Since we have been using computers, we have been looking for a way for each machine’s administrators to better control the machines and take care of them. This is how we got PowerShell: Microsoft gave admins a command line tool that would be able to automate more and more tasks, from scripting across a network to fully deploying and managing a server with no graphical user interface. Of course, with every good thing comes attackers that abuse it, and PowerShell is no exception. A recent attack that utilizes a malicious word attachment also used PowerShell commands to put a back door in the system, then used DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. While this process is not new, the recent headline use of PowerShell has led to some question if one can block PowerShell on their machines. The first thing to know is that one truly cannot uninstall PowerShell from a system. Think of PowerShell like the DOS command line that is still hiding under the hood of the operating system: it’s a deep, embedded part of the operating system. However, that doesn’t mean you aren’t without options to better prevent the use of … Read More
March’s updating appears to still be in limbo. No previews of February updates means a smaller expected update for Windows 7. The Patch Day That Still Wasn’t Microsoft still seems to be recovering from whatever caused them to skip releasing Office and Windows security updates on the second Tuesday of the month. Normally on the third week of the month they will release a preview of the following month’s non security updates. This time they only released the overdue Flash update that Windows 8.1 and Windows 10 machines need to be protected as Flash is embedded in that platform. Remember that Flash for Windows 7 is an independent update that comes directly from Adobe. For Windows 8.1 and 10, Flash has to come from Microsoft’s updating mechanism for those platforms. March will also mean changes to Microsoft’s communication regarding security bulletins, with all new Security Portal will be the new location for security guidance and information. What to do: Look for more changes to updating to come. Sha-1 Changes This article is part of our premium content. Join Now.Already a paid subscriber? Click here to login.
Recently a WordPress attack led to defaced web sites. WordPress is an easy web platform to use and one used in many attacks. Here’s why — and what you can do to protect a WordPress site. Why WordPress Is Attacked WordPress is a very powerful platform. It makes it easy for novices and non web developers to build their own customizable web sites that are easily updated and very social. But that ease of use can also mean ease of being used in attacks. The core of WordPress is augmented by any number of third party plug ins and thus to patch and maintain WordPress sites can be pretty tricky. Recently, several security issues caused many sites to be defaced. The update, released on January 26th, fixed several issues the worst of which caused an “unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.” The bottom line? Attackers could take control of a site and post whatever content they wanted. As soon as the patch was released, sites came under attack. So why didn’t all of us running WordPress sites immediately update? Well, for the same reason we don’t immediately update Windows patches – we fear new releases will … Read More
All other Microsoft updates are still on hold at this time, but we may see some non security preview updates for next month. While Microsoft isn’t saying anything public at this time, several reputable sources have informed me that Microsoft will release the overdue Adobe flash update for Windows 8.1 and Windows 10 on Tuesday, February 21, 2017. I will recommend that you go ahead and install this as soon as possible due to the potential for web based attacks from Flash. While Chrome is deemphasizing Chrome in recent browser releases as noted in the Chrome blog, Windows 10 and 8.1 still have flash as part of the operating system. In the creators release expected this spring, Flash will become of less importance in the operating system. Until then we need to update our browsers with any Flash update as soon as we can. It’s unclear if we’ll see any other non security preview updates for the Windows operating system on Tuesday. If you do I’ll recommend you do not install these updates at this time. Microsoft is still not releasing any security updates that we expected in February and will wait until March to do so. Keep in mind … Read More
In a very unusual move for Microsoft, they held off on releasing updates on Tuesday, February 14th. As noted in their MSRC blog, something happened to cause them to hold off on releasing updates on Patch Tuesday. There was no word if the underlying problem was due to something in the updates or something in the delivery service. Not only were there no Operating system updates released, there were no Office security updates released as well. As a result of this very unusual move, this will be a very abbreviated Patch Watch column for this week. If the updates come out between now and when this newsletter gets sent to you, I’ll be recommending that you hold off on updating just until we get more information as to what the root problem was. For those still suffering from the Windows 10 1607 bug that causes the workstation to hesitate when making new folders on file servers, as noted in this blog post, the good news the fix is in a hotfix available via the Microsoft catalog site. The bad news is the fix was supposed to be in Tuesday’s releases which got delayed. If you go to the catalog site, … Read More
Not a day goes by that I don’t see some sort of scam or attack. Awareness of the latest scams it key to staying safe — here are some new scams you should be aware of. Ransomware’d Printers The latest in ransomware techniques is to target vulnerable printers inside networks. As noted in a recent article, the attack takes advantage of a network if port 9100 is open. While in a small network behind a router provided by your Internet Service provider, the chances are small that port 9100 will be open if you’d like to make sure you can perform the following steps. From a computer inside your network go to the ShieldsUP website. Click on proceed to begin the process In the box, enter 9100 Click on user specified custom port probe The test will indicate if the port is open or closed. Chances are very good that the port will be closed. If so, you will not be at risk to this attack from external sources. However, I have seen several firms impacted by this attack because the malware entered into the network into a workstation and was able to attack vulnerable printers. In one case it … Read More
At my office, I’ve been rolling out Windows 10 machines to replace our older Windows 7 models. In installing these Windows 10 machines, I’ve found several tweaks and adjustments that make my machines behave more nicely and ensure I’m not bothered by apps I don’t want or need. As I’ve said before, the key thing anyone running Windows 10 Home version needs to do is upgrade to Windows 10Professional. This is the easiest step of this process. Of course, you need to purchase a Windows 10 Professional license if your machine came with Windows 10 Home version. This can be easily done from inside the system section of your Windows 10 Home machine: Merely scroll to the about section, click on change product key or upgrade your edition of Windows, and launch the wizard to upgrade to Windows 10Professional. It will take a bit of time to upgrade the computer to the professional version, and it requires a reboot. Once you have upgraded to the professional version, there are a few patching changes I’ll urge you to make. First up: Go into Settings: Update and Security, and then click on Advanced options. In this section, choose to defer feature upgrades so that … Read More
Microsoft has announced that the original release of Windows 10 will fall out of support on March 26, 2017 Meanwhile, those that deferred 1607 should be seeing that update being offered up and trying to install if you have not installed it already. January’s lack of non-security updates means that February won’t have any non-security releases. NEW: Critical Update KB3211320 for Windows 10 Version 1607 On Tuesday night (January 24, 2017), Microsoft released an out-of-band patch for PCs running Windows 10 v. 1607. The Windows 10 build number will remain the same after installation. This article is part of our premium content. Join Now.Already a paid subscriber? Click here to login.
As Microsoft releases a new Windows 10 beta, we get a patching break. Windows 8.1 in fact only has a Flash update to install. Meanwhile, Redmond has been busy with changes to the upcoming Creator’s release. Upcoming Windows 10 changes Dona Sarkar announced a beta release that makes quite a few changes to Windows update. As she noted on the blog site, the following changes are expected in the next large feature release expected around April of 2017: A feature in the GUI to pause updates for 35 days. We’ve added an option that will enable you to pause updates on your computer for up to 35 days. While this feature already exists for Windows pro and above now, it’s only available via group policy or the registry. This capability will unfortunately only be available on Professional, Education, and Enterprise editions of Windows. A feature to allow you to decide whether or not to include driver updates when you update Windows. Once again, this capability will be available on Professional, Education, and Enterprise editions of Windows. A new icon to the Windows Update Settings page to make easier to see your update status at a glance. Improvements to the logic … Read More
By any measure, 2016 was strange and jarring — and that includes Windows patching, which was problematic for both Windows 7 and Windows 10. But a new year brings renewed hope. Among my new-year wishes is one that 2017 is much better for Win10.