News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • Is Microsoft doing enough?

    Posted on August 2nd, 2021 at 11:29 Comment on the AskWoody Lounge

    In Computerworld I ask “For Windows security, what we have is a failure to communicate” and ask if Microsoft is doing enough to help keep us safe.

    As an aside this is similar to Fred’s lament that documentation for Windows products is all over the place and not as helpful as it once was.

    What do you think? Do you think Microsoft is doing enough or could it do better?

     

  • Gold copies — keep them close

    Posted on August 2nd, 2021 at 02:42 Comment on the AskWoody Lounge

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    Recently, I realized that some of the items I needed to download were no longer available from the links I had been using.

    The other day, I was working on an older server, attempting to re-create its software on a different server. As I worked through the needed prerequisites, I couldn’t find what I needed.

    Read the full story in the AskWoody Plus Newsletter 18.29.0 (2021-08-02).

  • Tasks for the weekend – July 31st – what to do?

    Posted on August 1st, 2021 at 00:03 Comment on the AskWoody Lounge

    (Youtube here)

    This week I’m revisiting two discussions that have been going on regarding actions to be taken on two bugs that are not yet patched.

    First is the permission bug.

    The second is the print spooler bugs.

    I will separate my recommendations into two camps: Home and Business.

    For Home I honestly don’t think you should take any action at this time because I do not see active attacks against home users for either the Print Spooler bugs or the incorrect permission bug. Both of them are more suited for attackers going after businesses, so once again, I’ll urge you to be aware, don’t click where you shouldn’t, but not to take any actions at this time.

    For businesses I see that you need to be evaluating and if you feel that the risk is large enough to then take actions that I discuss in the video.

    Take a look at the video.

  • Plan on the worst

    Posted on July 30th, 2021 at 22:16 Comment on the AskWoody Lounge

    I have a love/hate relationship with Surface devices. They are my favorite for travel as the Surface Go is the lightest one, with the Surface Pro 7+ being right behind. But… and this is starting to be true for more and more technology…. they cannot be easily serviced. Battery needs replaced? You can’t fix it. Monitor stops working on it? Sorry. So if you stupidly do what I did the other day…. like have your Surface in your purse on the passenger seat of your car. Then you opened your car door when you didn’t realize your purse was way too close the edge of the seat…. and well you can see where this is unfortunately going can’t you?

    When it then hits the cement pavement just at the exact corner of the screen… you can guess what happened:

    Nailed it, right on the edge.

    The computer still booted up, it just was a bit…. crunchy in that corner of the screen with little bits of glass in the keyboard. Ugh.

    When I purchased this device, I did it as part of an All access for business plan. You can add an accidental coverage plan, which I did just in case I did something … well… stupid like this. “Sigh!”, I said to myself, “well I get to test it out this time”.  So I signed into the Surface business access site and started the process to get it replaced. As part of the “replacement” process you only ship the unit itself. You reset it to factory defaults and erase all of your data because you are NOT getting this unit back.

    So in my case, because I tend to use it to remote into other things, I honestly didn’t have to back anything up. I can easily install what I need on the device again. But I did have to remove the AT&T Cellular SIM card that was an extra accessory I got that allows the device to always have Internet connection as long as I’m within range of an AT&T cellular tower.

    Microsoft provided a physical address I needed to send it back to and off it went. I had heard from others that I might get a refurbished unit back and not a new unit, but because the unit they were replacing was a Surface Pro 7 plus, chances were good that I would receive a new unit, not a refurb’d. Sure enough, I received back a new unit.

    I went to reinstall the AT&T SIM and was surprised to see that cellular didn’t turn back on again. Okay I probably need to call AT&T and tell them the new IMEI or some other information that they need to reenable it. Turns out on the Surface Pro 7 plus it supports both an eSIM and a physical SIM there’s a little arrow key in the cellular networking section that you can pull down and choose eSIM or the physical SIM. Duh. Once I picked the physical SIM, the cellular connected right up without contacting AT&T.

    As an aside, remember that Surface devices can get updates for it’s Operating system AND it’s hardware and firmware but they still are not easily repairable. Therefore, plan accordingly.

    In July Microsoft released various updates for firmware and hardware on the following Surface devices:

    Surface Book – security fixes for firmware

    Surface Laptop 3 – various performance issues

    Surface Pro 4 – security fixes for firmware

    Surface Pro 3 – security fixes for firmware

    Surface Studio 2 – security fixes for firmware

    The moral of this story is, buy the support plan for accidental coverage for these types of tech devices that cannot be easily serviced. Even though most of the time you won’t use it, there will be that ONE time when the device slides out of your purse onto the concrete pavement as you open your car door. Trust me. It can happen.

