Microsoft Security Updates – MARCH 2017

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

http://blog.talosintelligence.com/2017/03/microsoft-patch-tuesday-march-2017.html

https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx

https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/

https://isc.sans.edu/mspatchdays.html?viewday=2017-03-14

Following a sparse February patch Tuesday, today’s March release brings a bumper crop of fixed vulnerabilities: 17 bulletins covering 140 different vulnerabilities, 47 of which are rated as critical. The critical vulnerabilities affect Internet Explorer, Edge, Hyper-V, Windows PDF Library, Microsoft SMB Server, Uniscribe, Microsoft Graphics Component, Adobe Flash Player and Microsoft Windows. 92 vulnerabilities are rated as important, additionally affecting Active Directory Federation Services, DirectShow, Internet Information Services, Microsoft Exchange Server, Microsoft Office, Microsoft XML Core Services, Windows DVD Maker, Windows Kernel, Windows Kernel-Mode Drivers.

Internet Security – Five worst hacking incidents Q1 2017

Entrepreneur’s web site lists the five worst hacking incidents for the first quarter of 2017, as follows: 

https://www.entrepreneur.com/slideshow/290673

1. Fake GMAIL login page – hackers have discovered a highly-effective phishing scheme that’s fooled users into forfeiting their login credentials. The hacker — usually disguised as a close email contact — is found to be sending emails with a “PDF” attachment. Upon clicking the attachment, which is not actually a PDF but appears like one, victims are led to a fake Gmail login page.

2. World Wrestling Entertainment (WWE) hacked – Last year, hacking group OurMine was the leader of some big-time, harmless hacks.  OurMine broke in and informed the company how unsecure its accounts are, and offered its commercial services to help. “We’re just testing your security,” posted the company — which seems to be its well-known tagline.

3.CNN site hacked — Hacking group Our Mine was feeling ambitious over the Jan. 28 weekend. A day after breaking into WWE’s accounts, the cyber security company went for its next victim: CNN. On Jan. 29, the main CNN facebook page, along with CNN International and CNN Politics were hacked.

4. IndiGo Airline Twitter account hacked — Indian airline IndiGo fell victim to cyber attacks twice. Most recently, the company’s Twitter account, which previously had more than 100,000 followers, got hijacked

5. Hundreds of Twitter accounts — From Duke University to Justin Bieber to the Atlanta Police Department, Twitter accounts worldwide are being hijacked, with the hackers spreading a political message.

Using MS Authenticator for 2FA Everywhere

Two Factor/Multifactor Authentication can help keep you safe.

The bad guys are out to get you. They’re phishing in your email, they are using brute force to try to get your password so they can log into your email accounts, your Microsoft Accounts, your Google accounts, Facebook, Twitter, and just about everywhere that you use a password to log in. Having a strong and unique password for every site and account isn’t enough these days. You CAN do more to protect yourself. There PROBABLY ARE baddies trying to break into your accounts right now. It’s a fact of life. Want an example? I was amazed at the number of unique IP’s trying to gain administrative access to the WordPress dashboard on one of my blogs by trying to login through the WordPress interface. And I was horrified.

What can you do to protect yourself? My advice is simply ‘if you don’t have 2FA enabled, enable it now if you possibly can’. (And if you are one of the folks that still doesn’t have a smartphone, consider a physical device like Yubikey’s devices. Microsoft blogged about using this product for Windows Hello as well.) I won’t cover using these devices in this article, but be aware that if you don’t have a smartphone, you do have an option.) Note that, in some cases, you can use a secondary email address as an option to SMS or Yubikey, but it isn’t as secure and I don’t recommend it.

Two Factor Authentication (2FA) relies on something you know (like a strong password) and something you have (like a cellphone/smartphone) to help secure your email, online email and social media accounts, etc. There are additional ways to use 2FA, and you can read more about this at Wikipedia, Microsoft, and there’s a particularly good write up at Google. And Microsoft has a video:

 

Get the Microsoft Authenticator App

(Before you get started, if you don’t already have a cell phone number attached to your Microsoft Account as a recovery number, set one up. To do this, go to https://account.live.com/proofs/Manage and sign in. Full instructions on how to do this are here.)

First step is to get the app for your platform and install it on your smartphone.

iOS users – if you have an Apple Watch, you get a watch app that lets you quickly approve or deny.

Android App

Windows Mobile

Next open your web browser and go to https://account.live.com/proofs/Manage

Setting up 2FA for your Microsoft account: Setting up MS authenticator for an outlook.com/hotmail.com (etc.) personal Microsoft Account takes a few steps. Here’s a short video walkthrough of the process. I’ve obliterated personal information and made some edits for privacy, but all the steps are shown.

