My previous post provided information ( primarily for home users) on how to turn off SMB1 to help avoid the bad guys who are out to cripple your Windows computer. Microsoft released some patches, and if you are totally up to date, you are protected. For Now. And to be honest, there are plenty of people out there with Windows 8/8.1 and older that are not up to date. It is unknown if future attack vectors will use SMB1 in a different manner to install malware/ransomware. Turning of SMB1 on your Windows computer closes the hole.
Most casual home users (who aren’t working in the tech or IT Pro industry) probably don’t know that there are consumer networking devices and programs that rely on SMB. And there are devices that are using SMB1 and you MAY have devices and products where the vendor has not updated to at least SMB2. These issues probably won’t impact casual home users, but I want to call them out.
If, after disabling SMB1, you find something that doesn’t work, it may well be a result of disabling SMB1. Before you enable it again, there are a few things to try, depending on the issue. Following are the three biggest “gotcha’s” – with my comments, suggestions, work around’s.
For the non technical computer users out there, this is a red alert. You many have heard of Wannacrypt. There’s a new variant out now. Even if you haven’t heard of this ransomware malware, please turn off SMB1 on your Windows computers. The following is for Windows 10 and Windows 8.1/8. It is very easy to do (note – click or tap on an image to show larger version):
1. Type the words control panel in the Cortana/Search box lower left. Control Panel will appear at the top. Double click to select it.
I’ve been using Microsoft’s Authenticator App because not only does it support Azure Authentication (Office 365) but because it supports my Microsoft Account, Google account, and anyplace else that supports the OTP standard. Any site or service that supports RFC6238 is supported by MS Authenticator and I can scan a QR code (and in some cases enter a Secret Key instead of a QR code) to “provision” an account.
As my list of 2FA/multi factor authentication enabled assets grows, I had been thinking a lot about what would happen if I upgraded my iPhone or had a hardware failure and needed to replace it. Even restoring a new phone from an iPhone backup does not restore the accounts to MS Authenticator (and the same is true of other 2FA apps, although several offer their own export/import or backup/restore functions). And, while I do get push notifications to approve or deny access on my Apple Watch from MS Authenticator for my Office 365 account and my Microsoft Account, for other sites and services, since Microsoft does not (yet) offer a full fledged Apple Watch App, I need my phone when prompted to enter a code.
The technical press (like Engadget https://www.engadget.com/2017/03/05/wd-my-cloud-security-exploits/) is publishing info about a vulnerability that impacts WD Networked devices that have cloud access enabled. That’s great, but they aren’t providing info for non technical users on how to check their settings and turn off this access is needed. So here is that information: (more…)
Microsoft is "suspending" emails (because of the Canadian SPAM law effective 7/1). I found these REALLY useful. I’m sure others did as well.
Notice to IT professionals:
As of July 1, 2014, due to changing governmental policies concerning
the issuance of automated electronic messaging, Microsoft is
suspending the use of email notifications that announce the
* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins
In lieu of email notifications, you can subscribe to one or more of
the RSS feeds described on the Security TechCenter website.
For more information, or to sign up for an RSS feed, visit the
Microsoft Technical Security Notifications webpage at
So then I looked at the page referenced above. My "quick and dirty" very basic ‘Security Notifications from Microsoft Feed Reader’ app is now available in the Windows Store. http://apps.microsoft.com/windows/app/security-notifications-from/f5459c09-6233-4100-bfe1-d198111fc30b
I hope that Microsoft reinstates the emails after they figure out how to exclude Canadian customers who don’t want to receive this important information.