  • Do you reboot your Apple devices?

    Posted on July 29th, 2021 at 20:11 Comment on the AskWoody Lounge

    I’ll be the first to admit that other than installing updates, I don’t reboot my iphone on a regular basis. The other day Apple got a big patch bundle to fix several zero days/security issues. By now you’ve probably installed those updates. But do you reboot on a regular basis?

    The NSA issued a “best practices” guide for mobile device security last year in which it recommends rebooting a phone every week as a way to stop hacking. Apparently it keeps attackers from being able to insert “persistence” attacks on the device.

    How often do you reboot?

     

  • MS-DEFCON 4: July updates should be installed

    Posted on July 27th, 2021 at 01:00 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.28.1 • 2021-07-27

    PATCH WATCH

    MS-DEFCON 4

    By Susan Bradley

    July patches have been well behaved.

    Consumer and home users

    If you’ve used the “pause updates” methodology, now is the time to install the July updates. I’ve not seen any major printing issues introduced with these July updates. However, I still recommend that you keep the Print Spooler service disabled. If you do print, consider turning the spooler off and then back on when you need it. Microsoft fixed the issue with the Print Nightmare bug, but another Print Spooler bug has yet to be fixed and is slated to be discussed at the annual security conference in Las Vegas, better known as the Black Hat Conference.

    For Office updates, open up any installed Office application, click on File, then on Account, then on Office Updates and choose to enable updates. Then click on Update Now to trigger the installation of the updates.

    Business users

    For business users, Microsoft has described only one side effect with printers and the July updates. Printers that rely on smart-card (PIV) authentication may fail to print after the installation of the July patches. This is not a widespread problem, and there is no reason to delay installation of the patches.

    References

    Read the full story in the AskWoody Plus Alert 18.28.1 (2021-07-27).

  • Microsoft de-emphasizes backing up

    Posted on July 26th, 2021 at 02:40 Comment on the AskWoody Lounge

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    Got backup?

    Many Windows users consider the second Tuesday of every month a bit like Russian roulette. Will their system reboot? Will they have issues and side effects triggered by the update? Will something else go wrong?

    Read the full story in the AskWoody Plus Newsletter 18.28.0 (2021-07-26).

  • Tasks for the weekend – July 24, 2021 – what’s your password?

    Posted on July 24th, 2021 at 23:27 Comment on the AskWoody Lounge

    [Youtube video here]

    Just the other day I was helping someone out with setting up a new laptop and they didn’t know what their wifi password was. Fortunately the person who installed their internet connection had left behind a piece of paper that had a username and a password. I figured this was the account set up info and sure enough I was able to log into their Comcast account and figure out what their existing wifi password was. Does your ISP provide you with a web interface to review your wifi? Or an app that allows you to troubleshoot the Internet connection? Often rebooting devices is a great way to make the television or Internet magically get fixed and these apps can make it easier to determine if the issue is you or them.

    Also while you are poking around the ISP account, see if they have any shared hotspots turned on. In this wifi interface is often the place to disable this “shared hotspot” that many ISPs turn on by default.

    So have you logged into your ISP’s web account or downloaded their app? What do you do regularly with it?

  • Check your certificate services

    Posted on July 24th, 2021 at 20:48 Comment on the AskWoody Lounge

    Guidance for businesses:

    For those of you that have active directory domains – and especially if you use Small Business Server or Essential Server and have migrated your active directory over from these platforms check out this article I wrote for CSO online earlier.

    Bottom line you may have Certificate templates you either have now due to Essentials server, or you brought it over from the active directory when you migrated to your current active directory domain. As a result you may need to adjust the certificate templates on the server – or – if you no longer have an Essentials server in your network – you may need to remove the certificate templates.

    Next another issue to read up on:  SANS site is showcasing an issues with certificate services.  Mind you that SMB signing should be enabled in most networks anyway, so you may have some mitigation already.

    Guidance for consumers:

    Be glad that you don’t have a network, slightly worry about all of the businesses you interact with that do.

  • Windows 10 more vulnerable – revisited

    Posted on July 20th, 2021 at 23:05 Comment on the AskWoody Lounge

    I asked the other day if Windows 10 was more vulnerable. Turns out we have another problem with Windows 10 – and Windows 11 for that matter.

