Jump to content

Search the Community

Showing results for tags 'windows'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 589 results

  1. Google is bringing a Tab Strip to Chrome for Windows and Linux If you have used the Microsoft Edge web browser, classic or new, you may have stumbled upon the browser's Tab Strip feature. Just click on the arrow icon on the tab bar to display thumbnail images of the sites and resources open in the browser. It appears that Google is attempting to bring a similar feature to the company's Chrome web browser. Already in Chrome OS, Google engineers are working on introducing Tab Strip functionality in the Chrome browser. The feature introduces an option in the Chrome browser to display a strip of tabs. While it is unclear yet how it would be activated by the user, it is likely that Google is adding an icon to the browser's tab bar to activate and deactivate the Tab Strip view in the browser. The following screenshot shows the Tab Strip in the Microsoft Edge web browser. The arrow icon next to the plus icon in the Tab Bar displays and hides the Tab Strip interface. When activated, it pushes the activate site down as it needs room to display the thumbnails. Edge users may use drag and drop to change the order of tabs or jump to any open site with a click on the tab. The video that is embedded below demonstrates how the Tab Strip looks like in Chrome OS. All tabs open in the web browser are displayed with thumbnails when users activate the Tab Strip functionality. Since thumbnails use a wider area than tabs, scrolling is available to go through the list of open sites and resources in the browser. It is furthermore possible to drag and drop tabs to reorder them just like it is the case in Chrome's Tab Bar (and any other browser's for that matter). The visualization may improve use on touch-enabled devices and help users locate tabs quicker. Google did not reveal when the new functionality will land in Chrome; it is likely that it will be introduced behind a flag that users need to enable to activate the functionality. Closing Words While I'd like to see options to scroll the tab bar in Chrome, as the browser still becomes unusable when too many tabs are opened, it is clear that the Tab Strip would offer users some resource as it supports scrolling. Chrome users who cannot identify tabs anymore could use it for navigational purposes. Source: Google is bringing a Tab Strip to Chrome for Windows and Linux (gHacks - Martin Brinkmann)
  2. FalconX is an open source program that can center the taskbar icons One area in Windows that has not evolved over different versions that much is the taskbar. Microsoft made the last fundamental change to it when it released Windows 7. The company made several minor adjustments in recent versions of Windows but that is about it. FalconX is an open source tool that adds new functionality to the operating system's taskbar. The application is also known as Center Taskbar or Falcon, and we have reviewed it back in 2018 for the last time. Windows 7 users could also use a manual method to center taskbar items. FalconX is a portable application. Run the program and your taskbar icons will now be placed smack-dab in the middle of the taskbar. This gives a dock-like experience and some users may find the icons easier to reach as a consequence. The program sits on the system tray and you can access its options by right-clicking the icon and selecting "Settings". Animation You can choose the animation style from the Settings Screen. FalconX has 42 animations to choose from and if you don't like any of those, you can disable animation completely. There is an option to adjust the animation speed, which you can set by using the slider or enter the precise ms (Millisecond) number in the box. Position You can set the offset position of the taskbar, in terms of pixels. The default value is 0 and you may adjust it using a slider or by entering values manually; This is useful if you want to move the taskbar to a particular position, for e.g. towards the right side of the screen. Taskbar Style FalconX has three taskbar styles that you can choose from: Transparent, Blur and Acrylic. The last one is marked as unstable by the developer, but it worked pretty well during tests. The styles are disabled by default, so technically the default Windows 10 style acts as a fourth option. The Blur style adds a frosted glass effect to the taskbar, while the Transparent setting offers an immersive experience. You can view the changes immediately without having to restart the application. Here's what the Acrylic style looks like. You can still apply Windows' own Taskbar customizations such as changing the icon size or enabling auto-hide. Note: If you have auto-hide enabled for the taskbar and choose a style in FalconX, the taskbar will not apply the effect based on the wallpaper, rather it uses the color of the current window. So, if you're on a webpage with a white theme, the taskbar turns white-ish, and the system tray becomes nearly unreadable. This isn't an issue if you don't use auto-hide. The refresh button reloads the application. You can enable the "Run at Startup" option to make the program load during Windows' boot. If you have the Search Bar enabled on your taskbar, you can enable the "Center between Start or Search" option in FalconX, and the program will center the icons between the two Windows UX elements. FalconX works with multiple monitors as well. Though it is available for free from GitHub, an optional paid version is available from the Windows Store. Closing Words The program is quite light-weight and used about 2MB of memory and less than 1% of the CPU (usually about 0.2%) during my tests. When the Settings screen was in view, i.e., when the program switches from a background task to a foreground app, the memory usage was a bit higher but still under 7MB memory and 3% CPU usage. Source: FalconX is an open source program that can center the taskbar icons (gHacks)
  3. Apple preparing to build the ‘next generation of media apps for Windows’ Apple looking for UWP developers, too Apple is hunting for software engineers to help the company build media apps for Windows. The iPhone maker revealed its plans in a job listing earlier this month, spotted by Neowin, inviting potential candidates to “join us and build the next generation of media apps for Windows.” Apple maintains existing Windows apps like iTunes and iCloud, but these are both old traditional desktop apps that are showing their age. Apple revealed earlier this year that it’s breaking up iTunes into three separate macOS apps: Podcasts, TV, and Music. None of these apps have arrived on Windows, leaving PC users with just iTunes. If you’re an Apple Music or Apple TV Plus subscriber, you have to use the web versions instead of dedicated apps on Windows 10 right now. Apple’s job listing mentions “experience with UWP is a big plus,” which hints that the company is looking to build Universal Windows Platform (UWP) versions of its media apps for Windows 10. This could help Apple bring apps to both Windows 10 and Xbox One, which is particularly important for Apple TV Plus as there’s no way to watch content from that service on the Xbox One right now. It’s not clear when these new media apps for Windows will arrive, but the fact that Apple is investing in Windows 10 is good news for owners of Surface or Windows tablet devices that will benefit from new touch-friendly apps for Apple’s services. Source: Apple preparing to build the ‘next generation of media apps for Windows’ (The Verge)
  4. System Information for Windows - SIW 2019 v9.5.1112 SIW is an advanced System Information for Windows tool that analyzes your computer and gathers detailed information about system properties and settings (Software Information, Hardware Information, Network Information and Tools) and displays it in an extremely comprehensible manner. SIW can create a report file (HTML, JSON, CSV, TEXT or XML), and you can run it in batch mode (for Computer Inventory, Hardware, Software and Network Information, Software License Management, Security Audit, Server Configuration Management). The System Information is divided into few major categories: Software Information Operating System, Software Licenses (Product Keys / Serial Numbers), Passwords Recovery, Installed Programs, Applications, Security, Accessibility, Environment, Regional Settings, File Associations, Running Processes, Loaded DLLs, Drivers, NT Services, Autorun, Scheduled Tasks, Databases, Audio and Video Codecs, Shared DLLs, ActiveX, MMC Snap-Ins, Shell Extensions, Event Viewer, Certificates, etc. Hardware Information System Summary, Motherboard, BIOS, CPU, Memory, Sensors, Devices, Chipset, PCI/AGP, USB and ISA/PnP Devices, System Slots, Network Adapters, Video Card, Monitor, Sound Devices, Storage Devices, Logical Disks, Disk Drives, CD/DVD Devices, SCSI Devices, S.M.A.R.T., Ports, Battery and Power Policy, Printers, etc. Network Information Basic/Extended Information about Configuration, Statistics, Connections, Active Directory (Computers, Groups and Users), Shares, Open Ports, etc. Tools Network Tools: MAC Address Changer, Wake On LAN, Remote Licenses (from Windows Folder, Remote Computer or Registry Hive), Hosts Scan, Ping, Trace, etc. Miscellaneous Tools: Eureka! (Reveal lost passwords hidden behind asterisks), Shutdown / Restart, Monitor Test, MUICache Viewer, URL Explorer, Open Files, etc. SIW (Technician's Version) is a standalone utility that does not require installation (Portable Application) - one less installed program on your PC as well the fact that you can run the program directly from an USB flash drive, from a network drive or from a domain login script. SIW is periodically updated (usually once per quarter) in order to provide most accurate results. Client Platform: Windows 10 / Windows 8.1 / Windows 8 / Windows 7 / Vista / Windows XP SP3 / WinPE / WinRE / Winternals ERD Commander Server Platform: Windows 2019 / Windows 2016 / Windows 2012 (R2) / Windows SBS 2011 / Windows Server 2008 (R2) / Windows Server 2003 (R2) Homepage: https://www.gtopala.com Changelogs - Added ARM64 binaries for SIW Technician's Version. - Updated Operating System module: Windows 10, version 1909 (November 2019 Update). Improved Missing Updates module. - Updated Passwords module. - Updated Memory module. - Updated Devices database. - Minor enhancements and compatibility fixes. https://www.gtopala.com/siw/changelog.php Download (without fix): Site: https://www.mirrored.to Sharecode: /files/1EXE4WA9 Included: Home, Technician and Enterprise Editions
