Newsletter Archives

• Wrapping up July’s updates

  Posted on August 7, 2023 at 02:42 CDT by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  We’re at the dividing line. We are working on getting July’s updates installed and reviewing whether we have Windows 10 22H2 installed. Meanwhile, that window of opportunity for installing updates is closing soon.

  But that’s just the Windows side of the patching world. On the Apple side, we’ve had to deal with zero-day patches this month. Not to be left out, Android is doing last-minute beta testing on Android 14 beta 4.1.

  Read the full story in our Plus Newsletter (20.32.0, 2023-08-07).

  Patch Watch Apple, Cloud services, CVE-2023-32019, InControl, Newsletters, Patch Lady Posts, WSUS, WuMgr, Zero Day

• Patch testing isn’t easy

  Posted on July 17, 2023 at 02:42 CDT by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  No matter who the vendor is, bugs occur.

  By the time you read this, Apple will have already re-released its rapid security patches for iOS, iPadOS (16.5.1), and MacOS Ventura (13.4.1). The patches dealt with side effects impacting Facebook, Instagram, WhatsApp, Zoom, and various other websites.

  The bug release fixed a WebKit vulnerability that was being exploited in the wild. If you don’t use Safari as your default browser, or if you don’t use the impacted apps, I hope you just did the “sit tight and wait for a re-release” thing.

  Read the full story in our Plus Newsletter (20.29.0, 2023-07-17).

  Patch Watch drivers, Newsletters, Patch Lady Posts, security, Testing, Zero Day

• Apple and Microsoft fix April zero days

  Posted on April 17, 2023 at 02:42 CDT by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  Tomorrow is the tax-filing deadline in the US. It’s not the time to be installing updates, especially since we’re still at MS-DEFCON 2.

  In other words, we’re still in deferral mode despite several newsworthy patching headlines and despite my not having noticed any significant side effects. As usual, I suggest patience until we know more.

  The majority of the items of concern relate to businesses, not consumers. Here are some highlights.

  Read the full story in our Plus Newsletter (20.16.0, 2023-04-17).

  Patch Watch Active Directory, Certificate padding, Juice Jacking, LAPS, Newsletters, Patch Lady Posts, Zero Day

• Apple emergency updates

  Posted on April 7, 2023 at 12:47 CDT by Susan Bradley • Comment in the Forums

  (First off Good Friday, Happy Passover, Happy Ramadan, Happy near the end of the weekend to everyone)

  Apple pushed updates for 2 new zero-days that may have been actively exploited.

  🐛 CVE-2023-28206 (IOSurfaceAccelerator):
  – macOS Ventura 13.3.1
  – iOS and iPadOS 16.4.1

  🐛 CVE-2023-28205 (WebKit):
  – macOS Ventura 13.3.1
  – iOS and iPadOS 16.4.1

  Specifically:

  💻 macOS Ventura 13.3.1 – 2 bugs fixed
  📱 iOS and iPadOS 16.4.1 – 2 bugs fixed

  On the Apple platform when you read “may have been exploited” that’s usually geek speak for “was used in a very targeted attack and has not been widely used”.

  Apple Patch Lady Posts, Zero Day

• Ensuring you can recover

  Posted on March 13, 2023 at 02:41 CDT by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  Anyone reading the title of this edition of Patch Watch may think I’m talking about a Windows update issue.

  But no matter what your technology, I want to remind you that having a backup means that you will be able to recover.

  A good friend of mine, totally ensconced in the Apple world, reported that her older Apple computer running Monterey was not a happy camper. She had been traveling and did not want to install updates. Once at home after her travels, she attempted to update. That’s when the “fun” started.

  Read the full story in our Plus Newsletter (20.11.0, 2023-03-13).

  Patch Watch Backup, Group Policy Editor, Intel, Newsletters, Patch Lady Posts, Reinstall, Upgrade blocking, Zero Day

• Zero day in office – but don’t panic

  Posted on May 31, 2022 at 15:38 CDT by Susan Bradley • Comment in the Forums

  Microsoft Releases Workaround Guidance for MSDT “Follina”; Vulnerability

  05/31/2022 11:11 AM EDT

  Original release date: May 31, 2022

  Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.

  CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.

  ---

  Here at Askwoody we are a bit more savvy.  WE DON’T OPEN THINGS WE AREN’T EXPECTING.  That said if you do want to proactively protect yourself ….

  Group policy fix – Just disable “Troubleshooting wizards” by GPO  see the location here:

  Registry fix:

  click on the search box, type in cmd

  Right mouse click on cmd in the menu bar to RUN AS ADMIN

  type in reg delete HKEY_CLASSES_ROOT\ms-msdt /f

  Click enter

  

  If you want to restore it back:

  This registry key will restore the troubleshooting wizard – link here

  Click on the downloads, double click to launch, follow the slightly scary instructions to import the registry key back in.

  =================

  Update 6/1/2022

  Now the URI for Search is being abused.

  Once again if you want to proactively protect yourself

  Run Command Prompt as Administrator.