 

 

After setting up 2FA for an account, alerts will appear on your phone and you will be able to approve or deny each one. In iOS 10, tap the notification to open MS Authenticator. The alert will specify the account (I’ve covered this here for privacy) and you can Approve or Deny.

approve alert

I have an iPhone and an Apple Watch, and for me, using Microsoft Authenticator is non invasive and easy. Most of the time, I can approve the 2FA request right on my Apple watch.

apple watch

 

 

It’s pretty straightforward to set up Microsoft Authenticator with your Microsoft Account, but it may not be obvious that you can use the MS Authenticator elsewhere. Many online sites document using Google Authenticator, but don’t mention that other products, such as Microsoft Authenticator will work just as well (or better!). At a 50,000 foot level, you turn on 2FA and enable “use an app” and select the “+” add account in the app and then take a picture with your smartphone of a QR code to start the process. It is pretty easy to set up and well worth the extra effort. And in most cases, you can designate “trusted devices” so that you authenticate once (or every 30 days, etc.). For desktop programs like Outlook 2016, you can generate Application Passwords to enter into account settings instead of your regular password (and if the account is already setup, you just replace the password with the App Password).

Setting up 2FA for your Google account (iOS or Android):

Start by going to https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome and logging in if you aren’t already logged in.

Here’s a short demo walk through of how to use Microsoft Authenticator with your Google Account. And again, this process should work with any online account that lets you set up an authenticator app using a QR code, even if MS Authenticator is not specifically list.

If you turn on 2FA for your Microsoft account and any Google accounts, that’s a good start towards increasing your security (and hopefully your peace of mind). And you should turn it on for any online entity that offers it.

Spybot Search & Destroy Weekly Update – March 22, 2017

2017-03-22
Adware
+ Ad.Linkular ++ Ad.Masponi ++ Ad.WonderBrowse + bProtector + Firseria + Win32.InCore
PUPS
++ PU.Mindspark.MapsGalaxy ++ PU.NowUSeeItPlayer ++ PU.oTweak.SystemBoosterPro ++ PU.Polarity.Weatherly ++ PU.RealTimeGaming ++ PU.SuperPCCleaner
Trojans
+ Win32.OnLineGames.gen
Total: 2626960 fingerprints in 837993 rules for 7816 products.

»www.safer-networking.org ··· updates/

Removal instructions for Cyboscan PC Optimizer

What is Cyboscan PC Optimizer?

The Malwarebytes research team has determined that Cyboscan PC Optimizer is a “system optimizer”. These so-called “system optimizers” use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems

https://forums.malwarebytes.com/topic/198090-removal-instructions-for-cyboscan-pc-optimizer/

How to Change Size of Caption Buttons in Windows 10

In Windows 10, it is possible for you to change the size of caption buttons (minimize, maximize, close) to be smaller or larger.

Using larger caption buttons will also increase the height of title bars.

This tutorial will show you how to change the size of caption buttons and height of title bars for your account in Windows 10.

Read more…

How to Change the Size of Scrollbars in Windows 10

In Windows 10, it is possible for you to change the scrollbar width to be thinner or thicker, and change the scrollbar button size to be smaller or larger.

This tutorial will show you how to change the scrollbar width and scrollbar button size for your account in Windows 10.

Read more…

Removal instructions for My News Wire

What is My News Wire?

The Malwarebytes research team has determined that My News Wire is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
My News Wire is a member of the Spigot family as described in the blogpost Spigot browser hijackers.

https://forums.malwarebytes.com/topic/198051-removal-instructions-for-my-news-wire/

Microsoft Apps pour Android

Bonjour tout le monde,

Vous utilisez un Smartphone Android et pensez peut-être que Microsoft vous a oublié.

Eh bien non !

Il existe une multitude d’applications Microsoft pour Android disponibles dans le Play store.

Office, Office Lens, Onedrive, Skype, Remote Desktop, Evernote, Translator… et j’en passe 😉

Dépêchez-vous, si vous n’y allez pas bientôt il n’y en aura plus 😃

Bonne journée.

Patrice.

Updating built in modules

Windows 10 and Server 2016 automatically install a module called Pester which is used for testing code. Its the foundation of Test Driven Development or Behaviour Driven Development using PowerShell.

The version  installed by default is 3.4.0.

Pester is originally an open source module that has been incorporated into Windows. The latest version from the PowerShell Gallery is 4.0.2

Normally you’d use Update-Module to install the new version BUT you didn’t install pester from the gallery using Install-Module so you’ll get a big fat error message.