  5. Windows 10 - Media Creation Tool - Version 1909 The new Windows 10 edition - version 1909 - is available. With Windows 10 Media Creation Tool you can download the newest Windows 10 edition and create a ISO, USB stick or DVD for installation. Need to create a USB stick, DVD or ISO? If you need to install or reinstall Windows 10 using a USB stick or DVD, you can use the Media Creation Tool to create your own installation media with either a USB stick or a DVD. The tool provides file formats optimized for download speed and can be used to create ISO files. Release Notes: Changes in v1909: various bug fixes and some new features. Check this on the computer where you want to install Windows 10: 32-bit or 64-bit processor (CPU). You’ll create either the 32-bit or 64-bit version of Windows 10 that’s appropriate for your CPU. To check this on your computer, go to PC info in PC settings or System in Control Panel, and look for System type. Homepage: https://www.microsoft.com/en-us/software-download/windows10 Direct Download Link: MediaCreationTool1909.exe
  6. Hello experts, I have a Dell Latitude 3490 Laptop. It comes with Windows 10 Pro Pre-installed. Around 3 months before I did a Windows Update after that I have witnessed a "Yellow" "Lock" Icon present in the Drive volumes, I thought the Windows is protecting the drives, but i didn't know that it was "BitLocker Encryption" at that time. Three days before i had given my laptop to the Dell Service center as it couldn't power on. They have replaced the Motherboard. Now Windows is asking for BicLocker Recover Key which i don't have, The Laptop HDD is 1TB with 3 partitions, c = 150GB, d = 390GB, e = 390GB all three are encrypted with BitLocker. Note: I never enabled the BitLocker Encryption by myself so I don't have the password / Recovery Keys. Any help would be appreciated Thanks ppu
  7. How to list all installed third-party drivers on Windows PCs Drivers play an important part in Windows as they add certain capabilities or support for certain hardware devices to the operating system. Windows operating systems come with a set of default drivers that ensure that things work reasonably well and don't require users to install numerous drivers manually before components like video or sound cards, wireless network adapters, or drives function properly. It may not be necessary to install any third-party drivers on Windows PCs but sometimes, it is necessary or wanted. Administrators may need to install third-party drivers if the default drivers don't support certain hardware devices; sometimes, it is also beneficial to use third-party drivers to improve functionality or performance. Many security and low-level tools such as Sandboxie or VeraCrypt install drivers on the system; without these drivers, these programs would not function usually. Drivers may cause issues on Windows PCs; a bad driver may cause crashes, data loss and other issues, or even prevent the system from booting up correctly. Managing drivers with native Windows tools is not a pleasant experience for the most part. Third-party tools such as DriverStore Explorer or InstalledDriversList improve management significantly. DriverView is a free 32-bit and 64-bit program for Microsoft Windows systems that administrators may use to list all third-party drivers installed on the system (among other things). The Nirsoft application is portable and compatible with all recent (and many not so recent) versions of the operating system. The program is offered as a 32-bit and 64-bit executable, and has a size of under 100 Kilobytes unpacked. The interface lists installed drivers by default. These include native Windows drivers and third-party drivers. A click on the View menu item displays options to hide all Microsoft drivers; doing so lists all third-party installed drivers on the system. Each driver is listed with its file name and type, path, modification and creation date, and many other parameters. Some have descriptions while others may not. Tip: enable the digital signature option under Options > Read Digital Signature to display it in the table. Note that you need to refresh the driver listing after enabling the option as it is not added automatically when you enable the option. Here are a couple of use scenarios for the app: List the drivers that were installed most recently. Verify installed driver versions. Sort drivers by company or installation path. Run a Google Search for specific drivers that you select in the application's interface. Create a HTML report that lists all installed third-party drivers. Upload some drivers to Virustotal for checking (manually only). DriverView may be run from the command line. The parameters are limited as there is no export only non-Microsoft drivers to a file. Closing Words DriverView is a handy software program to analyze installed third-party drivers on Windows machines. It is portable, easy to use, and its export options allow admins to create snapshots of drivers installed on a system. The program could use a handful of options that make it more useful, e.g. an option to open the folder a driver is installed in on the local system or integrated Virustotal scanning. Source: How to list all installed third-party drivers on Windows PCs (gHacks - Martin Brinkmann)
  8. Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise. Microsoft patched the two NTLM flaws and issued security advisories as part of the Patch Tuesday security updates issued yesterday after Preempt’s disclosure. Preempt researchers Yaron Zinar and Marina Simakov discovered that attackers can exploit these flaws as part of NTLM relay attacks that may, in some cases, "cause full domain compromise of a network," with all Active Directory customers with default configurations being exposed. The Windows NT (New Technology) LAN Manager (NTLM) authentication protocol was used for client/server authentication purposes to authenticate remote users, as well as to provide session security when requested by app protocols. NTLM is superseded by Kerberos, now the default auth protocol for domain connected devices for all Windows versions above Windows 2000. "Despite Kerberos being the more prevalent authentication protocol in most organizations, NTLM is still enabled and thus abused by attackers to exploit the vulnerabilities that we have described above," adds the Preempt advisory. Tampering vulnerability impacts all in-support Windows versions Preempt's research team was able to find flaws that could be abused by potential attackers to circumvent NTLM relay attack mitigations provided by Microsoft. While Microsoft added a Message Integrity Code (MIC) field to block attackers from tampering with NTLM messages, Preempt's researchers found a bypass on NTLM authentication that allows attackers to "modify any field in the NTLM message flow, including the signing requirement." "This bypass allows attackers to relay authentication attempts which have successfully negotiated signing to another server, while tricking the server to entirely ignore the signing requirement." The NTLM tampering vulnerability that leads to this bypass is tracked as CVE-2019-1166 (dubbed Drop The MIC 2 by Preempt) and was, as mentioned above, patched yesterday by Microsoft as part of October's Patch Tuesday. NTLM relay basic flow (Image: Preempt) CVE-2019-1166 impacts all in-support Windows versions, with all servers that do not enforce signing being vulnerable to attacks exploiting it. "A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection," says Microsoft's advisory. "An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features." Second flaw impacts clients sending LMv2 responses The second flaw discovered by Preempt also circumvents the MIC protection against NTLM relay attacks, as well as other NTLM relay mitigations including but not limited to "Enhanced Protection for Authentication (EPA) and target SPN validation for certain old NTLM clients that are sending LMv2 challenge responses." The Windows NTLM security feature bypass vulnerability is tracked as CVE-2019-1338 and, just like the first one, was patched by Microsoft as part of this month Patch Tuesday. It affects Windows 7 SP1, Windows 2008, and Windows 2008 R2 devices, and could be used in attacks that enable threat actors "to use NTLM relay to successfully authenticate to critical servers such as OWA and ADFS and steal valuable user data." "A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses," says Microsoft's security advisory. "An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features." AD customers with default configs exposed to attacks To exploit CVE-2019-1166 potential attackers would need to tamper with the NTLM exchange, while attackers attempting to abusing CVE-2019-1338 as part of their attacks would need to be able to modify NTLM traffic exchange. "All Active Directory customers with default configurations are vulnerable to such attacks," added the Preempt researchers. "Moreover, organizations that do not block LM responses and have clients who still send these default responses are vulnerable to targeted attacks on these clients to bypass additional NTLM protections" More technical details and background information on the two NTLM flaws are available in Preempt's analysis. Previous NTLM flaws and protection This is not the first time Preempt discovered NTLM vulnerabilities, with two critical ones consisting of three logical flaws and allowing attackers to run remote code and authenticate on machines running any Windows version having been fixed by Microsoft as part of June's Patch Tuesday security updates. Previously, Preempt disclosed another flaw impacting all in-support Windows version at the time, fixed by Microsoft during July 2017 Patch Tuesday and enabling attackers to create admin accounts on a local network's domain controller (DC). Preempt's research team provides the following recommendations to protect networks with devices impacted by these vulnerabilities: • Enforce NTLM mitigations. In order to be fully protected from NTLM relay attacks you will need to enable server signing and EPA on all relevant servers. • Patch! Make sure your systems are fully protected with the latest security updates. • Apply advanced NTLM relay detection and prevention techniques similar to the ones disclosed by Preempt in our Black Hat 2019 talk (a free encore presentation can be found here). • Some NTLM clients use weak NTLM variations (e.g., don’t send a MIC). This puts your network at a greater risk of being vulnerable to NTLM relay. Monitor NTLM traffic in your network and try to restrict insecure NTLM traffic. • Get rid of clients sending LM responses and set the GPO Network security: LAN Manager authentication level to refuse LM responses. • NTLM is not recommended to use in general as it poses some security concerns:NTLM relay, brute forcing, and other vulnerabilities. You can read about general NTLM risks here. As a rule of thumb: try to reduce NTLM usage in your network as much as possible. "Even though NTLM Relay is an old technique, enterprises cannot completely eliminate the use of the protocol as it will break many applications," said Preempt's Chief Technology Officer and Co-Founder Roman Blachman in June. "Hence it still poses a significant risk to enterprises, especially with new vulnerabilities discovered constantly." Source
