Patch Lady – after .NET I get this?

So on both a Surface Go and a Lenovo laptop after the install of optional, not security .NET KB4537572  on Windows 10 1909 I got a “pop” of the screen that normally you get when setting up a new computer or after a feature update.

All I had to do was to click on skip for now, but the first time I thought it was a fluke, the second time I went… hang on… this happened just a few days ago and I think on the same update.

In case you see it too… just hit skip.

Note I don’t think this happens if you just let updates occur, in this case I scanned for and “sucked down” updates because I was in one case seeing what updates would be offered up, and in the second case it was a Surface that had been offline for a bit.

Borncity reports seeing it as well and points to a registry key to block it.

Widespread reports of problems with the second March Win10 cumulative update, KB 4551762, the SMBv3 patch

I was afraid this would happen. When Microsoft releases two security patches back-to-back, it’s rare that the second patch goes in without problems.

I’m seeing lots of reports with problems with Thursday’s post-Patch-Tuesday cumulative update, KB 4551762.

Günter Born kicked off the discussion on Borncity with Windows 10: KB4551762 causes errors 0x800f0988 and 0x800f0900.

Mayank Parmar at Windows Latest has more complaint reports — and they’re extensive:

• The aforementioned errors on installation
• Random reboots
• Performance hits (which are always hard to verify)

People who already have installation issues will be lucky enough to have Windows to automatically repair the patch is manually removed. Alternatively, some will have to undergo the recovery process and reinstall their Windows 10 copy if the PC remains slow and buggy.

We’re also getting lots of reports about the new cumulative update zapping user profiles, just like the original Patch Tuesday patch and last month’s cumulative update.

There are no in-the-wild exploits of the SMBv3 security hole, although there are many Proof of Concept demos. Kevin Beaumont has tried and failed to crack it in a meaningful way. We’ve had a couple of anonymous posts that point to other potential problems, but I haven’t seen any of them in the real world.

Finally, @Alex5723 notes that MS has changed the Knowledge Base article associated with the patch, with a worthwhile inclusion:

SMB Compression is not yet used by Windows or Windows Server, and disabling SMB Compression has no negative performance impact.

Microsoft also inserted a clarification (for Dummies like me!) explaining why the Server Core versions are the ones affected.

‘Softie Nate Warfield tweeted:

Full Server is not released as part of the Windows Semi-Annual Channel releases; only Server Core.

As such, Full Server is not affected, only the listed Server Core editions.

Which is what numerous people told me here on the forum. Thanks, all!

We’re still at MS-DEFCON 2.

CVE-2020-0796, the SMBv3 security hole, doesn’t pose an immediate threat

I’ve been sitting on pins and needles wondering when an in-the-wild exploit for the just-patched SMBv3 security hole might appear.

Looks like it’s much harder than many folks expected. Kevin Beaumont just posted this:

We’re going to stay at MS-DEFCON 2 for the foreseeable future, particularly because we’re seeing many more reports of the disappearing icons/temporary profile bug.

A little bit of light reading for the weekend

I just got this in the mail — it was sent to a long-abandoned, spam laden account — and figured I would pass it along. A bit of nostalgia to cap off a very troubling week…. It’s so nice of YAHOO, AOL & WINDOWS LIVE, MSN to top up the coffers this day 0 March 2020.

Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.

Microsoft just released the patch that it almost released on Tuesday. It’s the SMBv3 patch that’s set the security community on fire.

KB 4551762, which fixes CVE-2020-0796 is a regular, old-fashioned Win10 cumulative update, but it’s only made for Win10 1903, 1909, Server  1903 Core and Server 1909 Core. (I still have no idea why only Server Core versions are affected.)

Anyway, I’m going to keep my eyes open for any obvious problems and, if the coast looks reasonably clear, we may be moving to MS-DEFCON 3 or 4 pretty quickly.

For now, hold off. There are no known exploits. But be ready to twitch that clicking finger.

Will keep you posted.

UPDATE: 24 hours later, I still haven’t seen an in-the-wild exploit. But there are many reports of a repeat of the “missing icon”/temporary profile bug associated with KB 4551762.

Kevin Beaumont tweeted:

For anybody pondering, I’ve tried various exploits for CVE-2020-0796 – with a default config and vulnerable Windows 10 install, Windows Defender detects the exploit attempt. If you have automatic updates enabled you will also have the patch already.

It’s a significant security hole, but it doesn’t appear to be an imminent threat.

Mayank Parmar has a recounting of the bugs in Windows Latest.

Still watching.

Patch Lady – we have an out of band on that SMBv3

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762

At this time I”m not seeing active attacks and NO ONE should be STUPID enough to have port 445 a SMB file sharing port open to the web.  So I’m still in don’t panic, don’t install and let’s test mode.

