8 | Bach Seat

Tag Archive for 8

RB | May 29, 2017

Comments Off

Windows Terrible, Horrible, No Good Month

Redmond’s Terrible, Horrible, No Good, Very Bad month continues. The WannaCry ransomware hit mostly Windows 7 machines, and now researchers from the Russian information security company Aladdin RD recently discovered a new bug that will slow down and crash Microsoft (MSFT) Windows Vista, Windows 7, and Windows 8 PCs, but does not seem to impact Windows 10 so far.

In a throwback to the Windows 95 and 98 era, Ars Technica reports that certain specially crafted filenames could make the operating system lock up or occasionally crash with a blue screen of death. Ars reports that the bug allows a malicious website to try to load an image file with the “$MFT” name in the directory path. Windows uses “$MFT” for special metadata files that are used by the NTFS file system. The effected systems do not handle this directory name correctly.

The file exists in the root directory of each NTFS volume, but the NTFS driver handles it in special ways. Ars explains that it’s hidden from view and inaccessible to most software. Attempts to open the file are normally blocked, but if the filename is used as if it were a directory name—for example, trying to open the file c:\$MFT\123—then the NTFS driver takes out a lock on the file and never releases it. Every subsequent operation sits around waiting for the lock to be released. Forever. This blocks all other attempts to get access to the file system, and so every program will start to hang, rendering the machine unusable until it is rebooted.

Ars says that web pages that use the bad filename in an image source will provoke the bug and make the machine stop responding. Depending on what the machine is doing concurrently, it will sometimes blue screen. Either way, you’re going to need to reboot it to recover. Some browsers will block attempts to access these local resources, but Internet Explorer will try to open the bad file.

Ars couldn’t immediately cause the same thing to occur remotely (by sending IIS a request for a bad filename), but it wouldn’t immediately surprise us if certain configurations or trickery were enough to cause the same problem.

The Verge has successfully tested the bug on a Windows 7 PC with the default Internet Explorer browser. Using a filename with “c:\$MFT\123” in a website image, their test caused a machine to slow down to the point they had to reboot to get the PC working again.

A Microsoft spokesperson told Engadget that the company is looking into the matter and will give an update as soon as it can.
“Our engineers are currently reviewing the information. Microsoft has a customer commitment to investigate reported security issues and provide updates as soon as possible.”

The Redmond boys also had to release an emergency out-of-band update for the Malware Protection Engine aka Windows Defender. Two Google security researchers discovered the “crazy bad” flaw. They claimed it was “the worst Windows remote code exec in recent memory.” The TechNet article says the vulnerability they patched would allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file (CVE-2017-0290). To MSFT’s credit, they did fix the bug and release the patch with a week of being notified.

rb-

Early reports are that this bug is an attack vector. However, this is a denial of service attack that will need a reboot. This new flaw could be bundled with other more dangerous malware to force the user to reboot allowing the attacking malware to get loaded.

Related articles

Microsoft patched more Malware Protection Engine bugs last week (The Register)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 10, 2017, 7, 8, Blue Screen of Death, BSOD, Defender, DoS, Microsoft, MSFT, NTFS, Security, Vista, Vulnerability, Windows

RB | February 10, 2015

Comments Off

Windows 7 Reaches Middle Age

Now that you have almost eliminated Microsoft (MSFT) Windows XP from your network and settled on Windows 7 it should be time to catch your breath. But NOOO!! Windows 7 has reached the end of mainstream support. That’s right we are already 5 years into the Windows 7 era. Repeat after me… Windows 7 still has five years left … Windows 7 still has five years left … Windows 7 still has five years left.

Microsoft commits to 10 years of security fixes and 5 years of feature enhancements and bug fixes for each major OS release. Windows 7 has moved from mainstream support – free help for everyone – to extended support, which means Microsoft will charge for help with the software. That will end in 2020 when Microsoft turns out the lights on Windows 7 for good.

The recent techno-flops from the boys and girls in Redmond, Vista, and Windows 8 have taught enterprises to plan for a new desktop OS every other release. This puts businesses in a bind. MSFT’s track record prevents forward-looking firms from organically growing their desktop fleet into the next cycle. There are those that argue that until Microsoft separates consumer from commercial desktops, Microsoft commercial customers will continue to skip one or more iterations of Windows, their only real answer to the high costs and disruption of upgrading.