  9. JayDee

    Windows 10 Reactivation

    Hello, I recently bought a Lenovo laptop with no operating system. I bought a Windows 10 Home license (v1803), installed it and activated it on my Lenovo. My question is the following. If I perform a clean installation using a bootable usb containing Windows 10 Home (v1903), does my windows activates automatically when connected to the internet or does it ask me to enter the activation code again to activate ? Thank you
  10. All Windows users should update immediately as ‘Complete Control’ hack is confirmed The tool is available on Dark Web for free A couple of weeks back, researchers from cybersecurity firm Eclypsium revealed that almost all the major hardware manufacturers have a flaw that can allow malicious applications to gain kernel privileges at the user level, thereby gaining direct access to firmware and hardware. The researchers released a list of BIOS vendors and hardware manufacturers which included Toshiba, ASUS, Huawei, Intel, Nvidia and more. The flaw also affects all the new versions of Windows which includes Windows 7, 8, 8.1 and Windows 10. While Microsoft has already released a statement confirming that Windows Defender is more than capable of handling the issue, they didn’t mention that users need to be on the latest version of Windows to take benefit of the same. For older versions of Windows, Microsoft noted that it will be using HVCI (Hypervisor-enforced Code Integrity) capability to blacklist drivers that are reported to them. Unfortunately, this feature is only available on 7th generation and later Intel processors; so older CPUs, or newer ones where HCVI is disabled, require the drivers to be manually uninstalled. If this wasn’t enough bad news, hackers have now managed to use the flaw to exploit the users. Remote Access Trojan or RAT has been around for years but recent developments have made it more dangerous than ever. The NanoCore RAT used to sell on Dark Web for $25 but was cracked back in 2014 and the free version was made available to the hackers. After this, the tool got sophisticated as new plugins were added to it. Now, researchers from LMNTRX Labs have discovered a new addition that allows hackers to take advantage of the flaw and the tool is now available for free on the Dark Web. In case you were underestimating the tool, it can allow a hacker to remoting shutdown or reboot the system, remotely browse files, access and control the Task Manager, Registry Editor, and even the mouse. Not only that, but the attacker can also open web pages, disable the webcam activity light to spy on the victim unnoticed and capture audio and video. Since the attacker has full access to the computer, they can also recover passwords and obtain login credentials using a keylogger as well as lock the computer with custom encryption that can act like ransomware. The good news is that NanoCore RAT has been around for years, the software is well known to the security researchers. LMNTRX team (via Forbes) broke down detection techniques into three main categories: T1064 – Scripting: As scripting is commonly used by system administrators to perform routine tasks, any anomalous execution of legitimate scripting programs, such as PowerShell or Wscript, can signal suspicious behaviour. Checking office files for macro code can also help identify scripting used by attackers. Office processes, such as winword.exe spawning instances of cmd.exe, or script applications like wscript.exe and powershell.exe, may indicate malicious activity. T1060 – Registry Run Keys / Startup Folder: Monitoring Registry for changes to run keys that do not correlate with known software or patch cycles, and monitoring the start folder for additions or changes, can help detect malware. Suspicious programs executing at start-up may show up as outlier processes that have not been seen before when compared against historical data. Solutions like LMNTRIX Respond, which monitors these important locations and raises alerts for any suspicious change or addition, can help detect these behaviours. T1193 – Spearphishing Attachment: Network Intrusion Detection systems, such as LMNTRIX Detect, can be used to detect spearphishing with malicious attachments in transit. In LMNTRIX Detect’s case, in-built detonation chambers can detect malicious attachments based on behaviour, rather than signatures. This is critical as signature-based detection often fails to protect against attackers that frequently change and update their payloads. Overall, these detection techniques apply for organizations and for personal/home users, the best thing to do right now is to update every piece of software to make sure it’s running on the latest version. This includes Windows drivers, 3rd party softwares and even Windows Updates. Most importantly, don’t download or open any suspicious email or install any 3rd party software from an unknown vendor. Source: All Windows users should update immediately as ‘Complete Control’ hack is confirmed (MSPoweruser)
  11. Manual Online KMS Activation for Windows, Server & Office Thanks to @november_ra1n Info: KMS Activation last 180 days set by Microsoft however after 180 days you can repeat the activation to gain another 180 days and so on forever. : ) PS: KMS Activation will be succeeded as long as KMS Server Host Address are still online see alternative Working Online KMS servers end of the text.... ====================================================================================== A) Windows & Server Activation: Windows <Type here to search> look for Command Prompt and (Right click and run as administrator) #Keep the Internet Connection on during activation!# 1. Install KMS Client Setup Key according to your Windows: slmgr /ipk <KMS Client Setup Key> NOTE: All Windows & Server KMS Client Setup Keys there (Make sure use right key according to your Windows Edition!): https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11) or https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys 2. Run the following command to point Windows to the KMS server: cscript slmgr.vbs /skms kms.digiboy.ir 3. Run the following command to activate Windows: cscript slmgr.vbs /ato 4. Clear the name of KMS server (Optional) slmgr /ckms 5. Finally to find out & display your license information: cscript slmgr.vbs -dli ====================================================================================== Microsoft Office (2016, 2013, or 2010) Activation: NOTE:Unlike Windows for Office you need Volume License Edition to order to activate via KMS! Download Microsoft Office 2016 Volume License ISO [Original from VLSC]: http://bit.ly/2GLb5yY Windows <Type here to search> look for Command Prompt and (Right click and run as administrator) #Keep the Internet Connection on during activation!# 1. Set KMS Host... x64: cscript "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" /sethst:kmshostaddress x86 installed in Win x64: cscript "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /sethst:kms.digiboy.ir Note:(Office14 = Office 2010; Office15 = Office 2013; Office16 = Office 2016) 2. Request Activation x64: cscript "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" /act x86 installed in Win x64: cscript "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /act 3. Clear KMS Host (Optional) x64: cscript "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" /remhst x86 installed in Win x64: cscript "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /remhst 4. Check Activation Status x64: cscript "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" /dstatus x86 installed in Win x64: cscript "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus Note: All Office KMS Client Setup Keys can be find it there: http://sapsan.wclub5.com/archives/1230 ====================================================================================== Alternative Working Online KMS servers: kms.digiboy.ir kms.lotro.cc cy2617.jios.org kms.chinancce.com k.zpale.com m.zpale.com mvg.zpale.com kms.shuax.com ======================================================================================
  12. Cauptain

    Visual Subst 2.0

    VISUAL SUBST 2 Map Virtual Drives Easily, Reduce Long Paths to Just One Letter with Visual Subst Visual Subst is a small tool that allows you to associate the most accessed directories with virtual drives. It solves three main issues with the built-in 'subst' command: it seamlessly creates drives for elevated applications, adds editable drive labels and restores drives after reboots. Also, Visual Subst makes it easier to create, edit and remove virtual drives in a GUI way. Features: Homepage: https://www.ntwind.com/software/visual-subst.html Download Page: https://www.ntwind.com/download/VSubst_2.0-setup.exe Medicine: waiting for a great soul
  13. The Witcher: Enhanced Edition" for Windows PC Get it for free: 1) First create an account on GOG.com, then 2) Go to https://www.playgwent.com/?pp=4b1a62d54f5d635ceffa0118244d63e07779e04a download GOG Galaxy and add GWENT card game to your library (whic is also free), then 3) Go to https://www.gog.com/gwent-welcome-bonus?pp=4b1a62d54f5d635ceffa0118244d63e07779e04a Subscribe and claim your free Witcher Enhanced Edition for Windows PC free.
