usual suspects — zero-day vulnerabilities, remote code execution, denial of service attacks, plus the odd Defender bug here and there.

But as we count up the vulnerabilities, there is a disturbing trend. If you go by head counts of the bugs in each version, Windows 10 has more bugs this month than Windows 7.

There have certainly been times in the past when a bug really did affect an older version of an operating system but couldn’t be fixed because it would have broken customers still using the older platforms. But as Microsoft layers on more protections in Windows 10, it opens up more vulnerabilities. A case in point is Windows Hello (facial recognition instead of passwords), which can be tricked into allowing an attacker to bypass the authentication (see Bleeping Computer).

Mind you, with physical access to a computer, there are LOTS of ways you can bypass security, so I see this more as a concern for businesses than for home users. Windows 11’s hardware mandates mean that Microsoft can introduce more security to the platform via virtualization-based security, which allows the system to isolate the operating system from the application and thus ensure that malicious files and applications can’t gain access to your system. But — and here’s the big but — users of the Windows 11 Home edition won’t be licensed for these features. Even many small businesses won’t be purchasing the needed “E3” or “E5” license in order to enable these features. A Twitter user put it best: “Telling Windows Home users that they should actually want to use new PCs with Windows 11 so they can take advantage of VBS defenses that “stop 60% of malware” when Home edition doesn’t even get most of those defenses, really is pretty crappy.”

Don’t get me wrong. I’m looking forward to the advances that the Trusted Platform Module can bring to the table. As Ben Myers stated last week in his excellent TPM article, “the role of TPM 2.0 in Windows 11 is simply to ensure, with appropriate software support, trustworthy transactions within a single computer and between computers. A transaction may be anything from a simple cut-and-paste between two programs to an electronic payment made for you by your bank.” To this I would add: but not if all of us with consumer and home computers are locked out of participating in that goodness.

I would rather we not run our critical banking information on an out-of-date Windows 7 (or, worse yet, Windows XP) PC, but it’s discouraging never to feel like we’re gaining on the bad guys. And even when such things as ransomware websites are shut down, they always seem to be back in business in short order. Windows 7 had 30 vulnerabilities for the month of January and Windows 10 had 73 , including five HEVC video vulnerabilities that were patched through the Microsoft Store. Looking at it based purely on the type and number of vulnerabilities addressed with patches each month, Windows 11 is going to have to get a lot more secure before we start making headway.

Recommendations for consumer and home users

While there are quite a few zero-day vulnerabilities in the July security updates, I’m still not going to deviate from my wait-and-see attitude for consumers and home users. The good news is that this month’s Windows 10 updates include a fixed version of the PrintNightmare update, so you don’t have to wait for the “fixed” fix to remove the bad code on your computer and roll it back to the working printer code. As Microsoft notes, “[T]his issue affects various brands and models, but primarily receipt or label printers that connect using a USB port.”

Included in the updates is a vulnerability in the Scripting Engine that is under active attack. Microsoft doesn’t make clear whether these are merely targeted attacks or a widespread attack, so before updating, be extra careful where you surf, and make sure your browser is up to date and appropriately paranoid with plug-ins such as NoScript.

For the included Office vulnerabilities this month, we are once again fixing a remote code execution in Excel. If you receive Excel spreadsheets with macros from friends or family, be very careful: attackers are regularly abusing Excel 4.0 macros to drop malware onto our systems. Excel 4.0 macros may be old technology, but clearly they still work to gain access to our systems.

For now, pause updates while waiting to see whether there are more printing side effects from this month’s updates. For Windows 10, remember you can click on Start, Settings, Update and Security and then on Advanced options to pick a date in the future. For now, I’m looking at July 27 as a preferred install date. Alternatively, you can use WUMgr to defer updates. TomR posted an excellent document (PDF) in the forums about how to use WUMgr to control updates.

Recommendations for business users

If you still have an on-premises email server, spend time updating that server first before taking any other actions this month. The Exchange Server vulnerabilities (which allow remote code execution) came through the ZDI Pwn2Own contest, where contestants try to attack systems. If you use third-party antivirus software on your Exchange server, be aware of a possible slowdown triggered by this month’s updates. As Günter Born points out, AMSI integration can cause problems with various third-party antivirus scanners. You may have to disable AMSI integration in your antivirus product to get Outlook working properly.

This month, Microsoft will be mandating the enforcement phase of a change, first introduced in December updates, having to do with how Kerberos delegation can be used in attacks. The patch enforces the changes to address CVE-2020-17049. This attack is called “Kerberos Bronze Bit vulnerability,” and more information about it can be reviewed here.