    CVE-2021-36934 has been released to track an issue that a researcher has stumbled on … and it’s honestly been around for a while. Starting with Windows 10 1809 and later, the default permissions on the “Security accounts manager database” (also known as SAM database)  aren’t set right and if you are a non administrator user where you shouldn’t have the ability to access that file, in Windows 10 1809 and later you DO have rights to that file.

    While on consumer and home computers this isn’t a huge issue, in businesses where keeping ransomware at bay is near impossible these days, it’s not a good thing at all.

    Bleeping computer explains the situation…. “With these low file permissions, a threat actor with limited privileges on a device can extract the NTLM hashed passwords for all accounts on a device and use those hashes in pass-the-hash attacks to gain elevated privileges.”

    The SANS site tells how specifically this vulnerability takes place….“The only issue here is how do we read those files: when Windows are running, the access to the files is locked and even though we have read permission, we won’t be able to read them.  As two great researchers found (@jonasLyk and @gentilkiwi), we can actually abuse Volume Shadow Copy to read the files. VSS will allow us to bypass the file being locked, and since we have legitimate read access, there’s nothing preventing us from reading the file. VSS is a feature that is enabled automatically on Windows and that allows us to restore previous copies in case something got messed up during installation of a new application or patch, for example. If your system disk is greater than 128 GB, it will be enabled automatically!”

    Action items to take as a consumer:  Nothing.  The potential mitigation “apart from disabling/removing VSS copies. Keep in mind that the permission on the hives will still be wrong, but at least a non-privileged user will not be able to easily fetch these files due to them being locked by Windows as the system is running.” to me is not viable and puts your system at risk for not being able to use previous versions tab, backups and other goodness. I’d rather not change any permissions because given that this has been in place since 1809, software may be expecting these permissions. I’ll let you know when a patch or fix comes out, or a mitigation that I consider safe.

    Actions to take as an IT Pro or MSP: Also nothing at this time. Again, I consider VSS copies too important to disable.

    Bottom line, stay tuned.

    Edit 7/23/2021 For IT Pros and MSPs, I’d recommend that you inventory your servers and clients to see if they are impacted.  See VU#506989 – Microsoft Windows gives unprivileged user access to system32\config files (cert.org)

     

  • Windows 10 more vulnerable?

    Posted on July 19th, 2021 at 02:45 Comment on the AskWoody Lounge
    AskWoody Plus Newsletter Logo
    ISSUE 18.27 • 2021-07-19

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    Every month brings the usual suspects — zero-day vulnerabilities, remote code execution, denial of service attacks, plus the odd Defender bug here and there.

    But as we count up the vulnerabilities, there is a disturbing trend. If you go by head counts of the bugs in each version, Windows 10 has more bugs this month than Windows 7.

    Read the full story in the AskWoody Plus Newsletter 18.27.0 (2021-07-19).
    This story also appears in the AskWoody Free Newsletter 18.27.F (2021-07-19).

  • Tasks for the weekend – July 17 – what’s your password?

    Posted on July 18th, 2021 at 00:19 Comment on the AskWoody Lounge

    (Youtube here)

    Just the other day I was reminded to be careful with any of the social media “game” questions that try to make you build a name from various information you provide. What these are doing it trying to get you to expose your security password reset answers…. typical password reset questions include:

    What Is your favorite book?
    What is the name of the road you grew up on?
    What is your mother’s maiden name?
    What was the name of your first/current/favorite pet?
    What was the first company that you worked for?
    Where did you meet your spouse?
    Where did you go to high school/college?
    What is your favorite food?
    What city were you born in?
    Where is your favorite place to vacation?

    As a study indicated, “All four of the most popular webmail providers – AOL, Google, Microsoft, and Yahoo! – rely on personal questions as the secondary authentication secrets used to reset account passwords. The security of these questions has received limited formal scrutiny, almost all of which predates webmail. We ran a user study to measure the reliability and security of the questions used by all four webmail providers. We asked participants to answer these questions and then asked their acquaintances to guess their answers. Acquaintances with whom participants reported being unwilling to share their webmail passwords were able to guess 17% of their answers. Participants forgot 20% of their own answers within six months. What’s more, 13% of answers could be guessed within five attempts by guessing the most popular answers of other participants, though this weakness is partially attributable to the geographic homogeneity of our participant pool.”

    Bottom line be careful when social media games try to get information from you, they may be trying to trick you. And next time you pick a password reset answer, try NOT to pick the usual stuff.