Posted on February 17th, 2017 at 11:13 Comment on the AskWoody Lounge
As 0day bugs go, this isn’t an earth-shattering development. But it’s still enough to cause concern.
Mateusz Jurczyk at Google Project Zero discovered a memory disclosure vulnerability and notified Microsoft on Nov. 17. Project Zero has an automatic 90-day disclosure deadline: If the vendor (in this case Microsoft) doesn’t fix the hole that’s discovered, it will be automatically disclosed 90 days later.
Sure enough, 90 days passed and, on Feb. 14, the timer rang and the full disclosure popped out, including exploit code.
This isn’t a huge bug. The bad guy has to get access to your computer before it can be exploited. Once logged on to your machine, the interloper can open a bad EMF file and use it to sneak a peek at system memory that isn’t theirs.
It seems that security bulletin MS16-074 didn’t fix the problem entirely.
Yuhong Bao (whom I’ve mentioned before, many times) sent a provocative message to the Project Zero folks. He said:
I wonder if this was supposed to be part of the cancelled February Patch Tuesday.
Something to ponder over the upcoming three-day US holiday.
Posted on February 17th, 2017 at 09:19 Comment on the AskWoody Lounge
A dozen top problems, and what you can do besides assuming a fetal position.
This guide targets two separate but intertwined groups: Those who have recently upgraded from Win7 (or, less likely, Win8.1) and those who have upgraded from an earlier version of Win10 (likely the November Update, Version 1511) to a recent version (as of this writing, probably the Anniversary Update, Version 1607).
UPDATE: Gunter Born has an interesting revelation about error 0xC0020012 on his Born City web site.
Posted on February 17th, 2017 at 08:02 Comment on the AskWoody Lounge
I’m a skeptic at heart. You know that. But this manifesto from Mark Zuckerberg really struck home.
In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us.
It’s an important statement, from a fascinating guy. I wonder how well Facebook, the company, can match Zuckerberg’s goals?
Posted on February 16th, 2017 at 17:00 Comment on the AskWoody Lounge
Privacy remains a thorny problem with no clear solution. I, personally, like to have Gmail scan my mail to snag flights. I don’t mind Cortana. My phone tracks everywhere I go. And I constantly use OK Google. So I’m not a poster child for computer privacy. Still, I understand folks who don’t want all of their data fed into a future General Dynamics overlord. Don’t laugh too hard.
A friend just forwarded an email to me from Mozilla (the Firefox people), suggesting that I take a look at a series of five talks put on by WNYC, the big public radio station for New York City.
They have a great hook:
In today’s world, privacy is less about being alone and more about protecting our identities and information. But if we’re all so concerned about protecting our personal data, why do we regularly give it away to apps, marketers, social media and websites?
That’s the privacy paradox. And it’s time to tackle it.
If you’re interested in pursuing the subject, you might want to venture to the Privacy Paradox site. It’s very well put together – and you might change your mind about privacy.
Or maybe not.
Posted on February 15th, 2017 at 21:05 Comment on the AskWoody Lounge
At least, that’s what the MSRC team notification on the TechNet blog says:
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017
My previous kvetch holds true. There’s no mention about whether this only applies to Windows (Vista, 7, 8.1, 1507, 1511, 1607), or if it also includes Office, .NET, IE and so on.
There’s some concern about the SMBv3 zero-day that I mentioned on Feb. 3. It’s still out there and active. CERT has published manual steps for thwarting the vulnerability.
I have a roundup of the history and the problems on InfoWorld.
By the way, Gunter Born doesn’t think Windows Update is broken, and he offers some powerful arguments in that direction in his latest blog post.
Posted on February 15th, 2017 at 17:38 Comment on the AskWoody Lounge
I’ve just brought forums on board for Office, DevOps, Admins and Developers.
Please take a look and let me know what I screwed up!
Posted on February 15th, 2017 at 15:06 Comment on the AskWoody Lounge
Good AskWoody Knowledge Base stuff from @microfix – AKB3000003
Posted on February 15th, 2017 at 11:12 Comment on the AskWoody Lounge
Galen Gruman has an excellent article in InfoWorld detailing the differences between Office 365 and Google’s G Suite. It’s incredibly difficult to explain the differences side-by-side, and Galen’s done it.
Microsoft Office handily beats G Suite both on the desktop and on mobile devices. Office has long been derided for having too many features that few people use, and there’s truth to that. But for desktop users, it has the features that anyone in your company is likely to need, and they work well.
If you’re debating about Office vs G-Suite, this is a must-read analysis. Even if you end up with G-Suite!