Gregg Keizer at ComputerWorld cites research from Gartner (IT) which prognosticates that many enterprises cannot change their processes. Many organizations will go through the same machinations they did with XP. Or maybe even balk at dumping Windows 7 at the same pace as the venerable Windows XP, making things worse. Michael Silver of Gartner told ComputerWorld that having a plan could help organizations avoid a repeat of XP’s expensive end-of-support scramble. Gartner believes that the same EOL mad-scramble we saw with XP will occur again when time is up on Windows 7. Mr. Silver claims:

[A repeat of Windows XP] is certainly likely to happen … One of the big differences that’s been under-considered is that because Vista took five years to come out [after XP], there were eight years between XP and Windows 7. So Windows XP felt pretty old. … Windows 7 won’t feel that old to people…”

Mr. Keizer argues that the failure of Windows 8 to win enterprise hearts and minds has created an oddity: Even though Windows 7 has made middle age, Microsoft continues to let OEMs sell PCs running the Windows 7 business edition. Microsoft has yet to name an end date for OEM sales of machines powered by Windows 7 Professional. But because it has promised a 12-month notice, those PCs can still be sold at least until early January 2016, when the OS has but four years of life left.

But if you are just finishing your last migration, then you don’t have all that much time to start planning the next one.

rb-

If you don’t like the Redmond hamster wheel, consider your alternatives. Sophos compares the Windows upgrade schedule to some other options. 10 years might be the best option out there. For example:

Apple’s (AAPL) OS X is supported for mystery years,
Apple’s mobile iOS is supported for mystery years (3?)
Android seems to leave it up to you, but don’t expect Google (GOOG) to commit to securing it.
Ubuntu LTS is supported for around 5 years, and
Red Hat Enterprise 13 years (with extended support).

The Windows 10 challenge: Making people care about Windows again (zdnet.com)

Category: Uncategorized | Tags: 10, 2015, 7, 8, AAPL, Android, Apple, Gartner, GOOG, Google, Hardware, IOS, IT, Linux, Microsoft, MSFT, Red Hat, Ubantu, upgrade, Windows, XP

RB | September 4, 2014

Comments Off

Will iOS 8 Crush Your Network?

– Updated 09-09-14 – At their presser today, Apple announced that iOS 8 will be publicly available on Wednesday, September 17. The update is free and compatible with 10 current products:

iPhone 5S
iPhone 5C
iPhone 5
iPhone 4S
iPad Air
iPad with Retina Display
iPad 2
iPad mini with Retina Display
iPad mini
iPod touch 5th Generation

How are you going to protect your network?

—

TechRadar speculates that Apple’s new mobile operating system, iOS 8 will be released on September 10 and MacWorld UK reports that iOS 8 will run on most iPads, iPhones, or iPod Touch devices when it arrives. This means that if you haven’t already done something about it any iDevice that walks into your Wi-Fi will want to download 100+ megabytes of data. And you know what means user complaints that the internet is broken and the network is slow.

The folks at Exinda, a supplier of policy-based WAN Orchestration recently put out some suggestions on how to keep your network functional during Apple’s (AAPL) iOS 8 update madness, unlike the iOS 7 release last year. Few organizations were prepared for the effects that widespread software updates would have across corporate and educational networks.

Shortly after the software launch, download requests bombarded networks which prevented users from accessing key applications or completing work on time. Boston-based Exinda says reports from last year showed that the iOS 7 update used more than 60% of bandwidth and caused several networks to crash completely.

Exinda polled their community of networking experts to weigh in with three possible strategies to help you survive release week, no matter how complex your IT environment is.

Set an iOS policy

Set a policy to completely block software upgrades 20% of Exinda customers said that controlling iOS 7 upgrades was their biggest IT headache last year. If iOS 7 put a huge strain on your network last year, proactively blocking this year’s software release may be the best way to protect your network.

Before release week, simply create a policy using the Apple Software Updates application signature and set it to discard the traffic. This will cause all network traffic generated from iOS 8 to be discarded, effectively keeping your users from upgrading their devices on your network.

Limit the bandwidth software upgrades use

Depending on your network and users, you may have no choice but to let some of your users upgrade their devices during peak hours, particularly if you’re a school with a 1:1 iPad program. To control the amount of bandwidth iOS 8 can use on your network, set a policy that guarantees minimum and maximum levels of bandwidth that can be consumed during this upgrade. We recommend setting the minimum at 1 Kbps and giving this policy a low priority so it does not take precedence over your more important traffic.

