News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • Print Nightmare is going to be a nightmare

    Posted on June 30th, 2021 at 14:38 Comment on the AskWoody Lounge

    This is me. This is me trying to figure out what best to do with a security issue in the news today. CVE-2021-1675 Or rather it’s what I’d like to be doing but I can’t.

    So here’s the deal. There’s a security vulnerability for Print spooler that was patched back on June 8th but the patch didn’t fully fix the issue.  On June 21, the vuln was updated to critical severity as a potential for remote code execution was found. There is now a zero day proof of concept of this issue out on Github and various places.  Specifically the proof of concept is for Windows Server 2019 but as I understand it, it impact more platforms as well.

    Edit:  Turns out this appears to be a new bug and not an unfixed vulnerability. Bottom line it’s still just as bad but now just a regular old zero day instead of a slightly unfixed zero day. And it also works on Windows 11 as well.

    Edit 7-2-2021 Micropatches from 0patch have been released for this issue 

    Action items if you are a consumer and DO print.

    As I’m reading it, this is a big deal on domain controllers – not so much on stand alone computers. This allows attackers to wiggle in via a remote authenticated user and raise the rights of that account.  Since home computers do not have “remote authenticated users”  I’m not freaking out here and recommending that you disable print spooler (yet).  I don’t know about you but I DO print so I cannot disable the print spooler service without severely impacting my productivity. I’ll keep monitoring the situation and update if I see anything where I think consumers/home users/small peer to peer networks should be taking action other than the usual “be careful out here” and watch what you click on. So for now if you run windows and print, take no action, other than to be your normal, careful, slightly paranoid self.

    Action items if you are a consumer and DON’T print.

    Print spooler lately has been a big target. If you know you don’t ever print or print to pdf or anything like that you can proactively click on the search box and type in “services”, scroll down to print spooler, double click and click to change the service to stop and then to disable the startup type. Note you need to be an administrator (or have admin rights) to be able to stop this service.

    Action items if you are a IT pro or MSP.

    Determine if you can follow this post and disable the print spooler service especially on Servers, Domain controllers in particular. You might want to go through server hardening guidance while you are at it.  Bottom line evaluate your risk for this attack and take action accordingly.  Recommendation is to disable the print spooler service on the Domain controllers first. If you are a SMB consultant where your Domain controller is ALSO your Print server there’s no good alternative especially if your folks have to print.

    TrueSec have come out with a workaround that allows you to deny permissions to keep attackers from gaining system rights and leave print spooler service as is.

    And if you are running Mint, Chromebook, Apple, etc. etc.  just try not to look so smug, okay?

  • June’s Patch recap so far

    Posted on June 16th, 2021 at 10:51 Comment on the AskWoody Lounge

    Matt on twitter reports that….

    Office 365 CDN updates for ConfigMgr have been busted for 7+ days now; Enterprise customers who were told to #SplitTunnelAllTheContent unable to download patches for MSFT’s premier Office app

     

    Adding to this issue as well is that the May 21H1 CU’s that include the SSU are required to be installed before the June 21H1 CUs. So if you thought “oh cumulative updates are cumulative” …. uh well at least last month where it includes a mandatory Servicing stack update, this mandates that you install May before installing June. You can’t skip May’s release.

    So to recap so far we have…..

    Consumer issues:

    Enterprise/Business issues:

    And I’m honestly STILL not seeing major widespread attacks using the zero day bugs that were fixed in this month’s updates.  We’re still at DefCon2.  This is the week where I always say, if you have a backup and feel confident in your processes and WANT to patch, that’s always your choice, but I still haven’t given the all clear (when clearly it still isn’t clear).

    Let’s be careful out here.

  • June updates bring news

    Posted on June 9th, 2021 at 01:05 Comment on the AskWoody Lounge

    It’s been a little bit funny seeing some of the reactions online to the News and Interests feature that is included in the June updates. As Askwoody readers know, this first started to trickle out in May but in the June security updates they are included in everyone’s Windows 10 including Enterprises.

    Just a reminder, you can right mouse click on the weather info, go up to news and interests, and either adjust the options (as it does take up a bit of real estate) or turn it off completely.

    Optionally you can use this registry key to do so. To use it, simply click on the download in the upper right, click to run the file, it will warn you it’s not digitally signed, click through that, next click through the UAC prompt and you’ll get to this page warning you about adding it to your registry.

    Click yes and it will turn off the News feature. You’ll need to reboot (I had to) to get it to turn it off.

    I’m keeping an eye on the early beta testers in the forums, so far I’m not seeing anything trending.  As always full details of the updates will be in the Newsletter, in the meantime if anyone needs assistance or help, you know where we are.

    In other patching news, keep an eye out for Apple 14.6 for your iphone/ipad and remember that Apple 15 will be offered up to even iphone 6 models. Androids, keep an eye out for your updates as well.

  • The June 2021 Office non-Security Updates have been released

    Posted on June 1st, 2021 at 13:06 Comment on the AskWoody Lounge

    The June 2021 Office non-Security updates have been released Tuesday, June 1, 2021. They are not included in the DEFCON-4 approval for the May 2021 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2016
    Update for Microsoft Office 2016 (KB5001948)

    Office 2013
    Update for Microsoft Office 2013 (KB5001937)

    There were no non-security listings for Office 2010 (which reached EOS on October 13, 2020).
    On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support will end for Office 2013 on April 11, 2023.
    Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

    Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).