The answer is to use

Install-Module pester –Force

You might still get an error message about the Pester module not being catalog signed. if you do and still want the latest version then use

Install-Module pester -Force -SkipPublisherCheck

SpywareBlaster Database Update – March 20, 2017

20 Internet Explorer
0 Restricted Sites
0 Firefox

17636 items in database

http://www.brightfort.com/downloads.html

Removal instructions for EasyFileConvert

What is EasyFileConvert?

The Malwarebytes research team has determined that EasyFileConvert is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

https://forums.malwarebytes.com/topic/197966-removal-instructions-for-easyfileconvert/

How to Change Windows Startup Sound in Windows 10

Windows 10 can play a sound at startup to let you know it’s loaded and ready.

This tutorial will show you how to change the Windows Startup sound to play a WAV file you want in Windows 10 without using 3rd party software.

Read more…

How to Hide or Show Sender Pictures in Outlook Mail on Windows 10 Mobile Phone

By default, the Outlook Mail app on your Windows 10 Mobile phone will show the sender pictures in the message list to help make it easier to see who the email messages are from.

Microsoft has quietly added a setting to turn on or off to show sender pictures in the message list in a new update of the Outlook Mail app (version 17.8013.42368.0).

This tutorial will show you how to hide or show sender pictures in the message list of the Outlook Mail app on your Windows 10 Mobile phone.

Read more…

How to Hide or Show Sender Pictures in Windows 10 Mail App

Windows 10 comes with a new Mail app. The new Mail app brings improved performance and a familiar three-pane email UI, with a toggle to quickly move between your email and calendar. Mail includes customizable Swipe Gestures, letting you swipe right or left to take actions like delete, flag, move or mark as read/unread. Also check out the new email authoring experience. Mail leverages the familiar and rich capability of Word to that allows you to easily insert tables, add pictures and use bullets and color to your text. The Mail app supports Office 365, Exchange, Outlook.com, Gmail, Yahoo!, IMAP, POP and other popular accounts.

By default, the Mail app will show the sender pictures in the message list to help make it easier to see who the email messages are from.

Microsoft has quietly added a setting to turn on or off to show sender pictures in the message list in a new update of the Mail and Calendar app (version 17.8013.42367.0).

This tutorial will show you how to hide or show sender pictures in the message list of the Mail app for your account in Windows 10.

Read more…

How to Remove Windows 10 Creators Update message in Windows Update

Windows 10 Creators Update will officially be released to the general public around April 10th 2017.

After installing the Cumulative Update KB4013429 for Windows 10 build 14393.953, you will see a message in Windows Update on the Settings -> Update & Security page inviting you to click on the Yes, show me how link to be one of the first to experience the Windows 10 Creators Update before the official release date.

If you prefer not to see this message in Windows Update until the Windows 10 Creators Update is released, you can remove it now.

This tutorial will show you how to remove the “Good news! The Windows 10 Creators Update is on its way. Want to be one of the first to get it?” message from Windows Update in Windows 10.

Read more…

Parametrized tests with MS-Test

Recently, Microsoft introduced the new version of its test framework, MS-Test 2. With this new version, they introduced a new feature that I was waiting for a long time: parametrized tests (yes, NUnit and XUnit have had this for a long time, I know).

And what are parametrized tests? Let me show you with an example. Let’s say we have this routine to return Fibonacci numbers (source: https://www.dotnetperls.com/fibonacci)

 

public static int Fibonacci(int n)
{
    int a = 0;
    int b = 1;
    // In N steps compute Fibonacci sequence iteratively.
    for (int i = 0; i < n; i++)
    {
        int temp = a;
        a = b;
        b = temp + b;
    }
    return a;
}

And we want to test it. We would like to test it with the numbers 0, 1, 2 and 80 (the first two are special cases, the third is a normal case and 80 is a large number to be sure that the routine works with large numbers). We should create a test like this:

[TestMethod]
public void Given0FibonacciReturns0()
{
   var fib = new Fib();
    var actual = fib.Fibonacci(0);
    Assert.AreEqual(0,actual);
}

This is not a bad test, but we must copy and paste to test the other results. You may argue that we could create a test like this one:

[TestMethod]
public void GivenDataFibonacciReturnsResultsOk()
{
    var numbers = new[] { 0, 1, 2, 80 };
    var results = new[] { 0L, 1L, 1L, 23416728348467685L };
    var fib = new Fib();
    for (int i = 0; i < numbers.Length; i++)
    {
        var actual = fib.Fibonacci(numbers[i]);
        Assert.AreEqual(results[i], actual);
    }
}

But this has some problems:

  • If a test fails, it’s difficult to know which number failed
  • If one number fails, the next ones are not tested
  • You don’t have a clear view of what is being tested

MS-Test has had for a long time Data Driven tests (https://msdn.microsoft.com/en-us/library/ms182527.aspx), but this is very cumbersome. You must create a data file, assign it to the test and run the test using the TestContext. It’s too much work for just four tests, no?