Bruce Miller, vice president of product marketing at Xirrus in a Fierce Mobile article, advised IT administrations to deploy Wi-Fi network application control software that regulates how the network handles bandwidth-hogging apps and spikes in traffic.

IT needs to be savvy at the application level, identify when something like this happens and then be able to apply QoS [quality of service] or prioritization to applications, not just to users.

Cache iOS software upgrades

Cache software upgrades at the network edge – Last year many Exinda customers cached the iOS download at the network edge, which allowed their users to upgrade their devices without using too much bandwidth or hurting network performance. To do this, create a new policy to cache the iOS 8 upgrade. This means that after the software has been downloaded on the network once, each subsequent download request will be served up locally, letting you preserve your bandwidth and prevent network outages.

rb-

The release of iOS 7 last year blindsided many IT managers. Large numbers of employees upgrading their devices at the same time caused many networks to crash, leaving users unable to access key apps or get work done on time.

I also blogged about how The NCAA Basketball and World Cup tournaments would be huge bandwidth wasters here. IT managers need to be more alert to events outside their network that can overwhelm the corporate network.

Exinda adds WAN orchestration (itworldcanada.com)

Category: Uncategorized | Tags: 2014, 8, AAPL, Apple, bandwidth, Denial of Service, Exinda, IOS, iPad, iPhone, iPod, Security, Wi-Fi

RB | August 21, 2014

Comments Off

MSFT Closing More Windows Support

MSFT Closing More Windows Support IT departments organizations are busy keeping up with XP replacements, Cloud migrations, BYOD implementations and now Microsoft has reminded everybody that there are other fires burning on the horizon. Microsoft (MSFT) is warning that they are ending mainstream support for more popular Windows products. Some of the key products ending mainstream support include; Windows 7, Window Server 2008, Exchange 2010, and SharePoint 2010.

So what does Redmond mean when it ends “Mainstream Support”?

Mainstream support is the typically five-year period when Microsoft provides free patches and fixes, including but not limited to security updates, for its products.
When a product exits the mainstream support phase, Microsoft continues to provide a period (also often five years) of extended support, which means users get free security fixes but other types of updates are paid and require specific licensing deals.
“End of support” means there will be no more fixes or patches — paid or free, security or non-security — coming for specific products. CNET says there are some temporary workarounds, as Windows XP users have discovered, but as a general rule, end of support means, for most intents and purposes, the end.

Here are some critical (or not so critical) dates. You may want to circle in red on your calendar and start planning now. Do you have funds in your 2020 capital budget for new hardware? Will cloudifying these be the answer? Are you up to speed on Azure? Are your apps up to speed on Azure?

September 14, 2014 mainstream support ends Windows Phone 7.8.

October 14, 2014, is a critical date, support ends for

Office 2010 (Including Viso and Project) with Service Pack 1 mainstream support ends.
SharePoint Server 2010 Service Pack 1 mainstream support ends

January 13, 2015, is a big day for Microsoft support

Windows 7, Mainstream, free support ends on for all versions of Windows 7 (Enterprise, Home Basic, Home Premium, Ultimate, and Starter) as well as Windows 7 SP1.
Extended support for Windows 7 lasts until January 14, 2020, so users can expect to continue to receive free security updates, but not feature updates, for Windows 7 until that point.
Some industry watchers have speculated that Microsoft will end up pushing out Windows 7’s support dates the way the company did for XP, given Windows 7’s popularity and pervasiveness, but so far, CNET says there is no evidence of it happening.

Windows Server 2008 – Mainstream support also ends on all versions of Windows Server 2008 and 2008 R2. Extended support remains in place until 2020.
Exchange 2010 – Mainstream support will also end on all versions of Exchange 2010. Extended support remains in place until 2020.

Other Microsoft products whose mainstream support ends on January 13, 2015 include :
- All editions of Windows Storage Server 2008,
- Dynamics C5 2010,
- NAV 2009 and NAV 2009 R2
- Forefront Unified Access Gateway 2010 with SP3
- Visual Studio 2012
Microsoft recommends its customers to get updated, “Customers should migrate to the next available Service Pack to continue to receive security updates and be eligible for other support options.”

