Zero day in the cloud

ON SECURITY

By Susan Bradley

If you are a consumer, home user, small-business user, or even a medium-sized business user, today’s column may anger you — or at least cause you to mutter, “I told you so.”

For those of you who work in large companies and government entities, your size allows you to complain more loudly than most. I hope you will, because the event I’m about to discuss, plus all our past and present complaints, should make all cloud vendors, especially Microsoft, take note.

Read the full story in our Plus Newsletter (20.30.0, 2023-07-24).

The dribble impact

Just a reminder that lately Microsoft has been into dribbles.

Case in point – several folks in my office finally got the “feature” where the menu in Outlook moves from the bottom of your Outlook to the top left. You think you accidentally moved it and finally you realize it’s not you, it’s them. (855 posts and counting) In Microsoft 365 you can open Outlook, go into file, options, advanced and uncheck the “show apps in Outlook”. The menu bar will move. There is also a registry key method. We were joking that Microsoft must be ensuring our brains stay active by moving the icons around the screen.

The other dribble I haven’t seen is the “badging” or reminders to sign in with a local Microsoft account. I set up yet another Windows 11 home pc for someone to take home and replace an aging laptop and while yes you can still use the trick whereby you put in the No@thankyou.com as your Microsoft account email and then ANY password and it will let you set it up totally without a Microsoft account and without a password if you so desire (I honestly would not recommend that). So I think they are still rolling that out.

In setting up the computer and downloading tools like Start11 to adjust the menus and then I went to download Explorer Patcher and found you REALLY had to be careful and not install something from a bogus website. As always if you are setting up anything new – and this goes for any operating system from Windows to Linux to Apple, you might not be quite so savvy about what are good sites to download from and what are not. If you have any questions just ASK. There are nefarious folks out there that are trying to trick us all.

Remember click on the Forums support section, find the operating system you are interested in, and click on the New Topic button.  Someone is pretty much here 24 hours a day, seven days a week.

Why PowerShell?

WINDOWS

By Bruce Kriebel

For nearly 50 years, we’ve all been using the commands that originated from MS-DOS command line interpreter (CLI).

This wasn’t a bad thing. Even when Windows came along, Microsoft provided a means to get to the CLI (the program cmd.exe) and continued to flesh out its capabilities. I’ll bet nearly everyone reading this has written a simple batch file using those commands.

But there’s a better alternative.

Read the full story in our Plus Newsletter (20.29.0, 2023-07-17).
This story also appears in our public Newsletter.

Block malicious OneNote attachments without blocking your work

ONENOTE

By Mary Branscombe

Making PCs more secure is a continuous cycle of improving security in one area, such as Windows itself, so attackers move on to another avenue of attack.

They go after PDFs, browsers, and — perennially — Office documents, usually through macros.

In each case, Microsoft typically creates a fix for the specific attacks first, then a defense against that category of attacks, and then deeper protections that might make more significant changes to the underlying feature used as an attack vector.

Read the full story in our Plus Newsletter (20.29.0, 2023-07-17).

Universal USB Installer — because flash drives are cheap

FREEWARE SPOTLIGHT

By Deanna McElveen

In the immortal words of John Cleese, “And now for something completely different.”

You are here because you love Microsoft Windows (maybe “love” is too strong a word), but that doesn’t mean you can’t dabble in other operating systems.

Universal USB Installer is a free utility by Pen Drive Linux that allows you to easily download and create bootable flash drives for a gazillion operating systems and other bootable tools.

Read the full story in our Plus Newsletter (20.29.0, 2023-07-17).

Patch testing isn’t easy

PATCH WATCH

By Susan Bradley

No matter who the vendor is, bugs occur.

By the time you read this, Apple will have already re-released its rapid security patches for iOS, iPadOS (16.5.1), and MacOS Ventura (13.4.1). The patches dealt with side effects impacting Facebook, Instagram, WhatsApp, Zoom, and various other websites.

The bug release fixed a WebKit vulnerability that was being exploited in the wild. If you don’t use Safari as your default browser, or if you don’t use the impacted apps, I hope you just did the “sit tight and wait for a re-release” thing.

Read the full story in our Plus Newsletter (20.29.0, 2023-07-17).

Are you seeing multiple reboots?

