Latest Posts from all MSMVPS.COM blogs

  • Microsoft Excel – Filtering techniques MAY-2019
    The MAY 2019 IIL blog features several techniques for filtering Microsoft Excel spreadsheets to zero in on targeted results
    Basic Filtering in Excel In this blog I’ll discuss filtering. In another continued blog, I’ll talk about advanced filtering. First, what is filtering? Notice all the filtering is done using the selected cell’s property, whereas in the previous filter by color (a misnomer, actually, because you can also filter here by icon), you can see all the choices available. Next month, we’ll show what can be done with advanced filtering. ... read more
    Source: Latest Blog PostsPublished on Monday, May 20, 2019By harrywaldron
  • Security – New Sharepoint RCE zero day exploit MAY-2019
    https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/ https://www.thezdi.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability Over the past week, I started seeing attacks on Sharepoint servers using vulnerability CVE-2019-0604. The Zero Day Initiative has a great write up(1) on the exploit of the vulnerability. Initial detection of the exploit came from endpoint exploit detection. When reviewing the IIS logs, we saw a post to the Picker.aspx. This appears to be the most common entry point for this attack exploiting CVE-2019-0604. Initial Log — 2019-05-02 07:04:13 192.168.1.1 POST /_layouts/15/Picker.aspx – 443 – 121.147.96.8 python-requests/2.18.4 200 0 0 670 In the case of this attacker, they dropper a China Chopper payload on the server. China Chopper has been around for a long time. Crowdstrike did a great writeup(2) in 2015. The payload for this is just a one-liner that was echoed into the files via command line. The anomaly that endpoint detected was a cmd shell spawning by w3wp.exe process. ... read more
    Source: Latest Blog PostsPublished on Monday, May 20, 2019By harrywaldron
  • Windows Server 2019 updates with CIM
    Windows Server 2019 updates with CIM remain the same as all server versions post Windows Server 2016. This code will check for and install any updates. Micorosft Update or WSUS will be used depending on how your system is configured   $au = Invoke-CimMethod -Namespace root/microsoft/windows/windowsupdate -ClassName MSFT_WUOperations -MethodName ScanForUpdates -Arguments @{SearchCriteria=”IsInstalled=0″} $au.Updates if ($au.Updates.Length -gt 0) { Invoke-CimMethod -Namespace root/microsoft/windows/windowsupdate -ClassName MSFT_WUOperations -MethodName InstallUpdates -Arguments @{Updates = $au.Updates} } else { Write-Warning “No updates available” }   This code should work on Server 1709, 1803, 1809 and Windows Server 2019. It won’t work on Windows Server 2016 as the CIM classes were changed post Windows Server 2016 ... read more
    Source: Latest Blog PostsPublished on Sunday, May 19, 2019By richardsiddaway
  • WSL improvements
    Windows Subsystem for Linux – WSL improvements have been recently announced – https://devblogs.microsoft.com/commandline/   WSL 2 is on the way which will allow more Linux apps in WSL including Docker   A Linux kernel will ship with Windows especially tuned for WSL 2   WSL 2 will be much faster and have full system call compatibility.   A new console – now called a Terminal (more Linux terminology) will also become available for WSL, Windows Command prompt and most importantly PowerShell. It’ll feature multiple tabs   Windows Terminal will be shipped via the Windows Store  – do I really want to access an online Store for server software? ... read more
    Source: Latest Blog PostsPublished on Sunday, May 19, 2019By richardsiddaway
  • 20,000 Linksys routers leak historic records
    20,000 Linksys routers leak historic record of every device ever connectedMore than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices’ unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.“ ... read more
    Source: Latest Blog PostsPublished on Sunday, May 19, 2019By hankshelp
  • Security Mailer (2019 # 20)
    Security Mailer Volume 2019 Number 20 Adobe security updates Reader Flash Player Media Encoder Apple Security Updates including iOS Cisco Security Advisories Linux updates & patches Microsoft Tuesday security updates update revisions security advisories Office updates General Security review of last week ... read more
    Source: Latest Blog PostsPublished on Sunday, May 19, 2019By hankshelp
  • How to Check What Processor or CPU is in Windows PC