More Print Spooler bugs

Late on July 15, Microsoft released a security-vulnerability notice in the form of CVE-2021-34481 — yet another Print Spooler bug. It’s not as bad as PrintNightmare, because the bug can be accessed only locally, not remotely; but it still means that an attacker can use a Web-Browser attack or a phishing attack to take control of the system. It’s unclear when there will be a patch for this.

The earlier Print Spooler bug, called PrintNightmare, was fixed in the July 13 security releases. Should you decide to install updates, you won’t have to wait for the fix to be silently installed after you install the updates. Depending on your needs — and if your domain controller is only your domain controller and holds no other roles — I continue to recommend that you have the Print Spooler service enabled if only it is absolutely necessary. Otherwise, disable it.

For those of you in small businesses where your domain controller may also be the print server for the office, disabling the Print Spooler service is not an option. Viable workarounds are noted in the TrueSec blog if you can’t immediately patch.

Take extra care this month — check printing after installing this update.

References

MS-DEFCON 2

Talk Bubbles Join the conversation! Your questions, comments, and feedback about this topic are always welcome in the AskWoody Lounge!

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

UpTrade
If you purchase after clicking this ad, AskWoody may receive a small commission.

FROM THE FORUMS

New forum topics added

A new section has been added in the forums specifically dedicated to Backups. Some of our favorite vendors already listed. If you need help setting up backup software, this is the place to ask.

Susan Bradley remarked, “I think ANY computer issue can be proactively solved with a good backup. Join us in this new section to learn more.”

A few weeks ago, a new Windows 11 pre-release section was added to the forums, with these new topics:

With 32 topics already, the new section is sure to become increasingly interesting and valuable.


2 year vpn deal
If you purchase after clicking this ad, AskWoody may receive a small commission.
Stories in this week’s PAID AskWoody Plus Newsletter
Become an ASKWOODY PLUS member today!

PUBLIC DEFENDER

Brian Livingston

How to tell whether a fintech app such as Chime is a scam

By Brian Livingston

We’ve recently seen an explosion of activity in the field of fintech — financial technology — which is causing ripples in the old-school world of banking and Wall Street.

wINDOWS 11

Lance Whitney

Windows 11 says good-bye to these familiar features

By Lance Whitney

Windows 11 jettisons a bunch of items from Windows 10. But which losses will cause the most pain among loyal Windows users?

To paraphrase a famous biblical quote, “Microsoft giveth, and Microsoft taketh away.” And that’s certainly true with Windows 11.

LANGALIST

Fred Langa

Window 10 Home vs. Pro: A real-life test drive

By Fred Langa

An upgrade from Home to Pro edition costs around US$100, but is it really worth it?

What does Pro edition offer that Home lacks? What does a Pro edition user give up in switching to Home? And, besides price and somewhat differing features, do the dissimilarities really matter in normal day-to-day Windows operation?

PRODUCTIVITY

Sandra Henry-Stocker

Sliding over to LibreOffice — or not

By Sandra Henry-Stocker

LibreOffice is a great replacement for Microsoft Office.

It provides a very similar set of applications. All are top-quality, easy to use, versatile, and well supported. This includes tools to create documents, spreadsheets, slide shows, databases, drawings, etc. LibreOffice and MS Office are similar enough that you’re likely to get off to a fast start when you first use any of the apps. LibreOffice is also completely free — no initial price tag and no monthly fees.

You’re welcome to share! Do you know someone who would benefit from the information in this newsletter? Feel free to forward it to them. And encourage them to subscribe via our online signup form — it’s completely free!


RoboForm box

Like what you see in the
AskWoody FREE newsletter?

Become a PLUS member!

As a Plus member, you’ll receive the full newsletter, including all our great content about Windows, Microsoft, Office, 365, PCs, MS-DEFCON Alert notifications, useful and safe freeware, and Susan Bradley’s sought-after patch advice. Plus membership also allows continuous access to the complete archive of nearly two decades of Windows Secrets and AskWoody Newsletters.

Naturally, Plus members have all the benefits of free membership, including access to the popular AskWoody forums.

The cost? We’re supported by donations — choose any amount for a one-year membership. Every little bit helps.

 Join AskWoody PLUS Today!


Publisher: AskWoody Tech LLC (sb@askwoody.com); editor: Will Fastie (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Your subscription:


Copyright © 2021 AskWoody Tech LLC, All rights reserved.