Woody’s Windows Watch: Windows 10 patching improves

Hard to believe that Win10 patching will get any better, but there’s reason for hope.

Microsoft seems to be genuinely interested in delivering more reliable Win10 patches — and willing to put money and time into improving the execrable quality of the offal that’s been shoveled in the past few years.

Will the improved patching method work? Remains to be seen – and the patchers are working against an insane release cycle.

Details in AskWoody Plus Newsletter 16.3.0, now available FREE online.

Patch Watch: Green light for most patches; yellow for Win10 version 1809

Patch Lady Susan Bradley’s latest take on patching.

Out this morning to all AskWoody Plus members, in AskWoody Plus Newsletter 16.3.0, now available FREE online..

Networking: Power over Ethernet

AskWoody Plus Editor-in-chief Tracey Capen’s inaugural article looks at using Power over Ethernet gear to extend fast Wi-Fi to every part of a house. The technique delivers electric power over an Ethernet cable – so one coax cable can handle everything you need to set up a wireless access point. A simple and cheap “injector” can handle 20 watts; a big box can handle 100 watts.

Full details in this week’s AskWoody Plus Newsletter 16.3.0, which just went out to AskWoody Plus members, now available FREE online.

Deanna’s Freeware Spotlight: Account Profile Fixer

In our January 21 column, we discussed using the free User Profile Wizard utility to move Windows user accounts to a new user or to another domain. But what if you have a corrupted user account that needs repair?

Details on Caified’s free (donationware) Account Profile Fixer in the AskWoody Plus Newsletter 16.3.0, which went out this morning to all of our Plus members, now available FREE online.

AskWoody sponsorships: Meet Rimi

Continuing a long tradition by both Fred and Woody, AskWoody.com now sponsors disadvantaged kids from around the world, through Save the Children. Your Plus Membership helps kids in difficult conditions.

This month, we’re proud to sponsor Rimi, a 6-year-old in Barisal, Bangladesh.

Details in today’s AskWoody Plus Newsletter, issue 16.3.0.

Microsoft Exchange 0day exploit code published

According to Thomas Claburn at The Reg:

Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.

Claburn goes on to reference Dirk-jan Mollema’s proof of concept post:

This blog combines a few known vulnerabilities and known protocol weaknesses into a new attack. There are 3 components which are combined to escalate from any user with a mailbox to Domain Admin access:

• Exchange Servers have (too) high privileges by default
• NTLM authentication is vulnerable to relay attacks
• Exchange has a feature which makes it authenticate to an attacker with the computer account of the Exchange server

Here’s where it gets thick. Er. Mollema claims his method allows an “attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange.”

Microsoft, however, has apparently weighed in on the elevation of privilege bug in CVE-2018-8581:

To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.

And there’s the rub. The headlines make it sound like anybody with an Exchange mailbox can become a Domain Admin. The Microsoft CVE report (which, I assume, relates to the same bug) says that a man-in-the-middle attack is necessary.

Big difference.

Anybody know the details?

Keizer: Win10 version 1809 rollout fiasco may hinder Enterprise migrations from Win7

In the once burned, twice shy department (or should I say 100th time burned, 101 times shy?) Gregg Keizer has an interesting analysis of the Win10 1809 rollout debacle — and why it may convince Microsoft’s big customers to stick with Win7.

In a nutshell:

This year’s [version] 1903 [a.k.a. 19H1] would be a mistake because even for Windows 10 Enterprise customers, it will get only 18 months of support. That means holding out for 1909, which will receive 30 months of support. Trouble is, the company won’t have much of an upgrade cushion from 1803 to 1909; the upgrade will have to begin as soon as the latter is declared enterprise-ready and even then, the cushion will be a short four months.

Gregg has a very convincing argument — Microsoft’s dropping the ball on 1809 puts Enterprises in a tough place. It’s all in the calendar, and the fact that 19H1 will only receive 18 months of support whereas 19H2 will (MS has promised) receive 30 months.

I wonder if/when Microsoft will jump off this insane 6-month upgrade cycle.

Office 365 experiences widespread outages Thursday, January 24, 2019

Microsoft Office 365 has been having problems since 9:21 AM EST today. Users have been unable to access their email. Reports have been widespread. The Register reported that Users in the UK and much of Europe were affected.

There have also been reports from South America and Africa.  And Downdetector.com shows an even wider outage.

cbronline gives this analysis

At the time of writing it had yet to update its public-facing status page, which showed normal service, but an update for administrators blamed a “subset of mailbox database infrastructure [that] became degraded, causing impact.”

At 1.54pm it changed that attribution, with Microsoft 365’s status account on Twitter instead saying “a subset of Domain Controller infrastructure is unresponsive, resulting in user connection time outs” and pledging mitigation.

Have any of you experienced a problem?  Let us know.