  Execute the command “reg delete HKEY_CLASSES_ROOT\search-ms /f”

  

  If you want to restore it back, click here

  Windows Security MS-DEFCON, Patch Lady Posts, Zero Day

• Understanding the zero days

  Posted on March 7, 2022 at 02:42 CST by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  What do attackers go after?

  If you take a look at the known, exploited vulnerability listing as put out by the Cybersecurity & Infrastructure Security Agency, you’ll find that the list is long and confusing. Even if you cut it down to just Microsoft and Apple, it’s still a bit overwhelming, to say the least.

  I’m going to focus on two bugs, to showcase differences in how the attacks occur on Windows and Apple and what the attackers are going after.

  Read the full story in the AskWoody Plus Newsletter 19.10.0 (2022-03-07).

  AskWoody Plus Newsletter, Patch Watch AskWoody Plus Newsletter, Patch Lady Posts, Patch Watch, Ransomware, Zero Day

• Zero day for Windows 7

  Posted on November 25, 2020 at 12:11 CST by Susan Bradley • Comment in the Forums

  Bleeping computer reports that 0-patch is releasing a fix for a zero day in Windows 7 and server 2008 R2.

  I haven’t yet seen an out of band patch released to Windows 7 ESUs but I’ll keep you posted.

  One clarification on that post, Sergiu says “At the moment, only small-and-midsize businesses or organizations with volume-licensing agreements can get an ESU license until January 2023.”  You actually don’t need a volume licensing agreement in order to buy Windows 7 patches.  Amy Babinchak is still selling Windows 7 ESUs and for anyone who bought them last year, she’ll be contacting you to see if you want the updates again this year.  Microsoft hasn’t yet set it up so that the 2021 Windows  7 ESUs are on their price list, but I’m guessing December 1st is when they will post it to the price list.  It’s expected to be twice the price of last years.

  Windows 7, Windows Patches/Security 0patch, Patch Lady Posts, Zero Day

• Patch lady – targeted attacks using zero day

  Posted on October 30, 2020 at 14:24 CDT by Susan Bradley • Comment in the Forums

  Per https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/:

  and per https://www.bleepingcomputer.com/news/security/windows-kernel-zero-day-vulnerability-used-in-targeted-attacks/

  On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.

  “We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley, that this is targeted exploitation and this is not related to any US election-related targeting.”

  It will be patched November 10th.

  So the good news is that this is targeted only – not by us mere mortals.  Until then keep your tinfoil on and in the ready mode

  Windows 10 0day, Patch Lady Posts, Zero Day

• SandboxEscaper drops another Win10 0day on Twitter

  Posted on October 24, 2018 at 09:38 CDT by woody • Comment in the Forums

  Remember the Task Scheduler ALPC 0day dropped on Twitter at the end of August?

  The same gal, @SandboxEscaper, just dropped another one. On Twitter. No forewarning. No chance for Microsoft to fix it.

  Catalin Cimpanu has a good overview on ZDNet.

  It’s another privilege elevation attack, which means the attacker has to be running on your machine before it kicks in, and the 0day can be used to change the running code from standard to admin.

  The PoC, in particular, was coded to delete files for which a user would normally need admin privileges to do so. With the appropriate modifications, other actions can be taken, experts believe.

  That makes it very mean, but not yet a potent attack.

  Kevin Beaumon, @GossiTheDog, has taken a look at it:

  So this works. Windows 10 and Server 2016 (and 2019) only. It’s similar to Task Scheduler exploit, it allows non-admins to delete any file by abusing a new Windows service not checking permissions again. https://t.co/q45Qj3DGSS

  — Kevin Beaumont (@GossiTheDog) October 23, 2018

  I’ll update this post with the CVE number as soon as I have it.

  Windows Patches/Security Data Sharing Service, SandboxEscaper, Zero Day

• Details on the Task Scheduler ALPC zero-day

  Posted on August 28, 2018 at 07:59 CDT by woody • Comment in the Forums

  Kevin Beaumont (@GossiTheDog) just published an excellent overview of the newly touted ALPC zero-day in Task Scheduler. Complete with working exploit code.

  The flaw is that the Task Scheduler API function SchRpcSetSecurity fails to check permissions. So anybody — even a guest — can call it and set file permissions on anything locally.

  It’s a privilege escalation bug, allowing an offending program to leapfrog itself from running in user mode to take over the machine.

  Catalin Cimpanu on Bleeping Computer posted the initial revelation from @SandboxEscaper, who posted original exploit code on GitHub, then deleted their Twitter account.

  Nothing to worry about yet, but expect to see a fix for all versions of Windows before too long.

  Windows Patches/Security ALPC, Zero Day

• Patch Lady – Flash update out on June 7th

  Posted on June 7, 2018 at 14:39 CDT by Susan Bradley • Comment in the Forums

  Be aware that today a Flash update has been released.  For those of you on Windows 7 you will need to either look to a prompt or go to the Adobe flash page for your update.  For those on 10, and 8.1 you get your update from Microsoft.

  https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player

  “Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.”

  Generally speaking it’s wise to ensure these flash updates are installed as soon as possible.  Kirsty’s got the links for you here:

   

  Windows Patches/Security Flash, Patch Lady Posts, Zero Day
• « Older Entries