    A processor or central processing unit (CPU), is the electronic circuitry within a computer that carries out the instructions of a computer program by performing the basic arithmetic, logic, controlling, and input/output (I/O) operations specified by the instructions. A multi-core processor is a computer processor integrated circuit with two or more separate processing units, called cores (aka: physical cores), which each read and execute program instructions, as if the computer had several processors. Some CPUs can virtualize two cores for every one physical core that’s available, a technique known as Hyper-Threading (aka: logical processors). For example, if your CPU has 6 physical cores, it will show as having 12 logical processors with Hyper-Threading. The clock speed of a processor is the number of instructions it can process in any given second, measured in gigahertz (GHz). See also: Windows Processor Requirements | Microsoft Docs This tutorial will show you different ways to check what processor or CPU is in your Windows 7, Windows 8, and Windows 10 PC. Read more… ... read more
    Source: Latest Blog PostsPublished on Saturday, May 18, 2019By Brink
  • How to Check What Graphics Card or GPU is in Windows PC
    A Graphics Processing Unit (GPU) is a single-chip processor primarily used to manage and boost the performance of video and graphics. A graphics card (also called a display card, video card, display adapter, or graphics adapter) is an expansion card which generates a feed of output images to a display device (such as a computer monitor). Frequently, these are advertised as discrete or dedicated graphics cards, emphasizing the distinction between these and integrated graphics. At the core of both is the graphics processing unit (GPU), which is the main part that does the actual computations, but should not be confused as the video card as a whole, although “GPU” is often used to refer to video cards. This tutorial will show you different ways to check what graphics card or GPU is in your Windows 7, Windows 8, and Windows 10 PC. Read more… ... read more
    Source: Latest Blog PostsPublished on Saturday, May 18, 2019By Brink
  • Security – MAY-2019 Windows RDP vulnerability US CERT
    US CERT resources are shared below as there are concerns, this new vulnerability could turn into an internet WORM — which could impact any exposed & vulnerable system randomly. https://www.us-cert.gov/ncas/current-activity/2019/05/16/Microsoft-Releases-Security-Updates-Address-Remote-Code-Execution https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems: In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008 Out-of-support systems: Windows 2003 and Windows XP A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates ... read more
    Source: Latest Blog PostsPublished on Friday, May 17, 2019By harrywaldron
  • IT Professionals – Value of certifications MAY-2019
    When IT Pros invest in their continuing education, it is of value to both them & their employers. Some key advantages of professional designations are noted below https://www.eweek.com/it-management/top-five-reasons-to-earn-certificate It’s no secret that tech automation is poised to upend many traditional careers. The good news is that if you have the right technical background, your skills are in greater demand than ever. In fact, according to a recent survey by the Consumer Technology Association, 92% of employers reported that they’ll “need more employees with technical skills.” Many of these jobs will require adeptness in relatively new fields such as artificial intelligence, machine learning and data science. If you don’t already have experience in one of these burgeoning areas, how do you get it? Should you take off a couple of years from work and go to graduate school? Or, does it make more sense to seek out an employer that’s willing to teach you? 1. Rapid change requires constant updating of your skills.2. A certificate program helps you earn targeted skills in less time and for less money than a degree.3. Professional certificate programs are designed to meet employer expectations 4. Programs can offer a boost to your professional network5. Career ... read more
    Source: Latest Blog PostsPublished on Friday, May 17, 2019By harrywaldron
  • Windows 10 1809 – Component of MAY 2019 security may install 2X
      KB4494441 for Windows 10 version 1809 may install twice to provide new speculative side-channel protection for the most recent Patch Tuesday update as shared below.  So far, this appears not to cause any Windows integrity issues, other than additional processing time: https://www.ghacks.net/2019/05/16/kb4494441-for-windows-10-version-1809-may-install-twice/ https://support.microsoft.com/en-us/help/4494441/windows-10-update-kb4494441 Reports are coming in that this week’s security update for Windows 10 version 1809, KB4494441, may install twice on devices running that particular version of Windows 10. Microsoft released KB4494441 for Windows 10 version 1809 on Tuesday as part of the company’s monthly patch day. The May 2019 update for Windows 10 version 1809 patched a critical security vulnerability in Windows 10, enabled protections against a new class of speculative side-channel vulnerabilities, and enabled Retpoline to optimize protections against the Spectra 2 Variant. ... read more
