Once more unto the breach: Win10 1809 starts rolling out again

It’s official. Microsoft has started rolling out Win10 version 1809 today, but only to those in the Windows Insider program’s Slow and Release Preview rings. (Folks in the Insider Program’s Fast ring are already on RS6 — the next “19H1” version of Win10.) Here’s the official announcement:

Last week we paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as we investigated isolated reports of users missing files after updating. Given the serious nature of any data loss, we took the added precaution of pulling all 1809 media across all channels, including Windows Server 2019 and IoT equivalents. We intentionally start each feature update rollout slowly, closely monitoring feedback before offering the update more broadly. In this case the update was only available to those who manually clicked on “check for updates” in Windows settings. At just two days into the rollout when we paused, the number of customers taking the October 2018 Update was limited. While the reports of actual data loss are few (one one-hundredth of one percent of version 1809 installs), any data loss is serious.

So I guess if you’re among the 1%, you’re among the 0.01%. Or something like that.

As best I can tell, there are three builds of Win10 1809 floating around —

• 17763.1 = the original release. Not available any more. Upgrading to this build can zap all of the files in the indicated folders.
• 17763.17 = the version you get if you’re in the Slow or Release Preview rings.
• 17763.55 = the version you hit if you install today’s Cumulative Update, KB 4464630

Just as an admittedly snarky side note… read the description of the problem in the official post, and think to yourself, “If I didn’t have a doctorate in Computerstuff, could I understand this?”

MS has re-released the October 2018 Update (with data loss fixes) as Build 17763.17 to Insider testers in the Slow and Release Preview rings. Plus more info on why 1809/October Update was pulled: https://t.co/AIKVd25yKD

— Mary Jo Foley (@maryjofoley) October 9, 2018

For those who successfully downloaded Win 10 1809 — before MS pulled it — and got Cumulative Update 17763.55 (KB4464330) today as part of Patch Tuesday today: You also get the data-loss fixes, reports @Pureinfotech: https://t.co/fCGqEf2fxS

— Mary Jo Foley (@maryjofoley) October 9, 2018

Patch Tuesday: The good, the bad, the ugly and the hopeless

Patch Tuesday patches are rolling out right now and there’s a bunch of them.

Quick glance on the Microsoft Update Catalog shows 104 individual patches, dated Oct. 5 to 8 (none for Oct. 9 that I can see).

Microsoft’s master list is here.

I’m perplexed by the first cumulative update for Win10 version 1809, KB 4464330:

Addresses an issue affecting group policy expiration where an incorrect timing calculation may prematurely remove profiles on devices subject to the “Delete user profiles older than a specified number of day.”

There’s no indication if that fixes all of the disappearing Documents, Photos, etc., files that some encountered. Although it may well explain the “Delete user profiles” GPO problem. If it makes any difference, there’s been no change in the “Known issues” section of the original Win10 1809 release, KB 4464619. If Microsoft fixed the file deletion problem, they didn’t change the KB article to reflect the fix.

There’s also no indication if this means the forced upgrades from 1803 to 1809 are poised to begin.

Martin Brinkman at ghacks.net has his usual comprehensive list:

• Windows 7: 13 vulnerabilities of which 2 are critical and 11 are important.
• Windows 8.1: 14 vulnerabilities of which 2 are critical and 12 are important.
• Windows 10 version 1607: 19 vulnerabilities of which 3 are critical and 16 are important.
• Windows 10 version 1703: 18 vulnerabilities of which 3 are critical and 15 are important.
• Windows 10 version 1709: 20 vulnerabilities of which 3 are critical and 17 are important.
• Windows 10 version 1803: 20 vulnerabilities of which 2 are critical and 18 are important.
• Windows 10 version 1809: 19 vulnerabilities of which 3 are critical and 16 are important.

Dustin Childs on the Zero Day Initiative page weighs in:

Microsoft released 49 security patches and two advisories covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office and Office Services. Of the 49 CVEs, 12 are listed as Critical, 35 are rated Important, one is rated as Moderate, and one is rated Low in severity. A total of eight of these CVEs came through the ZDI program. Three of these bugs are listed as publicly known at the time of release and one of these is reported as being actively exploited.

We also got a Servicing Stack Update for Win10 1809, KB 4465477. If you’re manually installing the cumulative update for 1809 (sanity alert), be sure to get the SSU installed first. Thx @KPRP42.

The only hole known to be actively exploited is a privilege escalation bug, which means the attacker has to be running on your machine already before they can take advantage of the bug.

There’s a bumper crop of Office security patches, for Office 2010, 2013, 2016, several viewers, SharePoint Server 2010, 2013 and 2016.

The SANS Internet Storm Center posted its usual overview, confirming that only one bug is currently known to be in use, and it’s a privilege elevation bug.

Keizer: Lab rats, Windows 10 and the importance of being last

Gregg Keizer just nailed it again:

The file-deletion flaw that plagued last week’s rollout of the Windows 10 October 2018 Update shows how Microsoft uses consumers to test out the OS so its important customers – businesses – are protected.

For Microsoft, a mistake and resulting upgrade retraction like this is a feature, not a bug, of its Windows 10 release strategy.

