CVE-2019-0543 Changes How Windows PowerShell and PowerShell Core 6 WinRM Based Remoting Works

If you’re attempting to do loopback remoting for Windows PowerShell or PowerShell Core 6 after applying January security updates, you may have run into problems.

Per Microsoft…

The breaking change is not in PowerShell but in a system security fix that restricts process creation between Windows sessions. This fix is preventing WinRM (which PowerShell uses as a remoting transport and host) from successfully creating the remote session host, for this particular scenario. There are no plans to update WinRM.


The breaking change only affects local loopback remoting, which is a PowerShell remote connection made back to the same machine, while using non-Administrator credentials.

Details and workaround: Windows Security change affecting PowerShell

Microsoft Windows Customers with Sennheiser Headphones Could be Subject to Attempts to Steal Personal Data

Microsoft today is warning against a found vulnerability where Sennheiser headphones software accidentally exposed valid digital certificates, giving the potential for the certificates to be spoofed.

Microsoft’s security advisory states that customers should get updated versions for the HeadSetup & HeadSetup Pro software from the Sennheiser website:

Full advisory: ADV180029 | Inadvertently Disclosed Digital Certificates Could Allow Spoofing


Microsoft Delivers Final Version of the Security Baseline for Windows 10 v1809 and Windows Server 2019

Microsoft has now finalized the security baseline for Windows 10 1809 and Windows Server 2019. The baseline is available in a downloadable .zip format.

Included in the download are GPOs, a PowerShell script for applying the GPOs to local policy, custom ADMX files for Group Policy settings, and a documentation spreadsheet.

Download: Windows-10-1809-Security-Baseline-FINAL

Details: Microsoft Security Guidance blog


Products Covered in Microsoft’s November 2018 Patch Tuesday

In addition to pushing out Windows 10 1809 again, Microsoft is delivering security updates for the following products…

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Core
  • Skype for Business
  • Azure App Service on Azure Stack
  • Team Foundation Server
  • Microsoft Dynamics 365 (on-premises) version 8


As always, stay close to myITforum to hear when issues are publicly reported.


Microsoft Issues Guidance for Reported Hardware Encryption Vulnerability

Reports of a new hardware encryption vulnerability have been circulating today. Microsoft is aware of the reports and is now providing mitigations.

Security Advisory: ADV180028 | Guidance for configuring BitLocker to enforce software encryption

To check the type of drive encryption being used (hardware or software):

  1. Run ‘manage-bde.exe -status’ from an elevated command prompt.
  2. If none of the drives listed report “Hardware Encryption” for the Encryption Method field, then this device is using software encryption and is not affected by vulnerabilities associated with self-encrypting drive encryption.


Malwarebytes Labs Launches Malware Protection for Chromebooks

The Chromebook march continues. As better hardware is delivered for Google’s lean operating system and Microsoft’s continuing Windows 10 issues continue to irk users, ChromeOS has become a very viable alternative – particularly with the cost of ChromeOS hardware sometimes weighing in a third of the cost.

As ChromeOS becomes more popular, vendors have begun porting long-standing Windows and Mac applications to the rising star. One of those, Malwarebytes, is now available.

ChromeOS uses a sandboxing mechanism to protect users against security problems, but Malwarebytes seems to indicate it’s not enough:

Even though Chromebooks come with some built-in defense mechanisms like sandboxing and verified boot and recovery mode, they can still get infected. Malwarebytes for Chromebook does not slow down your lean, mean Chromebook machine. It does stand guard over your privacy and data security while protecting you against ransomware, adware, and other modern-day malware.

Malwarebytes for Chromebook offers Chromebook users protection by blocking scams, protecting your privacy, and scanning for malware. It’s capable of detecting threats such as ransomware, potentially unwanted programs (PUPs), and adware. Your Chromebook is protected by design against the regular threats that face Windows and Mac users, but it is susceptible to the same threats as Android systems. And that is where Malwarebytes for Chromebook can help you.

Chromebook users can get it from the Google Play store: Malwarebytes Security: Virus Cleaner, Anti-Malware


Tip: Malicious Software Removal Tool Command-line Switches

Microsoft distributes the Malicious Software Removal Tool (MSRT) through Automatic Updates once a month. MSRT is designed to find and remove threats and it can reverse the changes made by these threats. MSRT is generally released monthly as part of Windows Update but it’s also available as a standalone tool.

