NSA exposes critical flaw in Windows 10!

According to Microsoft’s security update guide, a spoofing vulnerability that utilizes the Crypt32.dll file can be used to control a machine at will.

As stated within the emergency bulletin:

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

Good news is that Microsoft has already released a patch to close the loophole so make sure you take care of this ASAP!

R.I.P. Windows 7

At last, the time has come.  Today marks the last day of free security updates for the legacy OS.  For those of you that still plan on using it for the foreseeable future, it may be in your best interests to bit the bullet and spend the extra $50-60 for an additional year of coverage.

For more info on the extended security updates (ESUs), head to Microsoft’s site and check out their FAQ sheet here

 

New Edge browser coming soon!

 

Ladies and Gentlemen, mark your calendars!  The latest revamp of Microsoft’s “Chromium-based” web browser will be released to the public January 15, 2020.

As Mary Jo Foley from ZDNet.com states, the new browser will be eventually available via Windows Update on all PCs running Windows 10 version 1709 and can also be obtained as a standalone install package.

I’ve been using the beta version of the browser for about a month now and much to my surprise, so far so good!

Check out the full article here for more details!

Two excellent posts by “The Patch Lady”

Kudos to Susan Bradley aka “The Patch Lady” who gave us some interesting insight here as to how Microsoft plans to handle extended updates for Windows 7 (apparently the service plans are not available! Yuck!) and also sheds some light here on an FBI precinct’s recommendation to place all IOT (Internet Of Things) devices on a different network segment for security purposes.

Delays in Microsoft M365 subscriptions

The continued push for subscription based services and software is unavoidable at this point and we as users and consumers of whatever technology we are interested in really have no choice when it comes to how the heavy hitters such as Microsoft, Google, Adobe, and so on.

That being said, it’s surprising when a company like Microsoft struggles to communicate the benefits of or even stick to an already scheduled release date.

When it comes to their latest subscription based service, its somewhat baffling that there’s still confusion about when Microsoft 365 will be released and on top of that, what is this actual new “service” all about…

Fortunately for us, Mary Jo Foley at ZDNet.com does an excellent job at breaking down what’s going on with “M365″… check out her article here and let us know what you thoughts are about this.

“MECM” is here!

As you may recall, Microsoft made the announcement of Intune and ConfigMgr merging together at their Ignite Conference which took place last month.  We’ll it turns out that the first live, production version of the program is now available to the masses.  I’m looking forward to installing it in my lab environment as well as possibly deploying it in production at the school district!

Lots of information and articles on the new product is available online but one source you must visit would be Prajwaldesai.com who developed a great write-up about all the latest features of #MECM1910 here.  Check it out and let me know if and when you plan on deploying it in your environment whether it be for testing or production!

R.I.P. Cortana

Well that was quick!  A mere four to five years after introduction, Microsoft has banished its digital assistant Cortana to its “dustbin” of history.  I don’t know about you but I never took much of a liking to its capabilities (very linited IMO) within Windows 10.

According to Gizmodo.com, it appears that Microsoft will most defer to Amazon’s Alexa when it comes to providing smart assistant capabilities.

Check out their article here as well as ones from TheVerge.com here and WindowsCentral.com here.

A day in the life of a Windows 10 user looking to upgrade…

I can truly appreciate the time and effort it took for this user to describe in detail her Windows 10 version upgrade experience…

Courtesy of AskWoody.com:

Last weekend, I decided to bite the bullet and update a Win10-1803 Pro machine to Win10-1809, using Windows Update. I’d taken a system image backup, and as it wasn’t my production machine, I wasn’t too worried.

This machine is under a year old, a purchase necessary when a hardware failure put paid to my trusty Win7 Pro laptop. It allows me to work more than I can manage at my desktop, and does most of the hard yards online, especially here.

Windows Update installed 1809 x64 2019-10B – this was before Woody changed MS-Defcon from 4 to 2. It took 20 minutes to Prepare to Install, and nearly 2 hours to download, and several hours to install.

Needless to say, it didn’t go to plan… The first indication of a problem was after several hours of installing, when a blue screen appeared bearing the words “Stopcode” and “Bad Pool Header”. It restarted, still on 1803, pending install. It continued installing. Eventually it restarted, and I was able to see KB 4521862 and KB 4519338 had installed – along with a bunch of drivers being updated, when the Pro settings were not to download drivers from Windows. I also noticed I hadn’t had to reset the Metered Connection settings to allow the update to download!