    Source: Latest Blog PostsPublished on Friday, May 17, 2019By harrywaldron
  • How to See if Disk Type is SSD or HDD in Windows 10
    You can easily check to see if the disk type for your drives are SSD or HDD in Windows 10 without having to physically look at them or use 3rd party software. A HDD (hard disk drive) is an electro-mechanical data storage device that uses magnetic storage to store and retrieve digital information using one or more rigid rapidly rotating disks (platters) coated with magnetic material. The platters are paired with magnetic heads, usually arranged on a moving actuator arm, which read and write data to the platter surfaces. Data is accessed in a random-access manner, meaning that individual blocks of data can be stored or retrieved in any order and not only sequentially. HDDs are a type of non-volatile storage, retaining stored data even when powered off. A SSD (solid state drive), is a solid-state storage device that uses integrated circuit assemblies as memory to store data persistently. It is also sometimes called a solid-state device or a solid-state disk, although SSDs do not have physical disks. SSDs can use traditional hard disk drive (HDD) interfaces and form factors, or newer interfaces and form factors that exploit specific advantages of the flash memory in SSDs. Traditional interfaces (e.g., SATA ... read more
    Source: Latest Blog PostsPublished on Thursday, May 16, 2019By Brink
  • Windows Security – How to disable RDP to prevent malware attacks
    The “Patch Tuesday” April 2019 Windows Security release contains an RDP vulnerability that has a potential to become a dangerous WORM that could attack randomly & infect non-patched machines with these services running.  Even better is to disable RDP to prevent malware attacks as techniques from XP to WIN10 are shared in links below https://www.lifewire.com/disable-remote-access-in-windows-xp-2487711 https://www.lifewire.com/disable-windows-remote-desktop-153337 Why would you want to disable remote assistance or desktop? Simple, because either could be used or exploited by an attacker to gain remote access to your system, allowing them to run programs on your computer or use your computer to distribute spam or attack other computers. Remote Assistance and Remote Desktop can be very useful when you need them. But, most of the time you don’t. In the meantime, if an attacker somehow finds a way in, or if an attack is created to exploit a vulnerability in the Remote Assistance or Remote Desktop services, your computer is just sitting and waiting to be attacked. ... read more
    Source: Latest Blog PostsPublished on Thursday, May 16, 2019By harrywaldron
  • Sarbanes-Oxley forums – improved new resource MAY-2019
    Having designed SOX controls in past, a long-term resource has been re-launched in MAY 2019 to include stronger passwords & spam controls. http://www.sarbanes-oxley-forum.com Some key topic areas include: General Sarbanes Oxley DiscussionSarbanes-Oxley: IT IssuesOther Legislation & IssuesOverseas Impact of Sarbanes-OxleySarbanes-Oxley: Audit Issues ... read more
    Source: Latest Blog PostsPublished on Thursday, May 16, 2019By harrywaldron
  • Windows XP and 2003 Server – RDP security out-of-band patch
    While Windows XP and 2003 Server are officially unsupported products, the dangers of an RDP based worm exploit being developed are probable. Microsoft has developed a special standalone patch that users can pre-install now (or disabling RDP services mitigates threat also) https://www.pcmag.com/news/368371/microsoft-patch-old-windows-systems-or-risk-computer-worm Microsoft is trying to prevent the outbreak of a computer worm by urging those running older Windows systems to patch their machines. Redmond has discovered a serious flaw in Windows 7, Windows XP, and Windows Server 2003 and 2008 systems, which can be exploited to create malware capable of automatically spreading from one vulnerable machine to another. “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Microsoft said. The vulnerability deals with the Remote Desktop Services function in Windows, which can allow a user to take control of the machine over a network. Enterprises often choose to activate the feature on PCs and servers as a way to control them remotely. Normally, the access requires a correct username and password. However, Microsoft discovered that an “unauthenticated attacker” can install malware on a Windows machine through the Remote Desktop ... read more
    Source: Latest Blog PostsPublished on Thursday, May 16, 2019By harrywaldron
  • Facebook WhatsApp – Critical spyware security hole fixed
