Monthly Archives: October 2020

• Patch lady – targeted attacks using zero day

  Posted on October 30, 2020 at 14:24 CDT by Susan Bradley • Comment in the Forums

  Per https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/:

  and per https://www.bleepingcomputer.com/news/security/windows-kernel-zero-day-vulnerability-used-in-targeted-attacks/

  On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.

  “We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley, that this is targeted exploitation and this is not related to any US election-related targeting.”

  It will be patched November 10th.

  So the good news is that this is targeted only – not by us mere mortals.  Until then keep your tinfoil on and in the ready mode

  Windows 10 0day, Patch Lady Posts, Zero Day

• MS-DEFCON 3: Get the October patches installed

  Posted on October 29, 2020 at 23:49 CDT by woody • Comment in the Forums

  We’re seeing some funny business with the ancillary patches this month, but the mainstream Windows cumulative updates and Office patches look good to go.

  Big question is whether you want to upgrade from Win10 version 1909 to version 2004. I have a few observations. Bottom line: Susan Bradley has upgraded her 1909 machines to 2004. I’m still sitting on a fence. Really, there’s exactly nothing in 2004 that most people will want.

  Step-by-step details in Computerworld Woody on Windows.

  Windows Patches/Security MS-DEFCON 3, October 2020 Black Tuesday

• Patch Lady – make sure you are protected

  Posted on October 28, 2020 at 21:14 CDT by Susan Bradley • Comment in the Forums

  To specifically target hospitals and healthcare with ransomware is pure evil.

  Brian Krebs reports that the “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”  Earlier today a webcast was also talking about this risk.

  I’ve installed the October patches.

  I’ve checked to make sure backups are working (and not backing up to a drive that is accessible by the user making the backup – look to your backup vendor/ask them if their solution does this).

  I’ve made sure that my email has spam filters and email hygiene turned on.

  I’ve repositioned my tinfoil hat so my paranoia is turned full on.

  If you work for healthcare or know of someone in healthcare reach out to them and warn them that they are being targeted by cyber attackers and be extra careful.

   

  Windows Security Patch Lady Posts

• About that Flash-zapping patch, KB 4577586? One leeetle problem. It doesn’t remove Flash.

  Posted on October 27, 2020 at 21:08 CDT by woody • Comment in the Forums

  Earlier today Microsoft released KB 4577586, the “Update for the removal of Adobe Flash Player: October 27, 2020.” As Susan notes in the entry below, it’s only available if you manually download and install it from the Microsoft Catalog.

  Now comes word from Lawrence Abrams at BleepingComputer that the patch doesn’t do anything of the sort:

  In our tests, though, Adobe Flash Player remained installed after installing the update… When we checked the Adobe Flash Player component in Microsoft Edge, it was still installed after installing the update.

  Let’s hear it for Microsoft’s testers – the unpaid ones, at least.

   

  Windows Patches/Security Flash, KB 4577586

• Patch Lady – saying goodbye to Flash

  Posted on October 27, 2020 at 18:15 CDT by Susan Bradley • Comment in the Forums

  https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player

  Saying unofficial goodbye to Flash.  Note this is on the catalog site at this time so that folks can be testing the removal process.  Those behind Windows update will get this later (Decemberish) those on WSUS will get it in 2021.

   

  Windows Security KB 4577586, Patch Lady Posts

• Patch Lady – how old is that computer?

  Posted on October 27, 2020 at 15:41 CDT by Susan Bradley • Comment in the Forums

  So the other day I had a misbehaving computer that wouldn’t boot.  After I reset the cmos battery it booted up and is working like a champ.  But it got me to thinking about how old some of the computers in the fleet are and how it’s harder to keep track – either that or I’m not keeping track as much as I did.

  In the ancient days of computing, we would migrate to new machines when a new model or version came out and then hand the older computers to other people in the office.  There was major speed differences between these models.

  Now, I don’t see as huge of jumps.  I can only type so fast.  Once you get a Windows 10 with good ram (more than 8 gig, even more than 16 gig and more) and a SSD drive, you can be very happy with older hardware.

  https://engineering.purdue.edu/ECN/Support/KB/Docs/HPModelYears

  https://engineering.purdue.edu/ECN/Support/KB/Docs/PCDesktop

  I can honestly get more than four years out of a computer… “Most faculty, staff, and students will find their needs will be easily met by this year’s “standard desktop,” which is designed to provide sufficient performance for at least 4 years. ”  Laptops are a bit harder, especially if you want something portable, but desktop style you can get five and more years out of it.

  Gary pointed to some official “refurbished” computer listings from Microsoft

  https://devicepartner.microsoft.com/en-us/assets/detail/MAR_Partner_Directory_Aug2017-pdf

  https://www.msregrefurb.com/RRPSite/OnlineDirectory.aspx?setlang=en

  Refurbs are also an excellent way to get decent machines.  Recently I purchased a refurb and then took the video card out of another computer and moved some parts around.  Windows 10 had no issues whatsoever finding the drivers and handling the changes.

  So how old is your computer?

   

  Windows 10 Patch Lady Posts

• Pulling the trigger on Win10 Version 2004

  Posted on October 25, 2020 at 21:15 CDT by Tracey Capen • Comment in the Forums
  

  UPGRADING WINDOWS

  By Susan Bradley

  Windows 20H2 is in the pipeline — so it’s about time to install … its predecessor, Win10 2004.

  On October 20, Microsoft tweeted that the October 2020 Update (aka 20H2) has been officially released and will show up over time via a “throttled” rollout. But a few of the tweet’s replies quickly noted that some Win10 users are still waiting for Version 2004 — or had to manually install it. (Microsoft states that the upgrade from Win10 2004 to 20H2 should go faster because it’s more like a monthly update.)

  Read the full story in AskWoody Plus Newsletter 17.42.0 (2020-10-26).

  AskWoody Plus Newsletter, Upgrading, Windows 10 Releases AskWoody Plus Newsletter, Feature upgrades, ISO, Win10 2004

• Four solutions to four computing problems

  Posted on October 25, 2020 at 21:10 CDT by Tracey Capen • Comment in the Forums

  LANGALIST

  By Fred Langa

  AskWoody subscribers are an eclectic bunch, as evidenced by this quartet of interesting — and exceptionally wide-ranging! — reader-submitted questions.

  This week’s topics include using a command-line trick to reveal a PC’s digital license, preserving system data through a UEFI/BIOS reset, managing a PC with dual SSD/HDD drives, and calculating a system’s total power draw. Wow! Let’s dive into them.

  Read the full story in AskWoody Plus Newsletter 17.42.0 (2020-10-26).

  AskWoody Plus Newsletter, LangaList AskWoody Plus Newsletter, Drive maintenance, Power draw, UEFI reset, Windows digital license
• « Older Entries