July 14, 2015, Microsoft’s extended support period for Server 2003 cuts off (I covered the end of 2003 here). MSFT won’t be issuing patches, updates, or fixes of any kind for that operating system (unless users have pricey Custom Support Agreements in place). Redmond is hoping to move 2003 hold-outs to Windows Server 2012 R2 and/or Azure.

October 13, 2015, is another big deal day

Office 2010, Visio 2010, Project 2010 — Mainstream Support ends. Extended support should run into 2020.
SharePoint Server 2010 — Mainstream support ends. Extended support should run into 2020.

April 11, 2017 – Extended Support ends for Windows Vista ends. No more updates. Time to upgrade (rb- if you haven’t already moved on).

August 11, 2017 – Extended Support ends for Exchange Server 2007. No more updates. Time to upgrade.

January 10, 2018, Mainstream support for Windows 8.1 ends for all versions of Windows 8. Customers still running Windows 8 have until January 12, 2016, to update to Windows 8.1 in order to stay supported.

rb-

Remember this – running out-of-date software which no longer receives security updates is playing into the hands of online criminals and hackers.

Microsoft warns of pending support deadlines for Windows 7, Office 2010 SP1, Windows Server 2003 and more (zdnet.com)

Category: Uncategorized | Tags: 2003, 2008, 2012, 2014, 7, 8, Azure, EOL, Exchange, Microsoft, MSFT, Patch Tuesday, Patching, Security, Server, SharePoint, Visio, Windows, XP

RB | April 1, 2014

Comments Off

Limit Admin Rights to Close Microsoft Holes

It’s been best practice for a very long time: all users and processes should run with the fewest privileges necessary. That means no Admin rights for users. This limits the damage that can be done by an attacker if the user or process is compromised.

ZDNet says that running users without admin rights on Microsoft (MSFT) Windows XP was generally impractical. It is a much more reasonable and manageable approach on Windows Vista, Windows 7, and Windows 8, but many organizations still run users as administrators because it makes things easier in the short term.

Impact of running with “least privilege”

ZDNet cites a new study from UK software company Avecto which demonstrates the real-world impact of running with “least privilege”. In 2013, Microsoft released 106 security bulletins and updates to address the 333 vulnerabilities identified in them. 200 of the 333 total vulnerabilities would be mitigated if the user were not running as administrator. 147 of the vulnerabilities were designated critical; 92 percent (135) of these would be mitigated.

Dark Reading says that the Avecto results also revealed that removing admin rights would also mitigate:

91% critical vulnerabilities affecting Microsoft Office,
96% of critical vulnerabilities affecting Windows operating systems,
100% of vulnerabilities in Internet Explorer and
100% of critical remote code execution vulnerabilities.

$Breakdown of Microsoft V\vulnerability Impact in 2013$

Avecto told ZDNet that non-administrator users can still be compromised, but it’s much less likely that they would be and, if they were, the impact would likely be greatly limited. Least privilege is most effective as part of a more comprehensive security architecture including the prompt application of updates to patch vulnerabilities.

Paul Kenyon, co-founder, and EVP of Avecto told Dark Reading, “This analysis focuses purely on known vulnerabilities, and cybercriminals will be quick to take advantage of bugs that are unknown to vendors. Defending against these unknown threats is difficult, but removing admin rights is the most effective way to do so.”

rb-

Employees with admin rights can install, modify and delete software and files as well as change system settings making more work for the help desk folks. The report demonstrates that many companies are still not fully aware of how many admin users they have and consequently face an unknown and unquantified security threat. It is also conceivable that privilege management would have made high-profile attacks such as the recent one on Target if not impossible then much harder, by reducing the potential for the abuse of partner access, believed to have been at the heart of the breach.

Category: Uncategorized | Tags: 2014, 7, 8, Avecto, Internet Explorer, Least, Microsoft, MSFT, Privilege, Security, Vista, Vulnerability (computing), Windows, XP

« Older Entries

Bach Seat

Tag Archive for 8

Windows Terrible, Horrible, No Good Month

Windows 7 Reaches Middle Age

Related articles

Will iOS 8 Crush Your Network?

Set an iOS policy

Limit the bandwidth software upgrades use

Cache iOS software upgrades

Related articles

MSFT Closing More Windows Support

Related articles

Limit Admin Rights to Close Microsoft Holes

Impact of running with “least privilege”

Meta