    WhatsApp users should immediately update to latest version of this popular software connectivity tool https://www.pcmag.com/news/368338/this-whatsapp-flaw-helped-send-spyware-with-a-voice-call https://www.us-cert.gov/ncas/current-activity/2019/05/14/Facebook-Releases-Security-Advisory-WhatsApp WhatsApp had a scary flaw that secretly sent spyware to smartphones simply by calling the victim. On Monday, the Facebook-owned messaging service disclosed the vulnerability, which affects iOS and Android, after it was used to attack a number of victims, a WhatsApp spokesperson told PCMag. “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date,” the spokesperson said in an email. According to WhatsApp, the attacks have all the hallmarks of a private company that works with governments to deliver spyware to mobile phones. Although it refrained from naming the company, WhatsApp is probably referring to NSO Group, an Israeli technology firm notorious for developing a spyware program known as Pegasus, which has targeted human rights activists, politicians, and journalists. The WhatsApp vulnerability allegedly allowed NSO Group to send spyware to the victims even when didn’t answer a voice call on the app, according to The Financial Times, which was first to report the news. US-CERT: Facebook has released ... read more
    Source: Latest Blog PostsPublished on Thursday, May 16, 2019By harrywaldron
  • How to Change Minimize Narrator Home to Taskbar or System Tray in Windows 10
    Narrator is a screen-reading app built into Windows 10. Starting with Windows 10 build 18298, Narrator Home replaced Narrator QuickStart. Every time you turn on Narrator, you will be taken to Narrator Home by default, which gives you one place where you can access everything you need for Narrator—whether you want to change your settings or learn Narrator basics with QuickStart. If you turn off show Narrator Home when Narrator starts, then Narrator Home will be minimized by default when Narrator starts. Narrator Home will minimize to the system tray by default, but you can select to minimize Narrator Home to either the taskbar or system tray (notification area) by default for what you want. This tutorial will show you how to change Narrator Home to minimize to the taskbar or system tray (notification area) by default for your account in Windows 10. Read more… ... read more
    Source: Latest Blog PostsPublished on Wednesday, May 15, 2019By Brink
  • Microsoft Security Updates – MAY 2019
    Below are key resources documenting this recent monthly Microsoft Patch Tuesday release https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/ https://blog.talosintelligence.com/2019/05/MS-Patch-Tuesday-May-2019.html https://patchtuesdaydashboard.com/ https://portal.msrc.microsoft.com/en-us/security-guidance/summary Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical,” 55 that are considered “important” and one “moderate.” This release also includes two critical advisories: one covering Microsoft Live accounts and another addressing updates to Adobe Flash Player. This month’s security update covers security issues in a variety of Microsoft’s products, including the Scripting Engine, the Microsoft Edge web browser and GDI+. For more on our coverage of these bugs, check out the Snort blog post here, covering all of the new rules we have for this release. UPDATE: Today’s Patch Tuesday also addresses the new CPU side-channel attack published today known as Zombieload [1] (ADV190013). As Meltdown, Spectre, and Foreshadow the new flaw may allow an attacker to steal sensitive data and keys being processed by the CPU. To fix the issue you must apply OS updates provided by Microsoft today (not available for all versions yet) and firmware microcode from device OEMs. The details for this advisory are available at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013 ... read more
    Source: Latest Blog PostsPublished on Wednesday, May 15, 2019By harrywaldron
  • ZombieLoad – New Side CPU channel vulnerability
    ZombieLoad is a new side CPU channel vulnerability which can be used by hackers to disclose sensitive data.  Users should patch promptly for this new POC attack.  As shared below, Microsoft just included this protection in the May 2019 Patch Tuesday security updates. https://zombieloadattack.com/ Watch out! Your processor resurrects your private browsing-history and other sensitive data. After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud. Make sure to get the latest updates for your operating system! ZombieLoad in Action In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the privacy-protecting Tor browser in a virtual machine. Microsoft May 2019 Patch Tuesday – ZombieLoad protection ... read more
    Source: Latest Blog PostsPublished on Wednesday, May 15, 2019By harrywaldron
  • Adobe Security Bulletins Posted
    Adobe Security Bulletins PostedAdobe has published security bulletins for Adobe Acrobat and Reader , Adobe Flash Player and Adobe Media Encoder. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.” ... read more
    Source: Latest Blog PostsPublished on Wednesday, May 15, 2019By hankshelp
  • If you use WhasApp, be sure to read this!
