Newsletter Archives

• SMB security changes in Windows 11 might affect your NAS, too

  Posted on August 28, 2023 at 02:44 CDT by Mary Branscombe • Comment in the Forums

  WINDOWS 11

  By Mary Branscombe

  It’s going to get harder and harder to connect to your NAS as a guest with SMB. That’s a good thing for security, but it could be a problem if your hardware is older.

  The Server Message Block (SMB) network file-sharing protocol lets Windows applications read and write files stored on servers in your network, including Network Attached Storage (NAS) systems. SMB underpins a lot of Windows network technologies, such as Storage Spaces Direct and even network printing. The print spooler is essentially just a file, after all.

  Read the full story in our Plus Newsletter (20.35.0, 2023-08-28).

  Windows 11 Home Networks, NAS, Newsletters, SMB Signing, SMBv1, SMBv3

• MS-DEFCON 2: Are you still on Windows 10 21H2?

  Posted on June 8, 2023 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 20.23.1 • 2023-06-08

  

  By Susan Bradley

  We’re nearly halfway through the 2023 patching year, almost to the end of the road for Windows 10 21H2.

  But before we delve into that: Patch Tuesday is just around the corner, so it’s time to get conservative and defer patches. Accordingly, I’m raising the MS-DEFCON level to 2.

  Microsoft is indicating that it will “force” 21H2 machines to 22H2, but I have news for them — if you don’t have 22H2 and you are not using one of the methods to hold off on feature releases (Group Policy, registry key, etc.), chances are you have some sort of issue that is blocking the install. Some of the blocks may be driver-related, and some may be the result of underlying corruption in the code that handles patching.

  Anyone can read the full MS-DEFCON Alert (20.23.1, 2023-06-08).

  AskWoody Plus Alert, MS-DEFCON Alerts, MS-DEFCON, MS-DEFCON 2, SMB Signing, SMBv1, SMBv2, SMBv3, Windows 10

• Patch Tuesday update: Disappearing SMBv3 patch, non-security Office patches, and a so-far-mild Patch Tuesday

  Posted on March 11, 2020 at 10:57 CDT by woody • Comment in the Forums

  Things look pretty stable at this point, although I’m seeing a disturbing number of Error  0x800f0900 on installs.

  If any of the old problems poked through into this round of updates, I haven’t seen any loud scream of pain about them. But the day is yet young.

  Admins, you have a tough day ahead, if you’re using SMBv3.

  Details in Computerworld Woody on Windows.

  Windows Patches/Security March 2020 Black Tuesday, SMBv3

• It looks like the announced-but-not-fixed CVE-2020-0796 “CoronaBlue” vuln is only for Server 1903 and 1909

  Posted on March 11, 2020 at 08:21 CDT by woody • Comment in the Forums

  I’ll have more details about this shortly, but many of you admins are rightly concerned about the CVE-2020-0796 security hole, which was announced, then not announced, then announced again in Microsoft ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression.

  Long story short, it looks like MS was poised to release a patch yesterday, then decided at the last minute to cancel the patch — but somehow word of the cancellation didn’t make it to at least two organizations that published details about it.

  It looks like the security hole only affects Win10 1903, 1909, Server 1903 and 1909. Per Florian Roth:

  

  There’s a lot of information available about the hole and countermeasures from Satnam Narang on Tenable, from Sergiu Gatlan at BleepingComputer, Catalin Cimpanu at ZDNet and, in the past couple of hours, Dan Goodin at Ars Technica. Those of you running networks with SMBv3 should take a look.

  If you’re running a network on Win7 or Server 2008 R2, you’re good. SMBv3 didn’t even exist back then.

  And if you aren’t in charge of a network, sit back and smile. You have other things to worry about.

  UPDATE: Catalin Cimpanu now says:

  I have now seen/talked to 3 different people claiming they found the bug in less than 5 minutes. I won’t be surprised if exploits pop up online by the end of the day.

  Windows Patches/Security CVE-2020-0796, SMBv3

• Proof of Concept code for SMBv3 zero-day leads to Blue Screens, maybe worse

  Posted on February 3, 2017 at 05:38 CST by woody • Comment in the Forums

  Computers running fully patched Windows 10, 8.1, Server 2012, and 2016 are hit by Blue Screens when trying to connect to an infected server.

  InfoWorld Woody on Windows

  Thanks to Günter Born.

  UPDATE: Ars Technica’s Dan Goodin has a damning account of the way Microsoft is handling this 0day. Well worth reading.

  ANOTHER UPDATE: Last night, Microsoft Program Manager Ned Pyle tweeted “Yes, fix is coming. I’m not allowed to say more, because Microsoft.”

  Windows Patches/Security SMBv3