  14. Critical Windows 10 Warning: Millions Of Users At Risk Millions of Windows 10 users at risk of compromise as critical vulnerability is revealed at DEF CON 27 Getty As the Black Hat security conference comes to an end in Las Vegas, so the DEF CON hacker convention begins. It didn't take long for the first critical warnings for Windows users to emerge as a result. This one is particularly worrying as, according to the Eclypsium researchers who gave the presentation, the issue applies "to all modern versions of Microsoft Windows," which leaves millions of Windows 10 users at risk of system compromise. What did the researchers reveal? In a nutshell, the researcher found a common design flaw within the hardware device drivers from multiple vendors including Huawei, Intel, NVIDIA, Realtek Semiconductor, SuperMicro and Toshiba. In total, the number of hardware vendors affected runs to 20 and includes every major BIOS vendor. The nature of the vulnerability has the potential for the widespread compromise of Windows 10 machines. Eclypsium’s research team were investigating how insecure drivers can be abused to attack a device and gain a foothold on the system it is part of. "Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component," the researchers stated during their presentation, "can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host." The drivers were found to have design flaws that enable what are meant to be "low-privilege" applications to be used by a threat actor in such a way as to potentially compromise parts of the Windows operating system that should only be accessible by "privileged" applications. That includes the Windows kernel at the very heart of the operating system. Certified for trust The dangerous escalation of privileges problem, giving an attacker read and write access at the same level as the kernel, becomes more problematical when you realize the level of trust that can be exploited here. These were not "rogue" drivers, but officially sanctioned ones. They were all from trusted vendors, all signed by trusted certificate authorities and all certified by Microsoft. As the drivers are designed specifically to update firmware, the seriousness of the issue becomes very apparent, very quickly. The flawed drivers not only provide the mechanism to make these changes but also the privileges to do so. If a threat actor can manipulate this combination of bad coding and signed certification, well, the outcome isn't going to look pretty. The researchers stated that there are "multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers." Examples provided included the Slingshot APT campaign which installs a kernel rootkit and "LoJax malware" that installs malicious code in device firmware that can even survive a full Windows reinstallation. Has the problem been fixed yet? Mickey Shkatov, a principal researcher at Eclypsium, told ZDNet that "Some vendors, like Intel and Huawei, have already issued updates." Others, which are independent BIOS vendors, like Phoenix and Insyde, "are releasing their updates to their customer OEMs," Shkatov said. The Eclypsium research reveals that the security issue applies to "all modern versions of Microsoft Windows," and "there is currently no universal mechanism to keep a Windows machine from loading one of these known bad drivers." That said, group policies for Windows Enterprise, Pro and Sever could provide a degree of mitigation to "a subset of users," the researchers stated. The full list of vendors that have issued updates, which you should install as soon as possible, can be found here. What has Microsoft said? A Microsoft statement said, "In order to exploit vulnerable drivers, an attacker would need to have already compromised the computer. To help mitigate this class of issues, Microsoft recommends that customers use Windows Defender Application Control to block known vulnerable software and drivers." As well as turning on memory integrity for capable devices in Windows Security, Microsoft also recommended using Windows 10 and the Edge browser "for the best protection." Source: Critical Windows 10 Warning: Millions Of Users At Risk (Forbes)
  15. Operating systems are dwindling towards irrelevance, and that’s no bad thing When PC Pro was born nearly 25 years ago, it didn't start life under that name: It entered the world as Windows Magazine. Magazines gathered in little tribes. There was PC Pro, PC Magazine, Computer Shopper and several others all vying for the Windows users, and then there were MacUser and MacFormat trying to tempt the Macolytes. Later on, the Linux mags came along, once the writers had managed to unjam their beards from the printer. There wasn't – with the possible exception of the ultra-snobby Wired – one magazine that served all those audiences, because why would they? What would a Mac owner want to know about the new advances in Windows 98? It just didn't compute. A quarter of a century later, the operating system is on the brink of irrelevance. Nothing much is defined by the OS that you use. You could be running macOS, Windows, Android or iOS, even desktop Linux, and to a large extent your day-to-day work would be unaffected. Files flow freely from one OS to another with compatibility rarely raising its ugly head. Computing's tribes have never rubbed along so harmoniously. This outbreak of peace has had a dramatic effect on the computing landscape, and nowhere more so than at Microsoft. The company's mantra used to be "Windows everywhere"; now it's getting harder to find mention of Windows anywhere. New Windows releases used to be huge staging posts, now they're little more than blog posts. The recent Build conference, once the place where we tech journalists flocked to get a full day's advanced briefing on all the new features in the next version of Windows, barely made mention of the W word, according to those who were there. Microsoft's embrace of Linux and its conversion to the Chromium engine for the Edge browser are based on a realisation that Microsoft failed to grasp for too long: despite those billion or so users, the world doesn't revolve around Windows anymore. It's hard to think of anything but niche software packages that could survive by chaining themselves to a single OS anymore. In the process of researching and writing this column, I've gone from Word on my Windows laptop to finishing it off on the train using Word on my iPad Pro. I read the background articles using Chrome on my Android phone, clipped quotes and notes to OneNote mobile, which I've accessed on the other platforms, and saved the copy itself in Dropbox. Had any of these applications or services been tied to a particular OS, I wouldn't be using them. Twenty years ago, Sun boss Scott McNealy used to lose his rag at every press conference when asked about Windows. "Who cares about operating systems?" he would bellow. "Nobody knows what operating system is running inside their car or their mobile phone," he would argue, in the days before iOS and Android were even conceived. They were, to his mind, an irrelevance. He was wrong at the time, but he would be entitled to say "I told you so" if he were still around to swagger into press conferences now. The OS is dwindling in importance. Like a good football referee, you barely notice it's there at all. Even Microsoft has sussed that the operating system just has to get out of the way, which is why it's worked hard to reduce unwanted interruptions from security software and the dreaded Windows Update. To use the favourite phrase of a former editor, Windows has learned to "just deal with it". While a small part of me misses the tribalism and the pub banter with the smug Mac brigade (they probably had reason to be smug, truth be told), the "anything for an easy life" part of me is relieved. I can pick up almost any device and be confident that it will let me get on with the day job. Only a few specialist apps are tied to a particular machine. Windows doesn't really matter any more – it's a good job we changed PC Pro's name all those years ago. Source
  16. Windows goes from cornerstone to just another building block for Microsoft in latest 10-K report Microsoft signified its expansion beyond the flagship operating system, after making a subtle change to their 2019 Form 10-K report; in which a longstanding reference that described Windows 10 as “the cornerstone” of its ambition to make computing more personal, has been removed. Windows 10 is the cornerstone of our ambition, providing a foundation for the secure, modern workplace, and designed to foster innovation through rich and consistent experiences across the range of existing devices and entirely new device categories The report was made public on Thursday in a U.S. Securities and Exchange Commission filing, and now includes language that more broadly describes the context of Windows: We strive to make computing more personal by putting users at the core of the experience, enabling them to interact with technology in more intuitive, engaging, and dynamic ways. In support of this, we are bringing Office, Windows, and devices together for an enhanced and more cohesive customer experience. Windows 10 continues to gain traction in the enterprise as the most secure and productive operating system. It empowers people with AI-first interfaces ranging from voice-activated commands through Cortana, inking, immersive 3D content storytelling, and mixed reality experiences. Windows also plays a critical role in fueling our cloud business and Microsoft 365 strategy, and it powers the growing range of devices on the “intelligent edge.” Our ambition for Windows 10 monetization opportunities includes gaming, services, subscriptions, and search advertising. While Windows is used by hundreds of millions of people around the world, it’s no longer the company’s primary growth engine. The annual filing includes a breakdown of Microsoft revenue by major product lines, which is different from the broader divisional results from the company’s quarterly earnings results. Last year, there was a major reorganisation of Windows engineering teams, in order to put greater emphasis on cloud computing. Microsoft’s server and cloud services business grew by 24% to $32 billion, and for the first time, overtaking Office to become Microsoft’s largest product line by revenue. Microsoft predicted that their Windows OS would be on 1 billion devices within a couple of years. The number turned out to be 800 million, and though revenue gain was only 4% in 2019, the business is still worth a generous $20.4 billion for the year. Hopefully, despite the downgrade, Microsoft will still see fit to invest in the last major public-facing business. Source: Windows goes from cornerstone to just another building block for Microsoft in latest 10-K report (MSPoweruser)
