For goodness sake, please listen to me when I tell you: Do NOT use Internet Explorer any more!

by Leave a Comment

In mid-January 2020, Microsoft issued advisory ADV200001 warning of a vulnerability in the scripting engine of Internet Explorer.  Yes, I know, that’s gibberish to most of you.  It means that there could have been an attempt to execute code in attack mode via that browser.   How?  You could have received an email with a link that explicitly opened Internet Explorer (even if it wasn’t your default browser) and been sent to a malicious web site specifically designed by bad guys.   If exploited successfully, the attacker could have gained access rights to your computer.  As Microsoft put it at the time: “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

That’s very bad (I’d segue into the Ghostbusters “don’t cross the streams” theme about the definition of the word “bad,” but I’m sure you get the idea).

At the time, Microsoft did not have an immediate fix.  As of February’s “patch Tuesday,” they announced one with the heading “Security Advisory CVE-2020-0674.”  Microsoft will be patching desktop operating systems from Windows 7 clear through the latest version of Windows 10, plus a slew of server operating systems.

The Network Operations Center will be testing this set of updates for the next seven days.  If the patches pass those tests, then the updates will be available for all of you by the end of next week.  In the interim, I have only one thing to say:  DO NOT USE INTERNET EXPLORER, USE ANOTHER BROWSER!  There are several to choose from, for example, Mozilla Firefox, Google Chrome, Opera (which I didn’t recall as being around, but it still exists) or Brave (which I’m sure you’ve never heard of), heck there are probably some of you who use Edge in Windows 10 (heaven help you).  If you’re not sure what browser is your default, write to me and I’ll let you know.

But let’s get down to the meat of this:  If Microsoft announced the problem on January 17 and only released the solution on February 11, the bad guys had a considerable amount of time to take advantage of the vulnerability, and yet the world didn’t come to a screeching halt.  But I don’t – for one minute – want to suggest that you not patch a known vulnerability.  What I recommend, instead, is a moderate amount of common sense.  And the best way to implement that would be to stop using the problem-plagued browser, even after your computer receives the patches.

Bottom line:  this exploit is explicitly for IE – so to avoid any possible unpleasantness, don’t use it.  Simple really.

Thanks and safe computing!

When It Is A Busy Thursday For The Wrong Reasons

by Leave a Comment

Microsoft issues its monthly updates on “Patch Tuesday,” the second Tuesday of the month. Since the beginning of this year it has tried to fix the critical issues associated with the Spectre and Meltdown problems. But in a totally unexpected turn, the March 2018 monthly update knocked Windows 7 and Windows Server 2008 R2 systems offline because the network drivers get clobbered after the computers were restarted.

As a result, for the past two months I have blacklisted the updates; meaning I prevented them from being installed. In cases where I missed that phase and the computer had not been rebooted, I ran a script to uninstall the update. And in some cases, I was altogether too late and had to manually reinstall the network drivers.

Unfortunately, the May 2018 monthly update was wrapped up with a critical security patch, so it was inevitable that I had to release it. And I regret it, because this last episode has pretty much worn me out – and I’m not done with it yet.

Of all the vaunted software tools I have at my disposal, the most valuable one is remote access. However, when a client’s computer cannot connect to the internet that tool becomes useless; and I am forced into “break/fix” mode.

So the second Thursday of the month has now become a day of running around to client sites and manually reinstalling drivers, getting internet access again, updating the drivers and fixing other elements that are listed as “Unknown” in the Windows Device Manager.

Knowing that I’m shouting into the wind, I’m going to make this plea anyway. “Hey Microsoft! Could you please figure out a way to get this update to work properly without any extraordinary measures on my part?” I would thank you, and my clients would thank you.

After This Latest Patch Tuesday I Could Be Convinced To Start Deploying Ubuntu

by Leave a Comment

“Beware the Ides of March” is a well-known phrase for this time of year. Who knew that it would apply on Wednesday March 14, 2018? That was the day after Microsoft released KB4088875, which had the uncanny ability to remove the network card drivers from Windows 7 Professional and create ghost network cards in Windows Server 2008 R2.

Clients called to tell me they could not connect to the Internet, and asked if I could remote in to fix the problem? Seriously? (Sometimes there is a little bit of humor in IT support.)

No, I am sorry, but I cannot remote in to your computer if you can’t get a network connection. I had to tell a number of clients that I was going to deputize them as “special assistant junior level 1 technicians” for the life of the phone call. In some cases it was a mere 15 minutes; whereas in others it clocked in at closer to 45.

The major saving grace in all of this is that I deploy Lenovo computers to my clients. Fortunately the factory-installed network drivers are available for detection and installation directly from Windows (Device Manager > Unknown Device > Update drivers > Browse my computer), or indirectly via the C:\SWTOOLS\DRIVERS\NETWORK\INTEL folder (requires the user to click on the appropriate EXE file).

Once the network card was re-installed and activated, it was a simple matter of gaining remote control to do two important tasks. The first was to uninstall KB4088875; that absolutely had to go. The second was to run Lenovo’s System Update utility to update the network driver to the current version, and to reinstall (or update) any other software that was removed.

The most worrisome aspect of this little escapade: I’m not sure that all of my clients rebooted following Tuesday’s patch. So this issue is going to crop up again and again over the next few weeks as clients shut down and restart their computers.

I have already run a script to uninstall the patch from those computers, but I may not have caught all of them in time. Similarly, I have blocked the patch from being distributed to the rest of my client base to prevent an onslaught of phone calls and irate clients.

Ubuntu doesn’t seem to have these horrific issues on a regular basis.  Although January’s attempt to fix the Meltdown issue did qualify as truly awful. So if a client only needs to browse the internet and obtain mail via a web browser, I am now, more than ever, inclined to move them to an easier to manage desktop operating system.

Therefore, let me offer “Thanks!” to Microsoft for enabling me to break out of the Windows-only rut and consider an alternative desktop experience for my clients. Ubuntu puts a nice glossy coat on Linux, virtually eliminating the mystery of using a different operating system.

Thanks and safe computing!