    WhatsApp vulnerability exploited to infect phones with Israeli spyware “Attackers have been exploiting a vulnerability in WhatsApp that allowed them to infect phones with advanced spyware made by Israeli developer NSO Group, the Financial Times reported on Monday, citing the company and a spyware technology dealer.” “WhatsApp said the fix on Friday was made to the company’s servers and was aimed at preventing attacks from working. The company released a patch for end users on Monday. “ ... read more
    Source: Latest Blog PostsPublished on Wednesday, May 15, 2019By hankshelp
  • How to Choose Where to Keep Text Cursor while using Magnifier in Windows 10
    Magnifier is a tool that enlarges part—or all—of your screen so you can see words and images better. It comes with a few different settings, so use it the way that suits you best. Starting with Windows 10 build 18894, Windows Magnifier has a new ability to keep the text cursor in the center of the screen making it easier and smoother to type. Centered on the screen is on by default and can be changed in the Magnifier settings. You can now choose to keep the text cursor centered on the screen or within the edges of the screen while using Magnifier in full screen view. This tutorial will show you how to choose where to keep the text cursor while using Magnifier in full screen view for your account in Windows 10. Read more… ... read more
    Source: Latest Blog PostsPublished on Tuesday, May 14, 2019By Brink
  • US-CERT Notice: Office 365 Security Observations
    AR19-133A: Microsoft Office 365 Security Observations If you subscribed to Office 365, especially if it was prior  to 2019, you should read this for some very good information. “This Analysis Report provides information on these risks as well as on cloud services configuration vulnerabilities; this report also includes recommendations for mitigating these risks and vulnerabilities.“ ... read more
    Source: Latest Blog PostsPublished on Tuesday, May 14, 2019By hankshelp
  • Make your SharePoint farm aware of pending patches to apply
    Good day, I will leave this little but wonderful trick here in my blog. Whenever you experience the following message while applying patches in SharePoint by running the following command: PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures And then error happens telling you: The applicationcontent command is invalid or a failure has been ncountered. The server farm will not work with missing installs. Add “-cmd installcheck -noinstallcheck” to the command-line to ignore this warning. Please make sure to run the following PowerShell command on each server in the farm, before running the PSConfig command again: Get-SPProduct -local This way your farm will be truly aware of the patches are pending to apply   ... read more
    Source: Latest Blog PostsPublished on Sunday, May 12, 2019By Haaron Gonzalez
  • How to Add and Remove Speech Voices in Windows 10
    In Windows 10, you can add and remove voice packages for a language for your device and apps. For example, text-to-speech (TTS) voices for Narrator. Starting in Windows 10 build 18309, you can download additional voices in other languages without having to download language packs. See also: Appendix A: Supported languages and voices | Windows Support This tutorial will show you how to add and remove voice packages for a text-to-speech (TTS) language for all users in Windows 10. Read more… ... read more
    Source: Latest Blog PostsPublished on Sunday, May 12, 2019By Brink

Windows 10 users (16299.334 and higher) – Get the latest articles from MSMVPs.com bloggers with our Progressive Web App.

Available in the Windows Store

https://www.microsoft.com/en-us/store/p/msmvps/9pj5grdshnz1?rtc=1 – Pin to your Start menu and/or Taskbar.

Questions? Contact Susan at Susan-at-msmvps.com or Barb-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.


Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com . We wouldn't be here without the generosity of Vlad Mazek and his companies.