  17. It’s time to install most of July's Windows and Office patches If you’ve been keeping your Windows 7/Server 2008 R2 machines clean with “Security-only” patches, July has an important change to consider. For most people, the coast is clear to install the July 2019 patches. Pashaignatov / Getty Images With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered “optional”). Visual Studio had some hiccups, but they’re fixed now. Folks trying to upgrade from Windows 10 version 1803 or 1809 to 1903 encounter various problems, but for now there’s very little reason to push your machine onto 1903. We’ll be talking a lot more about that later this month. When Win7 Security-only patches aren’t The big pimple on the patching butt this month: The Win7/Server 2008 R2 “Security-only” patch. Without any warning or explanation from Microsoft, the July “Security-only” patch installs a full telemetry kit and hooks things up so information gets sent to Microsoft – precisely what most people are trying to avoid by taking the “Security-only” route. We have late-breaking confirmation from Windows guru @abbodi86 that the July Security-only patch installs the same kind of telemetry found in the Monthly Rollups. Many (dare I say “all”?) of the folks who go to the bother of downloading and manually installing the Security-only patches specifically do so to avoid the snooping. But if you want the July security fixes, telemetry comes along for the ride. Fortunately, there are ways to circumvent the telemetry, or at least minimize it. Details following. McAfee Endpoint Protection conflicts – maybe Again this month there are questions about McAfee Endpoint Protection’s interaction with Windows updates. Kevin Beaumont (@GossiTheDog) kicked off the latest round of suspicion and vituperations by posting: McAfee Endpoint Protection has an interesting one, they've added a rule called RDP which I think is designed around BlueKeep (?), but it stops Windows Update applying July's security patches. Günter Born has taken up the call with an article on his Borncity blog, but I’ve been unable to replicate the problem or find calls for help on the McAfee site. Anyway, if you have trouble installing the July patches and you’re using McAfee Endpoint Protection, you might try turning it off before retrying. Update the safe way Here’s how to get your system updated the (relatively) safe way. Step 1. Make a full system image backup before you install the latest patches. There’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This comes in addition to the usual need for System Restore points. There are plenty of full-image backup products, including at least two good free ones: Macrium Reflect Free and EaseUS Todo Backup. For Win7 users, If you aren’t making backups regularly, take a look at this thread started by Cybertooth for details. You have good options, both free and not-so-free. Step 2. For Win7 and 8.1 Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s 24 months old or newer, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied. If you’ve been relying on the Security-only “Group B” patching approach to keep Microsoft’s snooping software off your PC, you’re faced with a tough decision: You can hold off on installing any patches this month. Since Security-only patches are not cumulative, you may be able to skate by this month’s fix and pick up next month – assuming Microsoft doesn’t include telemetry with the patches next month – by no means a given. You can switch over to the Monthly Rollups. I’ve been recommending this approach for quite some time, but realize that there are folks who just don’t feel comfortable running Microsoft’s telemetry termites on their machines. If you’ve been installing the Security-only patches and want to continue doing so, be sure to follow @abbodi86’s advice, turn off the Customer Experience Improvement Program (gotta love the name) and, after the July patch is installed, disable the new scheduled tasks. For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Realize that some or all of the expected patches for July may not show up or, if they do show up, may not be checked. DON'T CHECK any unchecked patches. Unless you're very sure of yourself, DON'T GO LOOKING for additional patches. In particular, if you install the July Monthly Rollup, you won’t need (and probably won’t see) the concomitant patches for June. Don't mess with Mother Microsoft. If you see KB 4493132, the “Get Windows 10” nag patch, make sure it’s unchecked. Watch out for driver updates — you’re far better off getting them from a manufacturer’s website. After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. If you want to thoroughly cut out the telemetry, see @abbodi86’s detailed instructions in AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model. Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines. But I’d be willing to bet that fully-updated Win7 and 8.1 machines are leaking almost as much personal info as that pushed in Win10. Step 3. For Windows 10 prior to version 1903 If you want to stick with your current version of Win10 Pro — a reasonable alternative — you can follow my advice from February and set “quality update” (cumulative update) deferrals to 15 days, per the screenshot below. If you have quality updates set to 15 days, your machine already updated itself on July 24, and will update again on August 21. Don’t touch a thing and in particular don’t click Check for updates. Microsoft For the rest of you, including those of you stuck with Win10 Home, go through the steps in "8 steps to install Windows 10 patches like a pro." Make sure that you run Step 3 to hide any updates you don’t want (such as the Win10 1903 upgrade or any driver updates for non-Microsoft hardware) before proceeding. If you see a notice that, "You're currently running a version of windows that's nearing the end of support. We recommend you update to the most recent version of Windows 10 now to get the latest features and security improvements" you can safely chill. Win10 1803 is good through November. If you see a link to “Download and install now,” ignore it – for the same reason. Step 3A. For Windows 10 version 1903 If you’ve already moved to Win10 Pro version 1903, and you set a 15-day deferral on quality updates, you’ll no doubt discover that the settings shown in the screenshot are no longer available on your machine. Microsoft hasn’t yet deigned to tell us what’s going on, but you can rest assured that your 15-day deferral was obeyed – and you got the July patches on July 24. Don’t worry about changing the deferral settings just yet. You’re protected until Aug. 21. We’re still experimenting with all of the settings and seeing how they interact with one another, but at this point my best advice if you’re on 1903 is to click the link on the Windows Update page that says “Pause updates for 7 days,” then click on the newly revealed link, which says “Pause updates for 7 more days,” then click it again. By clicking that link three times, you’ll defer cumulative updates for 21 days from the day you started clicking – if you do it today, you’ll be protected until Aug. 23 – which compares favorably to my preferred 15-day deferral, mentioned earlier. There are several group policies and a handful of registry settings working in the background when you make those changes. It still isn’t clear to me how they interact (@PKCano has some details – and they’re hairy). But if you’re using Pro and set the quality update deferral to 15 days, and punch the “Pause updates for 7 days” button three times (on either Home or Pro), you should be in good shape. Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86 and many others. We’ve moved to MS-DEFCON 4 on the AskWoody Lounge. Source: It’s time to install most of July's Windows and Office patches (Computerworld - Woody Leonhard)
  18. How to check your Android phone’s notifications on a Windows PC Your phone and PC can work together if you set them up properly Illustration by Alex Castro / The Verge It’s been a long time coming, but Microsoft finally has its own system for managing Android notifications from Windows. This system makes it possible to see notifications from your Android phone on your Windows 10 PC as they arrive and to pull up your entire SMS history along with any pending notifications on demand. You can even reply to messages and compose new texts right from your computer. Here’s how to get started. On your Windows 10 computer First, make sure you have the latest version of the Your Phone app: Open the Microsoft Store, and search for “Your Phone” If the app isn’t already installed, install it If the app is installed, click the three-dot menu button next to the “Launch” command. If “Update” appears as an option, select it. Next, prepare your computer for the connection: Open the Your Phone app Click the Android box, then click “Get started” Enter your phone number in the prompt that appears 1 of 3 Got it? Good. Time to move to the phone side of things. On your Android phone Look for a text from Microsoft with a link to install the Your Phone Companion app (or just find the app in the Play Store on your own), and then install it Open the Your Phone Companion app, and tap “Sign in with Microsoft” Enter your Microsoft credentials. Make sure to use the same account shown in the Your Phone app on your computer. Grant the app the various permissions it requests When the app prompts you to set up the Your Phone app on your PC, tap “My PC is ready” When the app prompts you to allow the connection, tap “Allow” 1 of 12 The final link There’s just one bit of setup left, the part that allows notifications to go through: Open your phone’s system settings, search for “Notification Access,” then select the Notification Access option Find the Your Phone Companion app in the list, and activate the toggle beside it Tap “Allow” on the confirmation window that appears Go back to the Your Phone app on your computer, and click the Notification tab on the left side of the screen. If you don’t see a Notification tab, close the app and then reopen it. Click “Get started,” then click “Open settings for me.” You already manually adjusted your settings (which is the more direct way of doing it — and the only way to do it as of this year’s Android Q release), so you should be taken right to the app’s Notifications screen. 1 of 2 That’s it! Any notifications you get on your phone will now automatically pop up on your desktop and then move into your Windows 10 Notification Center (in the lower-right corner of the screen). Any text messages will include the option to reply — something that’s currently limited to your default Android SMS app but will soon expand to support all apps with reply functions in their notifications. 1 of 3 Any time you want to look through all of your messages and pending notifications, just open the Your Phone app on your computer. While you’re there, click on the “Customize” command within the Notifications tab. That’ll let you selectively mute notifications from specific apps, in case you ever need a little less noise. Source: How to check your Android phone’s notifications on a Windows PC(The Verge) (To view the article's image galleries, please visit the above link)