Keizer explains how consumers are used as lab rats.  I tend to think of them (which is to say, us) as cannon fodder, but the simple fact is that Microsoft can and will push its bad updates on you, unless you’re connected to an update server, or you have Win10 Pro or Education set properly. Even if you have Win10 Pro set properly, Microsoft may still “forget” to honor its own settings.

Right on. Check it out.

(Yes, for those who ask, I do forgive Gregg for mis-spelling my name. Again. It’s the copyeditors I wonder about.)

Patch Lady – 31 days of paranoia – day 8

Patch Lady here with our 8th day of paranoia.  Today I’d like to remind you about a risk of something that too often we don’t think anything about and just take for granted…. wifi.  Walk into a Coffee shop and you will find people using a wifi that they don’t know anything about.  Go to a hotel and the check in process hands you a password to a wifi access point.

Yet you should think about what CAN occur on a hotel or public wifi which includes malware, man in the middle attacks, Malicious hotspots, or wifi sniffing.  I generally make it a rule to not connect to a wifi access point that I haven’t personally installed (my home and office), or personally know who has (friends and family).

Now you can add vpn services like NordVPN, ExpressVPN, OpenVPN and any number of other VPN services that put a layer of protection around your connection, but my recommendation is to also pay for that as well.  Don’t rely on free.  As a general rule “free” means that you are the product they are selling.  Review the end user license agreement very carefully, or don’t connect at all.

Also consider the device you travel with.  As a general rule, traveling with an ipad or android tablet is not only easier to get through the TSA lines, but also less of a target for malware.  Not saying that ipads are immune but giving the apps store experience, there is more of a vetting process that goes on.  When I do travel with a laptop for travelling, I travel with a (now several years older) Surface with built in cellular connection so I have the easy ability to get online with a paid cellular connection and not connecting to the Amtrak wifi, hotel wifi or coffee shops.  It’s getting a bit slow now and I’m looking forward to replacing it with a newer lightweight device that contains built in cellular as well.

Too often I see too many of us in restaurants, hotels and coffee shops with our nose in our phones or computers and not enjoying the ambiance of the moment.  Time to be a bit more paranoid about connecting to the wifi and make eye contact with that person sitting across the room from you.

Google shuts down Google+ network

Google’s just now confirming that an API bug might’ve exposed private profile data for 500,000 Google+ users. Their response is to shut down Google+.

I didn’t realize Google+ has 500,000 users.

Catalin Cimpanu has the details on ZDNet.

UPDATE: Big revelations coming from the Wall Street Journal. Is it possible that Sundar Pichai didn’t testify in front of the US Congressional Committee because he was afraid of being tripped up by the then-secret breach?

Avoiding the ransomware protection in Win10

A real eye-opener from researcher Soya Aoyama, from a presentation at Derbycon 2018.

Thx Catalin Cimpanu, @campuscodi

MS-DEFCON 1: There’s no reason in the world to leave Automatic Update turned on

Time to turn off Automatic Update again.

If you survived the brutal barrage of bad patches in July, and avoided the 1809 carnage last week, you should understand why.

Details in Computerworld: Woody on Windows.

Patch Lady – 31 days of paranoia – day 7

Patch Lady here with a kind reminder that at this time the release of 1809 has been paused while Microsoft investigates.  If you’ve been hit by the bug, Woody’s got some advice. If you are already on 1809, I would stay on it and not roll back.  The bug occurs during the install, not the running.

It’s now been seven days of paranoia and today’s topic is about social engineering.  Or as the FBI puts it in their video designed to help train political campaign workers to not be tricked… “targeted lies designed to get you to let your guard down”.  Social engineering is now one of the key ways that attackers use to get into our systems, however, it is not new.  Back in 1995, Kevin Mitnick was arrested for breaking into computer systems, often without cracking passwords, merely tricking the person on the other end of the phone call with key information to get them to trust him to turn over more information.  He now is the “Chief Hacking Officer” of Knowbe4 a security awareness company.  What worked then, still works now, except what often worked then had to do with a human, Kevin, calling the victim over the phone and gathering information to trick the person on the phone to turn over key information.

Now we use phishing and spear-phishing (targeted attacks) via email to get to the same target.  As is noted in the video by the FBI, be careful what you share online and on social media.  Often you “leak” key personal information in social media posts.  Often password reset questions can be googled.  How many times have we seen reports of key individuals whose email accounts got hacked by being able to google up key questions in the person’s biography like where they went to school and so on.

90% of breaches start with social engineering/phishing attacks.  Read that stat again…. 90%.  Ransomware containing emails have increased 6000% between 2016 and 2017.

Bottom line they are out to get you so watch your email carefully.  For all the automatic tools and filters I have on my email, often the only thing between me and an attacker is a bit of skepticism and paranoia and not immediately opening up emails.  Don’t open attachments you weren’t expecting.  Run files through www.virustotal.com just to be safe.  Empower yourself it not immediately take action on email.  Be more suspicious of what comes into your email.  The vast majority of email in your inbox is there to attack you.

Remember if you do want to buy that heavy duty Reynolds Wrap to get you through the next 24 days, make sure you buy it using the affiliate link so that Woody can get a small bounty.  😉