The IT Nerd

If you haven’t heard of the “BlueKeep” vulnerability, you might want to pay attention. This is a vulnerability that could potentially allow unauthenticated attackers to install programs, view or manipulate data, or create fully privileged new accounts by executing code via specially crafted requests, with no user interaction required. In short, it is highly dangerous. The danger comes from the fact that beyond everything that I have mentioned, it is possible to have this spread in the same way as attacks like “Wannacry” did. That in short increases the danger level further.

BlueKeep affects machines running on Windows 7, Windows Server 2008 R2 and Windows Server 2008, as well as the unsupported Windows 2003 and Windows XP OSes. Microsoft put out patches in May including ones for the unsupported OSes mentioned above, but there may be as many as a million systems that might be affected by this bug that have not been patched. So if I were you, I would make sure your Windows computers are fully patched.

Now if you want to go to the next level in terms of protecting yourself, the NSA has some tips for you.

• Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
• Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
• Disable Remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

Remember, this is a highly dangerous vulnerability and the best means to protect yourself is to install the patches that Microsoft has put out and take the advice of the NSA. Because now that this is out there, attacks will be commencing.

Microsoft yesterday officially released Windows Version 1903 to the public. It’s the latest “feature update” to Microsoft’s “operating system as a service” and they claim that it’s all good.

But if I were you, I’d wait for a bit as they said the same thing with Windows 10 version 1803, and the very late Windows 10 version 1809 update. Both of which were total disasters for Microsoft. And both of which made me very busy as I worked hard to fix issues for clients that these updates caused. But if you really want to dive into the deep end with this latest version of Windows, here’s what you will get:

• From now on the Windows installation will be put in an area of “reserved storage”. It means you now need twice as much space on your drive, but it does mean that there’s no risk of an update causing issues if you don’t have enough disk space.
• There is a unified search box which has been uncoupled from Cortana which most people never use as far as I know.
• Windows Sandbox will let you test things that could kill your machine if you get them wrong. That’s handy for people who like to tinker.
• Much more of the “additional content” that comes with Windows which I would call “bloatware” can be removed if you want to reclaim space. But if you ever want it back, you can always reinstall it from the Microsoft Store.
• There are tweaks like font management, faster startup and updated Emoji support. There’s also a dark mode because all the cool kids run their computers in dark mode.

But the most important feature that comes with this update is that Microsoft has deemed its users to be worthy enough to decide how and when updates get applied. A blog post from Microsoft has info on that front. And on top of that, Microsoft has made a Windows release health dashboard available, to provide insight into the status of the update rollout and any issues being reported. My advice is to look at that dashboard and make a decision as to when to upgrade to version 1903 based on that. Or just wait for a couple of weeks seeing as any major issues will pop up on the Interwebs very quickly based on what happened with the last two feature updates that Microsoft put out. If you do decide to take a swim in the deep end, Microsoft will try to cover your posterior with a feature that will try to roll back the install, if things don’t work out as they should.

Oh by the way, Microsoft will automatically update devices running the Home and Pro editions of Windows 10 version 1803 to ensure service continues past November 12, 2019. So you may want to factor that into your decision making.

Regardless of whether you update now or later, make a backup of your data before you upgrade. Because you can never be too careful. But if I were you, I’d wait for a bit and see how stable version 1903 of Windows 10 is first.

If for whatever reason you are still running Windows XP, Windows Server 2003, and the like, you might want to check Windows Update. Despite the fact that Microsoft doesn’t officially support these OSes, you’ll likely find an update to mitigate against CVE-2019-0708. Put into English, Microsoft is patching a flaw in remote desktop services that could lead to a “WannaCry” style attack where a piece of malware hops from computer to computer at breakneck speed.

This flaw is present in Windows 7, Windows Server 2008, and Windows 2008 R2. All of which Microsoft still supports. However it’s also present on Windows XP and Windows Server 2003 which for reasons I don’t understand are still widely used. This flaw does not affect Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012. There are no known attacks that are in the wild as of yet. So Microsoft is clearly trying to stop this from blowing up.

Microsoft has an advisory here that users of XP and Server 2003 should read and heed. Happy Patch Tuesday!