  19. A Linux kernel developer working with Microsoft has let slip that Linux-based operating systems have a larger presence on Microsoft’s Azure cloud platform than Windows-based ones. The revelation appeared on an Openwall open-source security list in an application for Microsoft developers to join the list, and was apparently part of an evidently credible argument that Microsoft plays an active-enough role in Linux development to merit including the company in security groups. The overwhelming prevalence of Linux on Microsoft’s cloud platform may come as a surprise when viewed in isolation, but it makes complete sense from a business perspective. To start with, it’s simply cheaper to run Linux on Azure, as Microsoft’s own price calculator illustrates as clear as day. In this respect, Microsoft basically forced its own hand in terms of monetizing OS licensing into a consistent revenue stream, since Windows 10 Home is essentially free (if you don’t count the “Windows tax“) and Windows 10 Pro works out to a one-and-done revenue opportunity with many enterprise customers. The fact that Linux conforms closely (enough) to the Unix structure and philosophy also makes Linux instances easier to manage. Because Unix is so prolific, basically any system administrator will instantly be at home in the Linux file system, and the saved time and headaches translate pretty quickly into saved dollars and cents, not to mention fewer complications posed by downtime. Linux’s dominance also fits perfectly in the context of its gradual, deliberate integration into Microsoft’s long-term development and innovation vision. When Microsoft first proclaimed its love for Linux in 2014, many industry professionals, especially in the open-source sphere, were skeptical, but from that point on, Linux has been rolling steadily ahead at Microsoft. Initially, Microsoft’s embrace of Linux manifested as the Windows Subsystem for Linux, a curiosity mostly aimed at developers. Last year, though, the company announced Azure Sphere, a cloud-connected platform for internet of things (IoT) devices which includes Azure Sphere OS, an in-house headless Linux-based operating system. This was a masterstroke for Microsoft — even a stripped-down Windows OS is far too bloated to run on practically any IoT device, but most IoT manufacturers could benefit from a secure, off-the-shelf IoT solution to replace their own ill-conceived attempts. Azure Sphere was designed specifically to fill this void. Taken together, it’s easy to see how the numerous Linux options Microsoft offers on Azure alone — to say nothing of the deeper integration Linux is getting on the Windows 10 desktop — outflanks the comparatively more limited options and higher cost associated with running Windows on Azure. At the rate at which the company finds new and inventive applications for Linux, this trend looks set to continue, and Microsoft seems just fine with that. Updated on July 15, 2019: Revised with additional information from Microsoft regarding Azure Sphere. Source
  20. The launch of AMD's Ryzen 3000 series has been undeniably successful thus far, but early Zen 2 buyers have run up against two curious and vastly different bugs: not being able to play Destiny 2 on Windows 10, and not being able to boot up Linux machines using more recent kernels. Good news for both camps is incoming, as AMD just sent word that a fix is coming within the next few days. An AMD representative just provided this statement via email: "AMD has identified the root cause and implemented a BIOS fix for an issue impacting the ability to run certain Linux distributions and Destiny 2 on Ryzen 3000 processors. We have distributed an updated BIOS to our motherboard partners, and we expect consumers to have access to the new BIOS over the coming days." AMD says it was able to root cause and resolve both issues fairly quickly in its BIOS code with a patch, and the company expects motherboard vendors to distribute the patch (potentially in beta BIOS form) by next week. Earlier this week a growing number of complaints amassed from Windows gamers concerning the inability to launch Activision's Destiny 2 with various Ryzen 3000 CPUs. On the Linux side of the fence, a fairly critical bug emerged that straight up prevented a system from booting with 5.0 or newer Linux kernels. It's nice to have these both addressed and resolved within the first week of launch, and hopefully the motherboard vendors will act quickly to seed this patch to their users. Keep an eye on those BIOS updates! Source
  21. Researchers from the Microsoft Defender Advanced Threat Protection Research Team have issued a warning to confirm that a notorious credential-stealing malware threat is targeting Windows users. What makes this one so dangerous is that it uses an "invisible man" methodology by only running files within the attack chain that are legitimate system tools and so hides in plain sight. The Astaroth Trojan can employ many techniques, including keylogging and clipboard monitoring, to steal login credentials. However, it is the way that it exploits living off the land binaries (LOLbins) that has created a certain level of infamy for the malware. In the case of the threat campaign that the newly published Microsoft report confirms, it was the Windows Management Instrumentation Command-line (WMIC) that was the LOLbin in question. Andrea Lelli, part of the Microsoft Defender ATP Research Team and author of the report, notes that the victim still has to click on a malicious link in an email to initiate the attack chain via a file that runs an obfuscated batch file. This batch file, in turn, runs the legitimate WMIC system tool in such a way that an obfuscated JavaScript file runs automatically. Now, this is where things get necessarily complicated, involving more obfuscated JavaScript code and more legitimate system tools running. The most important in the attack-chain being the Background Intelligent Transfer Service (Bits) admin tool that is used (actually, multiple instances of Bitsadmin are used) to download additional payloads. These kinds of fileless attacks, as they are known, run the malicious payloads "directly in memory or leverage legitimate system tools to run malicious code without having to drop executable files on the disk," Lelli explained. Eli Salem, a security researcher at Cybereason who uncovered another Astaroth attack earlier in the year, told me that these attacks are considered challenging to detect as "the full process of the deployment and execution of the malware" is by way of those Windows LOLBins. "To an average person, this activity can seem like a legitimate Windows activity," Salem says "because it's being executed by Windows processes." However, "using invisible techniques and being actually invisible are two different things," Lelli explained. Because some of the techniques used were so "unusual and anomalous," Microsoft Defender ATP, the commercial version of the Windows Defender Antivirus component that is included free of charge with Windows 10, was able to spot the Astaroth attack. If you are not using Defender ATP, however, then Salem advises Windows users to be extra careful "when opening anonymous or new .lnk and .zip files that came from suspicious mail attachments." I also spoke to Kevin Reed, the CISO of Acronis, this afternoon who says that as fileless malware is a very efficient technique, avoiding detection by many existing anti-malware products, users should choose a solution "that employs advanced malware detection techniques such as memory scanning, stack trace analysis, and system call-based detection as these will expose malware residing in PC memory only." One thing is for sure, and that is I doubt it is the last we will hear of Astaroth and fileless malware. According to a recent WatchGuard threat intelligence report, "fileless threats appeared in both WatchGuard's top 10 malware and top 10 network attack lists. On the malware side, a PowerShell-based code injection attack showed up in the top 10 list for the first time, while the popular fileless backdoor tool, Meterpreter, made its first appearance in the top 10 list of network attacks too." Corey Nachreiner, CTO of WatchGuard Technologies, said at the time that "it's clear that modern cybercriminals are leveraging a bevy of diverse attack methods," and I have yet to see anything to think he's wrong. As Sergeant Phil Esterhaus used to say in every episode of cop drama Hill Street Blues back in the 1980s: "Hey, let's be careful out there." Source
  22. Microsoft Windows Security Updates July 2019 overview Microsoft released security updates and non-security updates for Microsoft Windows (client and server) and other company products on the July 9, 2019 Patch Day. Our overview provides system administrators, organizations, and home users with detailed information on released patches, known issues, and other relevant information. The overview starts with an executive summary; it is followed by the operating system distribution, and the list of security updates for all versions of Windows. The list of known issues, security advisories released by Microsoft, and download information follow. Here is the link to the June 2019 Patch Day in case you missed it. Microsoft Windows Security Updates July 2019 Here is an Excel spreadsheet listing security updates that Microsoft released for its products in July 2019. You can download the archive with a click on the following link: Microsoft Windows Security Updates July 2019 Overview Executive Summary Microsoft released security updates for all client and server versions of the Windows operating system. All versions of Windows are affected by (at least) 1 critical security issue. Security updates were also released for other company products such as Internet Explorer, Microsoft Edge, Microsoft Office, Azure DevOps, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server The Microsoft Update Catalog lists 212 entries. Operating System Distribution Windows 7: 21 vulnerabilities: 1 rated critical and 20 rated important CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows 8.1: 19 vulnerabilities: 1 rated critical and 18 rated important CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows 10 version 1703: 24 vulnerabilities: 1 critical and 23 important CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows 10 version 1709: 36 vulnerabilities: 1 critical and 35 important CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows 10 version 1803: 37 vulnerabilities: 1 critical and 36 important CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows 10 version 1809: 36 vulnerabilities: 1 critical and 35 important CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows 10 version 1903: 36 vulnerabilities: 1 critical and 35 important. CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows Server products Windows Server 2008 R2: 21 vulnerabilities: 1 critical and 20 important. CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows Server 2012 R2: 22 vulnerabilities: 2 critical and 20 important. CVE-2019-0785 | Windows DHCP Server Remote Code Execution Vulnerability CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows Server 2016: 27 vulnerabilities: 2 critical and 25 important CVE-2019-0785 | Windows DHCP Server Remote Code Execution Vulnerability CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Windows Server 2019: 40 vulnerabilities: 2 critical and 38 are important. CVE-2019-0785 | Windows DHCP Server Remote Code Execution Vulnerability CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability Other Microsoft Products Internet Explorer 11: 6 vulnerabilities: 6 critical CVE-2019-1001 | Scripting Engine Memory Corruption Vulnerability CVE-2019-1004 | Scripting Engine Memory Corruption Vulnerability CVE-2019-1056 | Scripting Engine Memory Corruption Vulnerability CVE-2019-1059 | Scripting Engine Memory Corruption Vulnerability CVE-2019-1063 | Internet Explorer Memory Corruption Vulnerability CVE-2019-1104 | Microsoft Browser Memory Corruption Vulnerability Microsoft Edge: 7 vulnerabilities: 7 critical CVE-2019-1001 | Scripting Engine Memory