For those running Windows – if you’ve gone ahead and installed the July updates, are you seeing more than one reboot?

(Note I am not recommending that you install the updates at this time, I’m just noting something I’ve seen and wanting to know if those of you that HAVE installed updates have seen this behavior?) Because the .NET updates do not include any new security patches but do fix an issue with X509 certificates, I think what is going on is that the reboot sequence isn’t set up correctly by Microsoft and it will want to reboot after the cumulative update and then again when the .NET updates are installed.

Note in a corporate setting where you may not approve the .NET patches, you should only see a single reboot.

Note it doesn’t hurt anything, just slightly annoying and causing you to have to be more patient this month.

So are you seeing this?

Master Patch List as of July 11, 2023

I’ve updated the Master Patch list for the July  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

So far trending issues are:

Consumers:

Windows 11 updates include fixes for gaming quality mice.

Business side effects:

If you have external email banners set up for Outlook clients that are suddenly missing after the last update to Outlook. try adjusting the colors .
Manual registry keys have to be deployed to be fully patched. Testing the impact and will report back. I do not see this as a concern for consumers just potentially targeted businesses.

I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

• Windows 11 22H2: Recommended
• Windows 11 21H2: If you have a Windows 11 PC and are a gamer, recommended
• Windows 10 22H2: Recommended
• Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

July’s Patch Tuesday is here

For those of you in business, Microsoft decided that today – of all days – was the day to announce that “Microsoft rebrands Azure Active Directory to Microsoft Entra ID”  Azure AD is the cloud version of Microsoft active directory, which is what I’m probably going to call it for the rest of my life and not “Entra ID”.

Meanwhile back in the real world of day to day workstations of Windows and Apple, those rapid release patches of yesterday have been pulled due to a bug in Safari (showcasing that testing is hard for everyone).

On the Windows platform, I want you to be in deferral mode as we watch for the testing results.  I’ll add more details as the patches come out.

Highlights for Windows 11, version 22H2:
-Expands the roll out of notification badging for Microsoft accounts on the Start menu (aka annoy you to not use a local account)
-Improves the sharing of a local file in File Explorer with Microsoft Outlook contacts
-Adds live captions for several languages

If you kept Edge as default and Chrome would launch app controls, this update should fix that. If you kept Chrome as default you probably didn’t notice it.

Dustin Child’s Zero day blog.

Ghacks link

Remember Windows 10 22H2 is only receiving security updates now so it’s the stable/boring version of Windows.

If you are a WSUS patcher, detection looks to be borked – as in it’s not seeing your machines as needing updates. Microsoft will have to fix the detection.

A computer museum near you is closing soon

PUBLIC DEFENDER

By Brian Livingston

You certainly remember your first boyfriend or girlfriend. You might also remember your first cigarette and your first drink (hopefully not while driving your first car). But who’s going to remember the pioneering computer technology breakthroughs that have put mainframe power on everyone’s desks and in everyone’s pockets?

There are discouraging signs that much of our electronic history is going to be lost.

Read the full story in our Plus Newsletter (20.28.0, 2023-07-10).
This story also appears in our public Newsletter.

Creative uses for external drives

HARDWARE

By Peter Deegan

Despite the availability of cloud storage over fast Internet connections and the ever-increasing size of storage built into all devices, external storage devices have many uses.

And even though the very term “external drive” conjures up images of desktop “bricks” containing rotating hard drives, external storage can consist of any storage device that can be connected to a desktop, laptop, or phone and appears to that computer as a disk drive. As we’ll see, external drives can connect in many ways, serve many purposes, and be as tiny as a thumbnail.

Read the full story in our Plus Newsletter (20.28.0, 2023-07-10).

TrueNAS and Windows together

HARDWARE DIY

By Ben Myers

TrueNAS is installed, so let’s put it to work in the world of Windows.

My first article about TrueNAS left everyone on the edges of their seats, excitedly wanting to see how TrueNAS becomes part of a small network to be used as a local repository for our personal information.

Edge of your seat? Okay, probably not. But it was the best place to split a project article in two. I left you hanging at the TrueNAS Dashboard, the starting point for any and all actions needed to make TrueNAS useful.

Read the full story in our Plus Newsletter (20.28.0, 2023-07-10).