Patch Tuesday update: Disappearing SMBv3 patch, non-security Office patches, and a so-far-mild Patch Tuesday

Things look pretty stable at this point, although I’m seeing a disturbing number of Error  0x800f0900 on installs.

If any of the old problems poked through into this round of updates, I haven’t seen any loud scream of pain about them. But the day is yet young.

Admins, you have a tough day ahead, if you’re using SMBv3.

Details in Computerworld Woody on Windows.

It looks like the announced-but-not-fixed CVE-2020-0796 “CoronaBlue” vuln is only for Server 1903 and 1909

I’ll have more details about this shortly, but many of you admins are rightly concerned about the CVE-2020-0796 security hole, which was announced, then not announced, then announced again in Microsoft ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression.

Long story short, it looks like MS was poised to release a patch yesterday, then decided at the last minute to cancel the patch — but somehow word of the cancellation didn’t make it to at least two organizations that published details about it.

It looks like the security hole only affects Win10 1903, 1909, Server 1903 and 1909. Per Florian Roth:

There’s a lot of information available about the hole and countermeasures from Satnam Narang on Tenable, from Sergiu Gatlan at BleepingComputer, Catalin Cimpanu at ZDNet and, in the past couple of hours, Dan Goodin at Ars Technica. Those of you running networks with SMBv3 should take a look.

If you’re running a network on Win7 or Server 2008 R2, you’re good. SMBv3 didn’t even exist back then. 🙂

And if you aren’t in charge of a network, sit back and smile. You have other things to worry about.

UPDATE: Catalin Cimpanu now says:

I have now seen/talked to 3 different people claiming they found the bug in less than 5 minutes. I won’t be surprised if exploits pop up online by the end of the day.

Which patches were pulled?

Last night, the Microsoft Update Catalog listed 113 patches for “2020-03.”

This morning, the count’s down to 110.

Anybody know what happened to the three disappearing patches?

Initial impressions of Patch Tuesday, March 2020

We have 113 new patches in the Microsoft Update Catalog.

There’s a new Servicing Stack Update for Win10 version 1903 and 1909, KB 4541338. There’s also a new one for Win10 1809 and 1803, and for Win8.1.

Dustin Childs’s report is up on the ZDI site:

• 115 separately identified security holes (CVEs)
• None of them are “Publicly known” or “Exploited.”

CVE-2020-0852 is his top pick for a notable security hole. It’s a bug in Word that can be triggered if you preview a Word document in Outlook. The offered patches are for Office 2019 Click-to-Run, Mac Office 2016, Office Online Server, and Sharepoint Server 2019. Microsoft categorizes it as “Exploitation less likely.”

Martin Brinkmann has his usual detailed, thorough analysis of the patches on ghacks.net.

Microsoft hasn’t acknowledged the bugs in the “optional, non-security, C/D Week” patch for Win10 1903 and 1909, released late last month. No idea if this latest drop fixes any of the multitude of problems with KB 4535996. There’s also no mention I can find of the disappearing icon/temporary profile bug that’s been with us for the past month. But there is a humongous list of fixes to 1903 and 1909.

Notably, the change lists for both Win10 1903 and 1909 are the same.

No indication that Win10 version 2004 will ship today. I was half-way expecting it.

UPDATE: Two hours later and I’m not seeing any major cries of pain. Stay tuned.

Fresh reports of HP PC shortages

Just got a message from a reader:

I wanted to report to you something that may pique your interest. I was tasked with ordering computers (HP) and I am finding out due to the Coronavirus coupled with Intel chip shortages that [it’s difficult to find HP] computers… to replace old Windows 7/Vista, yes Vista, machines.

I did a search on many sites and stock is low and even Amazon and Google are struggling to find pcs that would fit the needs (I’m aiming at 16gb of ram, I5 processors at minimum).

Are you encountering any problems getting new computers? There have been reports and rumors of chip shortages cascading into PC shortages, but I haven’t seen anything specifically about i5-level processors with 16 GB of RAM.

Free tax prep?

(USA centric post)

The other day on the news I heard a story about free tax prep for those who earn under $69,000.

Sounds great right?

Well…but… when you look at the IRS web site and the offerings that they have from the various vendors, ALL of them have gotchas.

Some age discriminate.  (yea, don’t you LOVE that!!)

Most don’t offer free state tax filing…. or most don’t offer a free tax prep IF you live in a state that has no state tax.  Thus you’ll get a charge for filing your state return.

Bottom line, like many things my Mom taught me, you get what you pay for and it’s not always free.