Then it comes MS-Test 2. With it, you can create a DataTestMethod, with DataRows for each test. Let’s see how do you create a test with this new feature.

Creating Parametrized tests with MS-Test 2

In Visual Studio, create a new Console Project. In this project, create a new class and name it Fib.cs. Add this code to the class:

 public class Fib
 {
     public int Fibonacci(int n)
     {
         int a = 0;
         int b = 1;
         // In N steps compute Fibonacci sequence iteratively.
         for (int i = 0; i < n; i++)
         {
             int temp = a;
             a = b;
             b = temp + b;
         }
         return a;
     }
 }

Then, in the solution, add a new Class Library project. Right click the References node in the Solution Explorer and add a reference to the console project. Then right click in the References node again and select “Manage NuGet packages”. Add the packages MsTest.TestAdapter and MsTest.TestFramework.

image

With that, you have a test project with MS-Test 2. If you are using Visual Studio 2017, the Test Project template already includes these two packages, but you must update them to the latest version, as the parametrized tests didn’t run well with the default packages.

Then, we can create our test:

[TestClass]
public class FibonacciTests
{
    [DataRow(0, 0)]
    [DataRow(1, 1)]
    [DataRow(2, 1)]
    [DataRow(80, 23416728348467685)]
    [DataTestMethod]
    public void GivenDataFibonacciReturnsResultsOk(int number, Int64 result)
    {
        var fib = new Fib();
        var actual = fib.Fibonacci(number);
        Assert.AreEqual(result, actual);
    }
}

The test is very similar to the ones we are used to create, it just has some differences:

 

  • Instead of the TestMethod attribute, it is decorated with the DataTestMethod attribute
  • The method receives two parameters
  • Each test has a DataRow attribute associated to it.

 

 

If we run this test, we get these results:

image

As you can see, we have three tests that passed and one that failed. We didn’t take in account in our routine that the results could be very large and overflow. So, we must change the routine to take this in account:

public Int64 Fibonacci(int n)
{
    Int64 a = 0;
    Int64 b = 1;
    // In N steps compute Fibonacci sequence iteratively.
    for (int i = 0; i < n; i++)
    {
        Int64 temp = a;
        a = b;
        b = temp + b;
    }
    return a;
}

Now, when you run the tests, you get this:

image

All tests are passing, and we can have a clear view of which tests were run, without the need of extra files or any other tricks. Cool, no? This was a very welcome addition to MS-Test and can improve a lot our testing.

The source code for this article is in https://github.com/bsonnino/Fibonacci

Firefox 52.0.1 Released on March 17, 2017

Version 52.0.1, first offered to Release channel users on March 17, 2017

We’d also like to extend a special thank you to all of the new Mozillians who contributed to this release of Firefox!

Fixed

  • Various security fixes
    https://www.mozilla.org/en-US/firefox/52.0.1/releasenotes/

Microsoft Security Bulletin Minor Revisions Issued: February 23, 2017

Summary

The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-084
* MS16-JUL

Bulletin Information:

MS16-084

– Title: Cumulative Security Update for Internet Explorer
– »technet.microsoft.com/li ··· 084.aspx
– Reason for Revision: Removed CVE-2016-3276 from the
Vulnerability Severity Ratings and Impact table and from
the Vulnerability Information because Internet Explorer 9,
Internet Explorer 10, and Internet Explorer 11 are not
affected by this vulnerability. This is an informational
change only.
– Originally posted: July 12, 2016
– Updated: March 17, 2017
– Bulletin Severity Rating: Critical
– Version: 1.1

MS16-JUL

– Title: Microsoft Security Bulletin Summary for July 2016
– »technet.microsoft.com/li ··· JUL.aspx
– Reason for Revision: V1.2 (March 17, 2017): For MS16-084,
removed CVE-2016-3276 from the Exploitability Index because
Internet Explorer 9, Internet Explorer 10, and Internet
Explorer 11 are not affected. This is an informational change
only.
– Originally posted: July 12, 2016
– Updated: March 17, 2017
– Bulletin Severity Rating: Not applicable
– Version: 1.2

Removal instructions for InternetSpeedPilot

What is InternetSpeedPilot?

The Malwarebytes research team has determined that InternetSpeedPilot is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.

https://forums.malwarebytes.com/topic/197840-removal-instructions-for-internetspeedpilot/

Recent Comments

Archives