News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • Tasks for the weekend – July 3, 2021 – Taming Word

    Posted on July 4th, 2021 at 00:20 Comment on the AskWoody Lounge

    Youtube Video here

    Recently Word (and Outlook) has added a new feature that it “predicts” what you are typing and urges you to hit tab to speed it up.

    If this annoys you, for Outlook click on File then on Options then on Mail then on Compose messages then uncheck Show text predictions while typing

    For Word, click on File then Options then Advanced, Under Editing Options, check the box for “Show Text Predictions While Typing” to enable the feature and click “OK.”

    For Outlook on the web, go to Settings then to View all Outlook settings then to Mail then to compose and reply, and uncheck the option “Suggest words or phrases as I type” under text predictions

    Note this is not new but dribbling out to the various versions of Office.

  • Kaseya VSA has been hit with a ransomware attack

    Posted on July 2nd, 2021 at 14:25 Comment on the AskWoody Lounge

    https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/

    “We are monitoring a REvil ‘supply chain’ attack outbreak, which seems to stem from a malicious Kaseya update. REvil binary C:\Windows\mpsvc.dll is side-loaded into a legit Microsoft Defender copy, copied into C:\Windows\MsMpEng.exe to run the encryption from a legit process.”

    This not good for those who rely on consultants who then use common tools. Kaseya is the name of a company that provides various tools for consultants to remotely access and manage networks for their customers.

    Consumer/Home user impact:  You don’t use Kasaya VSA so you are safe.

    Small business impact/Consultant impact:  So far it looks like it’s only 4 MSPs that Huntresslabs are tracking, but you may want to check your networks to be safe.

  • Got a Western Digital NAS?

    Posted on July 2nd, 2021 at 11:24 Comment on the AskWoody Lounge

    I just told a coworker to unplug his WD mycloud/mybook devices.  We have another zero day for the Western Digital line up.

    Brian Krebs has the details.

    I’m going back to plain old external hard drives as the backup media of choice these days.

  • Does your router auto update?

    Posted on July 1st, 2021 at 11:18 Comment on the AskWoody Lounge

    Michael Horowitz has long opined that router security needs a LOT of work. He has often complained about the sad state of firmware and router software.  Now comes several disclosures via Microsoft and Netgear that some of their firmware needs updating to fix holes that attackers can use to get in.

    It’s a reminder that things we take for granted are often ways that attackers can wiggle in as well.

    Make sure you regularly patch your router (check for firmware) or enable automatic updates. Most router OS’s are purpose built distributions that typically have zero issues during the update process. And don’t forget to review how old your router is. Sometimes they do die and you do need to replace them. Othertimes they fall out of support and you SHOULD replace them. Remember there is software under the hood as well. If you can’t remember when you last updated it, checked for updates, or when you bought it, today would be a good day to check on those items!

  • Print Nightmare is going to be a nightmare

    Posted on June 30th, 2021 at 14:38 Comment on the AskWoody Lounge

    This is me. This is me trying to figure out what best to do with a security issue in the news today. CVE-2021-1675 Or rather it’s what I’d like to be doing but I can’t.

    So here’s the deal. There’s a security vulnerability for Print spooler that was patched back on June 8th but the patch didn’t fully fix the issue.  On June 21, the vuln was updated to critical severity as a potential for remote code execution was found. There is now a zero day proof of concept of this issue out on Github and various places.  Specifically the proof of concept is for Windows Server 2019 but as I understand it, it impact more platforms as well.

    Edit:  Turns out this appears to be a new bug and not an unfixed vulnerability. Bottom line it’s still just as bad but now just a regular old zero day instead of a slightly unfixed zero day. And it also works on Windows 11 as well.

    Edit 7-2-2021 Micropatches from 0patch have been released for this issue 

    Action items if you are a consumer and DO print.

    As I’m reading it, this is a big deal on domain controllers – not so much on stand alone computers. This allows attackers to wiggle in via a remote authenticated user and raise the rights of that account.  Since home computers do not have “remote authenticated users”  I’m not freaking out here and recommending that you disable print spooler (yet).  I don’t know about you but I DO print so I cannot disable the print spooler service without severely impacting my productivity. I’ll keep monitoring the situation and update if I see anything where I think consumers/home users/small peer to peer networks should be taking action other than the usual “be careful out here” and watch what you click on. So for now if you run windows and print, take no action, other than to be your normal, careful, slightly paranoid self.

    Action items if you are a consumer and DON’T print.

    Print spooler lately has been a big target. If you know you don’t ever print or print to pdf or anything like that you can proactively click on the search box and type in “services”, scroll down to print spooler, double click and click to change the service to stop and then to disable the startup type. Note you need to be an administrator (or have admin rights) to be able to stop this service.

    Action items if you are a IT pro or MSP.

    Determine if you can follow this post and disable the print spooler service especially on Servers, Domain controllers in particular. You might want to go through server hardening guidance while you are at it.  Bottom line evaluate your risk for this attack and take action accordingly.  Recommendation is to disable the print spooler service on the Domain controllers first. If you are a SMB consultant where your Domain controller is ALSO your Print server there’s no good alternative especially if your folks have to print.

    TrueSec have come out with a workaround that allows you to deny permissions to keep attackers from gaining system rights and leave print spooler service as is.

