AskWoody

News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – How to avoid using RDP in Windows

    Posted on August 21st, 2019 at 09:46 woody Comment on the AskWoody Lounge

    An important new article from Susan Bradley in CIO Online:

    BlueKeep and DejaBlue are both potent threats. All of the variants depend on using Remote Desktop Services (commonly abbreviated RDP). Susan Bradley takes you through the steps to avoid or hide RDP, particularly in an enterprise.

    I still recommend that you not install the August Windows patches, which include DejaBlue fixes, specifically because they’re throwing errors like flowers at a wedding. (The May patches for BlueKeep are another story entirely. You should’ve installed those long ago.) But if you have RDP enabled on an internet-facing connection, it’s time to shut it off.

    Those of you connected to corporate servers should follow Susan’s advice and figure out an alternative to public-facing RDP. Those of you with standalone computers can take a couple of simple steps:

    In Vista or Win7, click My Computer and choose Computer. At the top, click System properties. On the left, click Remote Settings. You should be on the Remote tab, and the button under Remote Desktop marked “Don’t allow connections to this computer” should be selected. If it isn’t, click it and click OK.

    In Win10, right-click Start and choose System. On the left, choose Remote Desktop. Make sure the slider to Enable Remote Desktop is set Off.

    I’m not going to guarantee that those simple steps will ward off the Blue Evil Eyes, if and when they appear. But they’ll make breaking your system with the Blues just that much harder.

    If you need to get into your system remotely, there are dozens of alternatives. I use the free Chrome Remote Desktop, but my needs are tiny and I’m not overly concerned about Google snooping me even more. If you want the Tesla version, check out Solarwinds from Dameware. – which is $380 per site.

  • Symantec fixes the SHA-2 patch problem for Win7

    Posted on August 20th, 2019 at 17:14 woody Comment on the AskWoody Lounge

    Remember how Microsoft put in a block, preventing the Win7 August Patch Tuesday patches from installing on systems with Symantec Endpoint Protection? This is what the KB articles for this month’s Win7 patches say:

    Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

    I just got a message from CA that says:

    Symantec released an updated version of Norton Internet Security that
    fixes the SHA-2 patch problem for Windows 7 this morning (Tues). The new
    version will show up through Live Update (140+ mb).

    Once the patched version is applied (v22.18.0.222), security roll-ups
    for August (Group A – Aug 13 KB4512506) will appear in Windows Update
    without user intervention. A reboot may be required for this to happen.

    MS has not updated KB4512506 or KB4512486 to reflect this:
    https://support.microsoft.com/en-us/help/4512506

    For Symantec Endpoint Protection users, the English 14.2 version has
    been updated. Localized language versions will be available on the 21st.

    Symantec Endpoint Protection
    https://support.symantec.com/us/en/article.tech255857.html

  • Still no DejaBlue exploits generally available

    Posted on August 20th, 2019 at 07:59 woody Comment on the AskWoody Lounge

    And, in spite of what you’ve read, there are no DejaBlue attacks in the offing. Lots of people have posted “Proof of Concept” code on GitHub. A couple of bluescreen generators, but none of the publicly available exploits actually work.

    @MalwareTech has a new blog post analyzing the two DejaBlue CVEs:

    In August 2019 Microsoft announced it had patched a collection of RDP bugs, two of which were wormable. The wormable bugs, CVE-2019-1181 & CVE-2019-1182 affect every OS from Windows 7 to Windows 10. There is some confusion about which CVE is which, though it’s possible both refer to the same bug. The vulnerable code exist in both the RDP client and server, making it possible to exploit in either direction.

    His sample code crashes the system, but doesn’t infect.

  • Patch Lady – two items of note in Chrome

    Posted on August 20th, 2019 at 00:05 Susan Bradley Comment on the AskWoody Lounge

    First off I noticed tonight (I’m sure it was there before this) that Chrome is giving the official countdown notice to let us know that it’s disabling flash support as of December 2020.

    Next if you want to see if your passwords have been compromised, there’s a Chrome add in to check if you are in owned database (note that this add in also works in the Edge browser based on Chrome).

    Check it out (and start counting the days until Flash is dead)

  • Patch Lady – Hey want to vote this up?

    Posted on August 19th, 2019 at 23:56 Susan Bradley Comment on the AskWoody Lounge

    Hey I spotted this on the feedback center…. if you are running Windows 10 want to help me vote this up?  I want the old text file back.  The current windowsupdate.log file is nearly useless.

    https://aka.ms/AA1wuhs

    The powershell get-windowsupdatelog replacement for the original real-time windowsupdate.log is not a suitable solution. It is slow to generate logs, often crashes when generating the log file, and takes away the ability to monitor the log in real-time. Using powershell to generate the log makes it totally unsuitable for troubleshooting in a support environment.
    Please bring back the original windowsupdate.log functionality.

  • Fix for the VB bug introduced this month released for Win10 1803

    Posted on August 19th, 2019 at 21:16 woody Comment on the AskWoody Lounge

    Thanks to @WC and @EP for the heads up.

    A few hours ago we got KB 4512509 – the second cumulative update for Win10 version 1803 this month.

    It claims to fix the VB/VBA/VBScript bug introduced by the first cumulative update this month.

    We’re still waiting for Win10 1903.

  • Microsoft continues its bifurcating betas with two new versions of Win10 19H2 (aka 1909)

    Posted on August 19th, 2019 at 16:13 woody Comment on the AskWoody Lounge

    I just love how they’re doing this.

    A few minutes ago, Microsoft (once again) released not one, but two “latest” beta versions of Win10 version 1909. Builds 18362.10014 & 18362.10015 are headed to Windows Insiders in the Slow (er, very slow) Ring.

    One of the betas has all of the “new” features turned OFF, the other has the “new” features turned ON. ‘Course this is the Service Pack we’re all expecting for Win10 1903, which shouldn’t have any new features worth spittin’ about.

    Official announcement here.

  • Installing or re-installing Win7? Make sure you get the BitLocker patch

    Posted on August 19th, 2019 at 10:01 woody Comment on the AskWoody Lounge

    No, I don’t make this stuff up.

    On Friday Microsoft added three little gotchas to the bottom of its SHA-2 patching advisory for Win7.

    Long story short, if you’re trying to install Win7 (either on bare metal, or a VM) and you:

    • Are using setup to install a customized image (e.g., created by DISM)
    • Are burning an image directly to the new machine, or
    • Installing an image with SHA-2 support, but it won’t start with error 0xc0000428

    You need to install an old BitLocker patch. Yep, you read that right.

    And the warning just came out on Friday, hidden at the bottom of the SHA-2 advisory FAQ.

    Details in Computerworld Woody on Windows.

    Thx, @abbodi86, @PKCano