As further proof that Microsoft really needs to up its quality assurance game, news has filtered out via a support article that if you use SD cards, external USB hard drives or USB sticks, you will be blocked from installing the Windows 10 May 2019 update. The reason as Microsoft puts it is “inappropriate drive reassignment”:

Inappropriate drive reassignment can occur on eligible computers that have an external USB device or SD memory card attached during the installation of the May 2019 update. For this reason, these computers are currently blocked from receiving the May 2019 Update. This generates the error message that is mentioned in the “Symptoms” section if the upgrade is tried again on an affected computer.

Example: An upgrade to the May 2019 Update is tried on a computer that has the October 2018 update installed and also has a thumb drive inserted into a USB port. Before the upgrade, the device would have been mounted in the system as drive G based on the existing drive configuration. However, after the upgrade, the device is reassigned a different drive letter. For example, the drive is reassigned as drive H.

Why does this matter? Apparently a whole lot of software is out there that is designed to look for specific drive letters. Thus this is not good. The problem will only really affect users who have booted Windows from external storage. Raspberry Pi users for example. Fortunately the workaround is pretty simple, eject your external storage drives first until this is fixed in a future update.

You have to wonder how many times Microsoft can serve stuff like this up that are complete head scratchers before Windows 10 users run to the Apple Store to buy Macs…. Again.

The quality of Windows 10 updates for at least the last year if not longer has been…… Sub optimal to say the least. Now we have another example of this that you should be aware of. Actually, there are two of them:

Microsoft last week confirmed this for users of Sophos Endpoint Protection:

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing this update.

You can copy and paste Sophos for Avira, ArcaBit, Avast for Business, Avast CloudCare, and AVG Business Edition, McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 as they are all affected by this.

This affects Windows 7, Windows 8.1, Windows Embedded 8, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2 and Windows 10. The good news is that Microsoft has temporarily blocked devices from receiving these updates if the specific antivirus product installed until a solution is available. But as I type this, no solution exists. Though I have found reports of uninstalling the updates in question fixing the freezing issues.

Next up is KB4493509 where Microsoft has confirmed the update can freeze PCs both in operation and boot up. The software giant says that the freezes are caused by conflicts with antivirus software. Microsoft calls out ArcaBit specifically, but in TenForums a number of other antivirus brands seem to be affected too. Again, if you have ArcaBit installed, you will be blocked from getting this update. But if you have the issues described in this article, you may want to uninstall the update as that seems to get things sorted.

You have to wonder if Microsoft actually tests their software prior to releasing it as these sorts of bugs should never see the light of day.

This is something that I never saw coming. Windows 10, which has had its last two feature updates end up being major disasters for users of the platform has had a major change in terms of how the update will roll out. Check out what Microsoft is saying in this blog post about the latest feature update which is due in May:

In previous Windows 10 feature update rollouts, the update installation was automatically initiated on a device once our data gave us confidence that device would have a great update experience.  Beginning with the Windows 10 May 2019 Update, users will be more in control of initiating the feature OS update.  We will provide notification that an update is available and recommended based on our data, but it will be largely up to the user to initiate when the update occurs.  When Windows 10 devices are at, or will soon reach, end of service, Windows update will continue to automatically initiate a feature update; keeping machines supported and receiving monthly updates is critical to device security and ecosystem health.  We are adding new features that will empower users with control and transparency around when updates are installed. In fact, all customers will now have the ability to explicitly choose if they want to update their device when they “check for updates” or to pause updates for up to 35 days.

In other words, for the first time with Microsoft’s OS as a service, you’ll be in some degree of control of what gets installed. That’s a massive departure for the company who wanted to be fully in control. I guess the backlash of the last two feature updates which bricked PCs and deleted data was too much for them to ignore. Sure you can’t entirely stop Microsoft from shoving this update onto your PC, but being able to delay it for up to 35 days is something significant because it will give you time to check the Interwebs to see if the update really screws something up so that you don’t kill your own computer by being forced to install it. While I would normally say kudos to Microsoft for doing this, I won’t be saying that this time around. This sort of control should have been present in the OS from day one. And Microsoft needs to go further and give all users full control over their computers so that their buggy feature updates don’t leave a bad taste in users mouths over and over again.