After it finished its update, it wasn’t working properly. It looked fairly normal, but restarting started problems – none of the visible desktop items actually worked – not the Start button, any of the TaskBar icons, or anything other than the Ctrl>Alt>Del routine.

I tried Sign Out. It took ages. It caused a loop of: Hi; We’re getting everything ready for you; This might take several minutes – don’t turn off your PC (that part remained until it got to Hi again); Leave everything to us; Windows stays up to date to help protect you in an online world; Making sure your apps are good to go; It’s taking a bit longer than expected, but we’ll get there as fast as we can. This loop took 5 minutes to restart, again, and again, and again.

It had been over 12 hours since the process started at this point. As I had to do my day job, I just left it chugging away in the background while I got on with earning an income. Over 5 hours later, it finally came up for air – a desktop, but still not functioning.

Along the way, I saw various errors:
Error 0x80072EE7
The gpsvc service failed the sign-in – access is denied
windows\system32\config\systemprofile\desktop is unavailable

To add to my woes, it wanted to restart itself again, where it re-entered the 5+ hour loop. I still had work to get done, so I just let it be. No stopcodes this time, but still it didn’t work.

I couldn’t access safe mode, even with Recovery Tool USB access. Start Up Repair “couldn’t fix [the] PC”. Using the Recovery Tool, I was able to access the Command Prompt, where SFC /SCANNOW reported “Not enough memory resources are available to process this command” the first time, and then, after it went through 100%, “Windows Resource Protection could not perform the requested operation”. Attempting to use Restore Points was another failure – they were listed, but “unavailable”.

At this time, I decided it was time to try to restore the system image. Again, the gpsvc error. Apparently there had been some issue prior to the update attempt? I had to put it aside for a few days, until I got time to address it properly. By this stage, I was heading for an ISO file on a USB stick. This laptop now needs to be reset from the ground up, going back over all the metered connection, deferred updates, Customer Experience, Start Menu apps settings etc. etc. etc. – and I’m sure there’ll be something important I forget!

Having got the ISO installed, I was able to run SFC / SCANNOW and DISM /Online /Cleanup-Image /RestoreHealth. All 100% clear, thank goodness.

There are only 5-6 programs to reinstall. If this had been a production machine, I’d have dozens of programs to have to reinstall. It’s still going to take another day or two until I get it back to normal, as I have other things I need to prioritize. If I’m a bit cranky this weekend, you now know why!

I’m really lucky I have a wealth of knowledge, support and expertise here at my disposal. A normal home user would have ended up paying for professional technical support, and if it had been my production machine, would have resulted in a loss of chargeable hours. I’m counting my blessings!

 

SCCM + Intune = Microsoft Endpoint Manager

One of the biggest announcement at Ignite 2019 is the merging of System Center Configuration Manager and Microsoft Intune into the newly named Microsoft Endpoint Manager.

This follows Microsoft’s continued goal of simplifying branding for its service / management tool offerings.  Upon reviewing the 1911 Technical Preview (TP), you can see the changes within the updated console…

One of the better detailed summaries on this change can be found here in an article written by Kurt Mackie for Redmondmag.com … I guess now I have some motivation for installing the latest TP if I want to get hands on with the new product!

Windows 10 “End of Life” revamp

So I saw a tweet from the great Prajwal Desai asking the question as to why Windows 10 version 1903 will reach “end of life” status before version 1809…

 

The answer?  Apparently Microsoft decided that all Windows 10 feature upgrades released in the spring will have a shelf life of 18 months regardless of what edition is installed compared to a 30 month shelf life for Windows 10 upgrades released in the fall.

I must admit: my initial reaction to this news was WTF?!?!  The response from Microsoft is that in keeping in line with their “___as a service” strategy, “spring” upgrades are now to be looked at as the version that introduces more and newer features while the “fall” upgrades will now serve more as a refinement of the previous version.

Who knows if this is going to be a winner in Microsoft’s eyes but to me it seems that the only thing that has been consistent about the servicing of Windows 10 is the consistency!