How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it. Here’s how.
windows
Installing Windows 7 from a backup? You need a BitLocker patch right away
Credit to Author: Woody Leonhard| Date: Mon, 19 Aug 2019 09:33:00 -0700
No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.
A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can’t encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.
Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches
Credit to Author: Woody Leonhard| Date: Thu, 15 Aug 2019 05:28:00 -0700
August is going to be a perilous patching month.
We’re tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month’s version of Outlook 365, confusion about Win7 patches being branded as “IA64 only,” dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even more confusion over the difference between Symantec Endpoint Protection and Norton Security Suite, and lots of the usual installation failures and rollbacks.
Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business
Credit to Author: Gregg Keizer| Date: Wed, 07 Aug 2019 13:12:00 -0700
Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.
With Windows 10 1903, aka “Windows 10 May 2019 Update,” which debuted in late May, organizations no longer are required to set the “diagnostic data level” for their devices to “Basic” or higher.
That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed “telemetry,” the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.
How to set up Edge Chromium security options
Edge Chromium can provide more protection for organizations that use older versions of Windows.
It’s time to install most of July's Windows and Office patches
Credit to Author: Woody Leonhard| Date: Fri, 02 Aug 2019 10:09:00 -0700
With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered “optional”). Visual Studio had some hiccups, but they’re fixed now.
How an attacker can target phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.
Microsoft Patch Alert: Welcome to the Upside Down
Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700
This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.
As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.
Win7 Security-only patch brings telemetry
Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.