    And if you are running Mint, Chromebook, Apple, etc. etc.  just try not to look so smug, okay?

  • The confusion of .NET

    Posted on June 28th, 2021 at 02:40 Comment on the AskWoody Lounge

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    Recently I’ve noticed that some folks are getting a bit confused about my recommendations regarding .NET updates.

    If you are a regular follower of my Master Patch Lists, you know that I don’t always recommend installing .NET updates right away, in the months they are released. Why? Because I’m trying to encourage the “business-style” of patching, in which you focus only on the offered security updates and skip the non-security fixes. By configuring your systems this way, the automatic patching process approves and installs only the security-related patches, not the quality fixes.

    Read the full story in the AskWoody Plus Newsletter 18.24.0 (2021-06-28).

  • Tasks for the weekend – June 26 – dealing with the Store

    Posted on June 26th, 2021 at 23:19 Comment on the AskWoody Lounge

    Youtube here

    So yesterday and earlier today I had to deal with two computers that spontaneously had an Xbox gaming widget on the system that greyed out the screen. (you can see it in action here)

    Once I rebooted the systems the widget went away and I proactively put a registry key to ensure it didn’t come back. I think, based on reviewing the event logs on both systems, that a Microsoft Store update that got installed yesterday on my home pc and early this morning at the office.

    EventData
    updateTitle 9WZDNCRFJBD8-Microsoft.XboxApp
    updateGuid {69e8be91-65f1-4436-96b8-9025450413d7}

    Remember that there is more that gets updated behind the scenes than just the Windows updates that you visually see. Office 365 click to run silently updates in the background unless you overtly stop the Office updating process. The Microsoft store is another behind the scenes updating process as well.

    If you want to stop/block the Microsoft store, there are ways to do it as well as following PK’s excellent tutorial. Now mind you this is advanced stuff and not for all.  Many a system has been rendered unbootable if removing the apps weren’t done correctly. So I recommend this only for advanced users.

    Bottom line when your computer does weird things, sometimes it’s not you. It’s REALLY not you.

  • WUshowhide is back!

    Posted on June 25th, 2021 at 22:05 Comment on the AskWoody Lounge

    A big thank you to Bruce to providing feedback to Microsoft to get WUshowhide resigned with a SHA-2 certificate. It’s now been reposted to the download site.

    Sure enough it was what we thought….

    Thank you all for your patience. The troubleshooter was initially removed as part of our SHA-1 deprecation, where we removed all content on the DLC which had only SHA-1 signing. We are working to re-sign this with a SHA-2 certificate and verify that it works as expected, and will re-publish. I will follow up again shortly.

    He did and just reposted it tonight.

    http://download.microsoft.com/download/f/2/2/f22d5fdb-59cd-4275-8c95-1be17bf70b21/wushowhide.diagcab 

    The full URL is there.

     

  • Got a Western Digital My book?

    Posted on June 24th, 2021 at 18:37 Comment on the AskWoody Lounge

    Dan Goodwin on Twitter says:

    Western Digital is advising customers to disconnect their My Book storage devices while the company investigates the mass wiping of data from devices all over the world.
    See more here
  • 2004’s being pushed?

    Posted on June 24th, 2021 at 00:01 Comment on the AskWoody Lounge

    In the Windows update twitter account they indicate:

    Today we are starting a new rollout phase for Windows 10, version 21H1 using our latest machine learning model to begin the multi-month process to automatically update devices running Windows 10, version 2004, that are approaching end of servicing.

    So. What does that mean? Same old, same old, unfortunately.

    If you have a device on 2004 and do not have the targetreleaseversion in place to keep it on 2004, Microsoft will begin pushing you to 21H1.

    Well first I think they are pushing a little too quickly as 2004 doesn’t age out until December.  Furthermore I still see people struggling to get off of 1909 and on to 2004. So if you have a reason to stay on 2004 – even if that reason is that you are too busy right now to deal with it- make sure you have the targetreleaseversion setting in place otherwise you may find yourself rebooting when you don’t want it.

    I’ll be soon adding the approval of 21H1 to my recommended versions.  Bottom line my recommendation is to use the TRV (aka targetreleaseversion) setting to be the guard rails on your system.  You then get to choose exactly when you want to go through the feature upgrade process. It’s on your time schedule, not Microsoft.

    Will spotted this video the other day… scroll to the 9 minute mark and listen.

  • What’s your feedback for Windows 11?

    Posted on June 22nd, 2021 at 08:13 Comment on the AskWoody Lounge

    In Computerworld this week I started my list of feedback for Windows 11.  Before we get to the next version of Windows, I have a list of things that need to be fixed on Windows 10.

    So what’s your feedback to Microsoft?

  • Getting rid of local administrators

    Posted on June 21st, 2021 at 02:41 Comment on the AskWoody Lounge

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    Administrator rights are easy to set up but hard to remove.

    Once upon a time, we always configured Windows computers with full administrative rights. We thought nothing of it; it was an expected and a normal part of getting a computer system ready to go. We took being an administrator for granted because we needed to install software and run programs that required administrator rights.

    Then people — attackers — began to realize that user accounts with administrative rights were the keys to the kingdom, making it easier for them to gain access to a system and do their dirty deeds.

    Read the full story in the AskWoody Plus Newsletter 18.23.0 (2021-06-21).