Replies

[WSMRCS]

“Sometimes I don’t understand Microsoft updates, do you?”

I guess I do because I don’t understand what you don’t understand. Was there something inadvertently left out of that section?

• This reply was modified 4 years ago by WSMRCS.

It goes without saying that once your system, or the system you’re a part of, is breached, you’re s******. But, I believe the upshot of the discussion became where are you better off. If you plan on not doing anything or don’t know anything about security, then I would agree that someone is better off with the cloud.
Otherwise, who is the bigger or more likely target:
1) Microsoft with thousands of clients or, like most of us, someone smaller than MS with just themselves or a comparably few clients.
2) 63% of break-ins are inside jobs (that’s an old number) and all of the security software and measures in the world is not going to help you. MS and other companies like them have thousands of employees, whereas most companies are much smaller and most of the employees are known to those responsible for the company’s security.

“hackers for months monitored staff emails sent via Office 365”

If you’re saying that because Office 365 was not the original vector that makes you comfortable, I’m glad for you.

Paul, that was old info. Follow some of the links.

SolarWinds Hack Compromised 40-plus Microsoft Customers
https://www.crn.com/news/security/solarwinds-hack-compromised-40-plus-microsoft-customers
Microsoft Breached Via SolarWinds As Scope Of Destruction Widens: Report
https://www.crn.com/news/security/microsoft-breached-via-solarwinds-as-scope-of-destruction-widens-report?itc=refresh
Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny
https://www.crn.com/news/security/microsoft-s-role-in-solarwinds-breach-comes-under-scrutiny

[Susan Bradley]

Best post yet, anonymous Guest.
This topic got awfully quiet after SolarWinds.

“If it had been using Office 365 for email, it would have been game over.”

https://www.reuters.com/article/us-global-cyber-usa/suspected-russian-hackers-used-microsoft-vendors-to-breach-customers-idUSKBN28Y1BF

Are memories so short these days that we need the constant reminders.

• This reply was modified 4 years, 4 months ago by Susan Bradley.
• This reply was modified 4 years, 4 months ago by WSMRCS.
• This reply was modified 4 years, 4 months ago by WSMRCS.

1 user thanked author for this post.

Cybertooth

KB4512506 won’t install on Win7 x64

Apparently I am not the only one having this problem:
https://www.dslreports.com/forum/r32478603-Microsoft-August-2019-Security-Updates

While it clearly says on the KB4512506 page that KB4474419 is a prerequisite, it’s also clear from the Update History that it tried to install KB4512506 first. Standalone installer wouldn’t work. Uninstalling and reinstalling KB4474419 didn’t help, either

WU seems to be behaving lately (not sure why), though I have had problems up until recently. I guess I have MS to thank for the following, but I learned 2 interesting things along the way when I was trying to fix the long delay in Checking for Updates. One is that if WU started on its own, it does not show the progress in the progress bar when you launch it. I had to check Task Manager to see that it was running, continuously at 25% CPU cycles. I now only turn on the service when I want to check for updates. Second, at least for those of you who do not use a paging file , WU is quite the memory hog. When I stop the WU service, I pick up over 600MB of available memory.

edit: Win7 Home Premium

You may want to edit this before the newsletter goes out. Both numbers are the same:
“…are KBs 3156387 and 3156387”

With zero replies…

Doesn’t matter how many replies

That makes no sense.

satrow, thanks. I felt that was probably the case, but I couldn’t find anything that said for sure it had not been folded into DWM. I could only find the general statements that visual effects need DWM or that some visual effects need DWM. It sort of looked okay to me, but if it were slightly below the perceptual level it still could cause eye strain/fatigue.

jwoods, that’s a big help. I didn’t realize there was also a setting for Desktop Composition in visual effects. I had turned off everything except font smoothing ages ago. The only setting for Desktop Composition that I was aware of was in the per application Properties > Compatibility tab. I presume the checkbox in visual effects overrides all of those.

Interesting article. Clarifies a lot of issues with the patches to Windows Update.

New Policies in July’s Windows Update Client to Stop Windows 10 Upgrades by Normal Users
http://windowsitpro.com/windows-10/new-policies-julys-windows-update-client-stop-windows-10-upgrades-normal-users

I also got this one on Windows 7:

3048761
Information or messages are not updated automatically in an application
(This issue occurs because memory leak occurs in Desktop Window Manager (DWM.exe) when a window changes its parent window in an application.)

I am not looking to get the links on the page. I want to get the URLs that are used to get the content to build the page.
Why? For security purposes. I allow only certain sites certain privileges. This didn’t used to be much of a problem when internet speeds were a lot slower. Often you can get what you need from the links in the page, but not always. I have a case now like that, and I can see that other sites are being contacted to get content but they go by too fast and/or are too long to get the characters of the address.

Are you using Flash Player in your browser to listen to the stream? If so you should see a connection on port 1935.
How are you viewing the port re-assignment?

cheers, Paul

I think I figured it out. I believe it’s that the DNS servers get overloaded. When I switched my alternate with my primary it stopped happening. I wouldn’t expect it to start so early on a normal Sunday, but still, I want to see what happens later today and after 5:00 on a weekday.

To answer your questions, I do use Flash and at the moment it is on 1669, but there’s nothing consistent about the port Flash uses. However, it is stable for the time being. I view my open connections using Comodo’s “View Active Connections”. You can get the the same thing using the command prompt, but I don’t remember the command right now, and I’m not sure if it shows the ports opening and closing in real time.

This should also help with some of the misbehaving websites.

If you really wish to use MBAE with EMET —
disable all the ROP mitigations: SimExecFlow, Stack Pivot, Caller, MemProt, LoadLib