Corruption Vulnerability CVE-2019-1062 | Chakra Scripting Engine Memory Corruption Vulnerability CVE-2019-1092 | Chakra Scripting Engine Memory Corruption Vulnerability CVE-2019-1103 | Chakra Scripting Engine Memory Corruption Vulnerability CVE-2019-1104 | Microsoft Browser Memory Corruption Vulnerability CVE-2019-1106 | Chakra Scripting Engine Memory Corruption Vulnerability CVE-2019-1107 | Chakra Scripting Engine Memory Corruption Vulnerability Windows Security Updates Windows 7 Service Pack 1 and Windows Server 2008 R2 KB4507449 -- Monthly Rollup Same as KB4507456. KB4507456 -- Security-only Update Security updates to Windows Server, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Shell, Windows Input and Composition, and Windows Kernel. Windows 8.1 and Windows Server 2012 R2 KB4507448 -- Monthly Rollup Fixed a Bitlocker issue that caused Bitlocker to go into recovery mode. Same as KB4507457. KB4507457 -- Security-only Update Security updates to Windows Wireless Networking, Windows Server, Windows Storage and Filesystems, Microsoft Graphics Component, Windows Input and Composition, Windows Kernel, and Windows App Platform and Frameworks Windows 10 version 1803 KB4507435 Fixed a Bitlocker issue that caused the encryption software to go into recover mode. Security updates to Windows Wireless Networking, Windows Server, Microsoft Scripting Engine, Windows Storage and Filesystems, Microsoft Graphics Component, Windows Kernel, Internet Explorer, Windows Input and Composition, Windows Virtualization, Windows App Platform and Frameworks, Microsoft Edge, Windows Cryptography, and Windows Fundamentals. Windows 10 version 1809 and Windows Server 2019 KB4507469 Fixed a Bitlocker issue that caused the encryption software to go into recover mode. Fixed an issue that caused the camera to become unresponsive. Security updates to Windows Server, Microsoft Scripting Engine, Microsoft Graphics Component, Internet Explorer, Windows Input and Composition, Windows Virtualization, Windows App Platform and Frameworks, Windows Kernel, Microsoft Edge, Windows Cryptography, and Windows Fundamentals. Windows 10 version 1903 KB4507453 Fixes of the preview release plus security updates. Other security updates Known Issues Windows 7 Service Pack 1 and Windows Server 2008 R2 Issue with McAfee Enterprise software that causes slow startup or the system to become unresponsive. Windows 8.1 and Windows Server 2012 R2 Still the long standing issue with Cluster Shared Volumes that throws the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". Issue with McAfee Enterprise software that causes slow startup or the system to become unresponsive. Windows-Eyes screen reader may may throw errors on launch or during use, and some features may not work properly. Windows 10 version 1803 Still the long standing issue with Cluster Shared Volumes that throws the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". Black screen during first logon after installing updates. Issue with Window-Eyes screen reader app that may not work correctly. Windows 10 version 1809 and Server 2019 Long standing issue with Cluster Shared Volumes. Error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND" on devices with "some Asian language packs installed". Black screen during first logon after installing updates. Issue with Window-Eyes screen reader app that may not work correctly. Windows 10 version 1903 Windows Sandbox may fail to start. The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. Security advisories and updates ADV190015 | June 2019 Adobe Flash Security Update ADV190020 | Linux Kernel TCP SACK Denial of Service Vulnerability ADV990001 | Latest Servicing Stack Updates Non-security related updates KB4501375 --Windows 10 version 1903 and Windows Server version 1903 Several fixes, see our coverage of KB4501375 here. KB4509479 -- Windows 10 version 1809 and Windows Server 2019 Fixed a Storage Area Network (SAN) connection issue. KB4501371 --Windows 10 version 1809 and Windows Server 2019 Several fixes, see our coverage of KB4501371 here. KB4509478 -- Windows 10 version 1803 Same as KB4509479 for Windows 10 version 1809. KB4503288 -- Windows 10 version 1803 Several fixes, see our coverage of KB4503288 here. KB4509477 -- Windows 10 version 1709 Same as KB4509479 for Windows 10 version 1809. KB4503281 -- Windows 10 version 1709 Microsoft Office Updates You find Office update information here. How to download and install the July 2019 security updates The July 2019 security updates are distributed through Windows Update, WSUS, and other means. Most client-based Windows systems are configured to check for updates automatically. Windows administrators who don't want to wait may run manual checks for updates. It is generally not recommended as bugs may be discovered after the general availability. Backups are recommended if the installation of updates can't be delayed. Do the following to run a manual check for updates: Tap on the Windows-key, type Windows Update, and select the result. A click on "check for updates" runs a manual check. Updates may be installed automatically or on user request depending on system settings. Direct update downloads Windows 7 SP1 and Windows Server 2008 R2 SP KB4507449 -- 2019-07 Security Monthly Quality Rollup for Windows 7 KB4507456 -- 2019-07 Security Only Quality Update for Windows 7 Windows 8.1 and Windows Server 2012 R2 KB4507448 -- 2019-07 Security Monthly Quality Rollup for Windows 8.1 KB4507457 -- 2019-07 Security Only Quality Update for Windows 8.1 Windows 10 (version 1803) KB4507435 -- 2019-07 Cumulative Update for Windows 10 Version 1803 Windows 10 (version 1809) KB4507469 -- 2019-07 Cumulative Update for Windows 10 Version 1809 Windows 10 (version 1903) KB4501375 -- 2019-07 Cumulative Update for Windows 10 Version 1903 Additional resources July 2019 Security Updates release notes List of software updates for Microsoft products List of the latest Windows Updates and Services Packs Security Updates Guide Microsoft Update Catalog site Our in-depth Windows update guide How to install optional updates on Windows 10 Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Source: Microsoft Windows Security Updates July 2019 overview (gHacks - Martin Brinkmann)
  23. It's time to install the June Windows and Office patches June was a lazy, buggy month with silver bullet patches galore. Things have calmed down now, and it’s time to get the lot installed. If you’re using iSCSI, or you have custom views for the Event Viewer, you get to deal with this month’s bugs. Lucky you. But for most folks the patching coast is clear. Microsoft / IDG May had a hair-raising threat from a worm that still hasn’t emerged, but if you’re using Windows 7, 8.1, XP, Vista, or one of the Server variants and skipped the May patches, you need to drop everything and get the May or June patches installed. BlueKeep is coming. Those of you who blocked a specific port to keep BlueKeep at bay may be in for a nasty surprise. Special shout-out for iSCSI and Event Viewer custom views If you have problems connecting to your iSCSI array after installing this month’s patches, you need to click “Check for Updates” and allow Microsoft to install the fix for iSCSI bugs they introduced in earlier patches. If you have custom views in Event Viewer (which is probably more widespread than you think) and after installing this month’s updates you get a “MMC has detected an error in a snap-in and will unload it” error, you didn’t do anything wrong. If it really, uh, bugs you, there’s a fix in the Monthly Rollup previews, KB 450327 for Windows 7 and KB 4503283 for Windows 8.1. Unless you have those specific problems, I recommend (as always) that you avoid anything called “Preview” like the plague. Pass the Preview problems on to the gullible. About Windows 10, version 1903 The latest version of Windows 10, version 1903, is still on my no-fly list. We’re seeing more odd problems emerge, and the Update advanced options vanishing trick remains unexplained. I’m sorely tempted to keep my production machines on 1809 until we see Win10 version 1903 Service Pack 1 - also known as version 1909. Waiting for the first Service Pack is traditionally good advice. How to update your Windows system Here’s how to get your Windows system updated the (relatively) safe way. Step 1. Make a full system image backup before you install the latest patches. There’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This, in addition to the usual need for System Restore points. There are plenty of full-image backup products, including at least two good free ones: Macrium Reflect Free and EaseUS Todo Backup. For Windows 7 users, if you aren’t making backups regularly, take a look at this thread started by Cybertooth for details. You have good options, both free and not so free. Step 2a. For Windows XP, Server 2003, and Embedded POSReady 2009 If you haven’t yet installed the May BlueKeep patch, manually download and install KB 4500331. In the Microsoft Update Catalog listing, find the version of Windows XP that concerns you, and on the right, click Download. Choose the language you’re using, and click the link underneath that language. Click Save File. When the windowsxp-kb4500331-blah-blah.exe file has downloaded, double-click on it and stand back. Step 2b. For Windows 7 and 8.1 If you have McAfee Endpoint Security, make sure it’s up to date. Microsoft says it’s still having problems with McAfee. Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s 24 months old or newer, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied. If you’re very concerned about Microsoft’s snooping on you and want to install just security patches, realize that the privacy path is getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers, and you absolutely must install the appropriate May security patch. If you insist on manually installing security patches only, follow the instructions in @PKCano’s AKB 2000003 and be aware of @MrBrian’s recommendations for hiding any unwanted patches. For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Realize that some or all of the expected patches for June may not show up. Or if they do show up, they may not be checked. DON'T CHECK any unchecked patches. Unless you're very sure of yourself, DON'T GO LOOKING for additional patches. In particular, if you install the June Monthly Rollup, you won’t need (and probably won’t see) the concomitant patches for May. Don't mess with Mother Microsoft. If you see KB 4493132, the “Get Windows 10” nag patch, make sure it’s unchecked. Watch out for driver updates — you’re far better off getting them from a manufacturer’s website. After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. If you want to thoroughly cut out the telemetry, see @abbodi86’s detailed instructions in AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model. Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines. But I’d be willing to bet that fully-updated Win7 and 8.1 machines are leaking almost as much personal info as that pushed in Windows 10. Step 3. For Windows 10 prior to version 1903 If you're running Windows 10 1803 and want to upgrade to Windows 10 1809, just to put off the inevitable push to 1903, there's good news. @PKCano has gone through the steps to navigate an upgrade from 1803 to 1809, without poking the 1903 dog. If you want to stick with your current version of Win10 Pro, you can follow my advice from February and set “quality update” (cumulative update) deferrals to 15 days, per the screenshot below. If you have quality updates set to 15 days, your machine already updated itself on June 26. Don’t touch a thing; in particular, don’t click Check for updates. Woody Leonhard/IDG For the rest of you, including those of you stuck with Windows 10 Home, go through the steps in "8 steps to install Windows 10 patches like a pro." Make sure that you run Step 3 to hide any updates you don’t want (such the Windows 10 1809 upgrade or any driver updates for non-Microsoft hardware) before proceeding. Step 3a. For Windows 10 version 1903 If you’ve already moved to Windows 10 Pro, version 1903, and you set a 15-day deferral on quality updates, you’ll no doubt discover that the settings shown in the screenshot no longer appear on your machine. Microsoft hasn’t yet deigned to tell us what’s going on, but you can rest assured that your 15-day deferral was obeyed — and you got the June patches on June 26. Don’t worry about changing the deferral settings just yet. Windows 10 version 1903 customers are starting to play with the “Pause updates for 7 days” button, but the results I’ve seen aren’t yet conclusive. When we have more experience with the new settings in Windows 10 1903, I’ll update these steps specifically for 1903. Until then, we’re watching and waiting to see how things really work — and in the interim, these steps should work just fine in 1903. Stay tuned for details. Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86 and many others. We’ve moved to MS-DEFCON 4 on the AskWoody Lounge. Source: It's time to install the June Windows and Office patches (Computerworld - Woody Leonhard)
  24. Windows 10 Barely Moves the Needle on Global Market Share Data shows Windows 10 records minor share increase New data provided by NetMarketShare shows that while Windows 10 continues to be the leading choice for desktop computers across the world, it barely moved the needle on global market share numbers last month. Windows 10 increased its share from 45.73% to 45.79%, despite the arrival of the May 2019 Update. Microsoft started the rollout of Windows 10 May 2019 Update, or version 1903, in late May. Last month, the company made it available for all seekers on Windows Update, meaning all users are allowed to download the update with a manual check for updates. Windows 7, whose support comes to an end in January 2020, dropped from 35.44% to 35.38%. The 2009 Windows operating system will go dark on January 14, 2020, so Microsoft now recommends users to upgrade to Windows 10 in order to continue to receive updates. The transition from Windows 10 to Windows 7, however, happens at a rather slow pace, so right now, more than 3 in 10 PCs out there still run Windows 7. Windows XP going dark Windows 8.1, which is the third Windows version that still receives support, actually increased its share from 3.97% to 4.51%. At the same time, macOS 10.14 declined from 5.34% to 5.31%. The good news is that Windows XP, the operating system that no longer receives updates since April 2014, is going down at a faster pace and has now reached 1.81% share. Windows XP is mostly used on devices in various organizations and enterprises across the world because of compatibility reasons and the high costs of upgrades to newer Windows. Linux, which has long been considered the main alternative to Windows, is now running on 1.55% of the desktop computers out there, according to the same source. Below is a summary of the June 2019 market share figures: Windows 10 Windows 7 macOS 10.14 Windows 8.1 May 2019 45.73% 35.44% 5.34% 3.97% June 2019 45.79% ↗ 36.38% ↘ 5.31% ↘ 4.51% ↗ Source: Windows 10 Barely Moves the Needle on Global Market Share (Softpedia - Bogdan Popa)
  25. Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets June was one of the buggiest patching months in recent memory – and we still don’t have a straight answer on Win10 1903’s bizarre Update advanced options behavior. Thinkstock/Microsoft How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs? Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month. In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around. The Win10 Silver Bullets Every modern version of Win10 except 1903 – which is to say, versions 1607, 1703, 1709, 1803, 1809, Server 2016 and Server 2019 – all got three cumulative updates this month. The third cumulative update for June resolves this one issue: Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4497934. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.” In other words, it’s a silver bullet – an optional patch that fixes a bug introduced in an earlier patch that you’ll only get if you download and install it manually, or if you click on “Check for updates.” What’s strange about this bevvy of patches is the timing. Apparently, the bug arrived with the third May cumulative updates on May 21. I first saw mention of it on a Dell support forum, on June 11 and posted about it on June 19. Microsoft hadn’t acknowledged the bug at the time. (The first official announcement I saw was on June 26, the date all four silver bullets appeared.) That’s more than a little disconcerting because Microsoft should be warning us about these problems quickly on the Release Information Status page. The Win7 and 8.1 silver bullets On June 20, Microsoft released silver bullet patches for Win7, 8.1, Server 2008 R2 SP1, 2012, 2012 R2, and Internet Explorer 11 to fix bugs introduced in the June 11 Monthly Rollups and Security-only patches. The update for 7 SP1 and Server 2008 R2 SP1 KB 4508772, for Windows 8.1 and Server 2012 R2 KB 4508773 and for Server 2012: “Addresses an issue that may display the error, ‘MMC has detected an error in a snap-in and will unload it.’ when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.” Cumulative Update for Internet Explorer 11 KB 4508646 “Addresses an issue that causes Internet Explorer 11 to stop working when it opens or interacts with Scalable Vector Graphics (SVG) markers, including Power BI line charts with markers.” The bug fixes are not included in the June Monthly Rollups or Security-only patches (June 11, 2019), but are included in the Preview Monthly Rollups released on June 20. Once again, bugs introduced by security patches are getting the latest fixes in non-security patches. More Win10 1903 bugs The second monthly cumulative update for Win10 1903 appeared late, as usual, on June 27. KB 4501375 includes fixes for several acknowledged bugs, including the MMC error with Custom Views described in the preceding section. Many people are complaining that this particular patch was downloaded without their consent – which is to say, without clicking “Check for updates.” @abbodi86 looked into it and discovered: Based on my tests… KB4501375 (18362.207) behaves exactly the same way that Feature Updates behave on 1809 and 1803 – the “download and install now” behavior. In other words, KC 4501375 will be bundled and offered as [a] secondary update with any available update even if you don’t “Check for updates.” It’s possible that the latest .NET cumulative update will trigger this behavior. That said, deferring Feature Updates (version updates) for just 1 day makes KB4501375 go away. Win10 1903’s disappearing Update advanced Options We’re still in a quandary about the behavior of Win10 1903’s update deferrals. In Win10 1903 Pro, if you go into Windows Update, advanced options, you get a pane that looks like this. Microsoft Windows 10 1903 Pro update advanced settings. Several of you have noted that if you specify deferral options as I have here (non-zero numbers in either of the two bottom boxes), the entire “Choose when updates are installed” part of the advanced options dialog disappears. @abbodi86 has undertaken some experiments with the settings. Here’s what he has concluded: Yep, the Feature Update deferral box disappears once i change the entries to non-zero. Maybe it’s an intentional move so the user cannot change the period frequently? 🙂 Anyway, the Feature Update deferral period can be still controlled with registry setting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings] “DeferFeatureUpdatesPeriodInDays”=dword:0000016d Group policy can be used to show you the feature update deferral period. The box will show up greyed, but at least you can know the period @abbodi goes on to say that he tested changing the Quality Update deferral period the same way, with the same result — if you set it to anything other than zero, the whole section disappears. It may be related to an internal conflict with the way Semi-Annual Channel (Targeted) was removed. Maybe, just maybe, this is the way it’s supposed to work. If so, I’d like to nominate this particular behavior for the “Harebrained Design” hall of fame. Giving a user an option, any option, then forcing them to dig into Group Policy to modify it, stinks. On the radar If you’ve been struggling with the “Intel” microcode updates for Meltdown/Spectre and other “Side Channel vulnerabilities,” you aren’t alone. The latest twist appears with Karl-WE’s enormous leg work, posted on GitHub, that brings some sense to the ongoing litany of patches. In particular, Karl notes – and MS Security Response Center guru Jorge Lopez confirms – that the phrase in KB 4346085 that says: Important Install this update for the listed processors only. is, quite simply, wrong. Some of the updates apply to processors that are not listed. You’re better off trusting Windows Update to pick the ones that are right for your machine. Says Lopez: “The team didn't want to mislead anyone reading this KB in isolation to think that installing this KB/deploying across a fleet would mean they have met the requirement for microcode for these side-channel issues - that is only true for the processors listed on the KB. We will update the line, that's not the right way to provide that warning. So yes, you don’t have to go through some complicated deployment matrix on this KB, but you still have to do so to determine what is protected or not (vuln scanning tools should help). The logic to apply or not a microcode update is part of the boot sequence in the OS - if the processor has a microcode revision that is older than what the OS has, the OS will update the CPU microcode as part of the boot sequence. Expect to see a correction to the KB article shortly. To end on a positive note… remember the BlueKeep vulnerability? The one that had me crying that the sky is falling and you needed to install the May patches, like, right away? Kevin Beaumont (Twitter’s @GossiTheDog) has good news: If anybody is pondering why there’s no public BlueKeep Remote Code Execution exploit, it’s a mix of difficulty [There’s a high bar for exploitation - in theory it is ‘just’ a use after free bug, but to be able to kernel spray you have to reverse engineer the RDP driver. There’s no documentation on how to do it for this.] and a handful of people in the InfoSec world being very responsible. Yes, you still need to make sure you have the fix installed. You should’ve done it in May. When the exploit hits it’ll be painful. But at least we’ve been spared a bloodbath of unprecedented proportions. Join us for more thrilling Tales from the Crypt on the AskWoody Lounge. Source: Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets (Computerworld - Woody Leonhard)
×
×
  • Create New...