32-bit and 64-bit versions downloads:  Malicious Software Removal Tool

The standalone tool is developed for those tasked with protecting the company’s computer assets and can be used through remote automation tools such as scripts or Configuration Manager. The tool can be configured to utilize command-line switches to alter how the tool runs.

Here are the available command-line switches:

/Q or /quiet =       Uses quiet mode. This option suppresses the user interface of the tool.
/? Displays a dialog box that lists the command-line switches.
/N Runs in detect-only mode. In this mode, malicious software will be reported to the user, but it will not be removed.
/F Forces an extended scan of the computer.
/F:Y =  Forces an extended scan of the computer and automatically cleans any infections that are found.

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Survey: IT Pros Want to Secure Endpoints Daily but Don’t Have the Time

If you work in IT today, you are walking on a razor’s edge trying to get security right. The Adaptiva 2018 Endpoint Security Survey can help you avoid missteps.

We polled over 300 IT professionals about Windows security in a business environment. Findings include:

  • Windows 10 deployments measured (past the half way point!)
  • Security hygiene tasks prioritized
  • Staffing shortages
  • The biggest help desk time sinks
  • So much more …


Windows 10 Deployments Pass the “50/50” Milestone

Adaptiva has been polling IT pros about their Windows 10 deployment plans and progress since the OS was released in 2015. Windows 10 is crucial for IT security. In fact, security is the top reason enterprises are moving to Windows 10—if you don’t count “we have to in order to keep getting support.”

For the first time, the majority (57%) of respondents reported that their organizations are running most of their computers on Windows 10. Note though that 14% are on the other end of the spectrum, running Windows 10 on a tenth or fewer of their systems.


Security Hygiene Is a Massive Job and Bigger Priority

Everyone in IT agrees it is important to regularly check systems’ health, performance and patching levels. Our new security survey asks just how important it is to run these checks, and how often they should be run.

  • A whopping 90% of respondents reported that maintaining current, compliant security configuration was very or extremely important.
  • The majority (53%) of IT pros surveyed said that every endpoint should be inspected daily or even hourly to determine if all software is up to date and the configuration complies with company security policy.
  • Plain old Windows OS health was the second-highest security hygiene priority at 44%. The only higher priority was—you guessed it—OS and application patching at 66%.


Staffing Struggles, Help Desk Pains, and Automation

Other highlights include:

  • Over half of respondents are stretched too thin to ensure proper security hygiene on all systems all the time.
  • Software break/fix is the biggest help desk time-eater.
  • A quarter of help desk tickets could be automated.


The Big Picture

Security will continue to be a vexing challenge for IT because it will never be “done.” The threatscape is always changing and growing. Keeping a company secure is an almost-impossible effort that touches every corner of IT, from infrastructure to endpoints to help desks and beyond.

If you’d like to dig into the details, you can download the full 2018 Enterprise Endpoint Security Survey.

Not having the time to secure the environment doesn’t have to be an excuse! – not if you have the opportunity to dedicate a small chunk of valuable time to figure out how to automate it.

Join us at IT/Dev Connections 2018 where we have an entire track dedicated to Security! There’s still time. IT/Dev Connections 2018 runs October 15 – 18, 2018 in Dallas, Texas.

Register today!

Microsoft Outed for Jet Database Engine Flaw Left Unpatched Since May

While Microsoft worked to address some issues with its Jet Database Engine in September, the company still has an exposed security problem.

Zero Day Initiative has now publicly revealed the flaw due to 120-day disclosure policy.

Microsoft is apparently now working on a fix, but systems are left unguarded until then. Zero Day Initiative has detailed the flaw and given recommendations on its blog:


According to the company, Microsoft has been aware of this bug since May.

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Microsoft Office Gets Its Own Antivirus

Because miscreants can sometimes evade OS antivirus protection through crafted Microsoft Office documents they get unsuspecting end users to accidentally click on, Microsoft is now beginning to integrate antimalware and antivirus services with Microsoft Office client applications.

As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior.

Details: Office VBA + AMSI: Parting the veil on malicious macros

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Incoming: Microsoft’s September Patch Tuesday Kicks Off

Microsoft is close to making the updates for this month available. Here’s the products that will be covered by security updates this month:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player
  • .NET Framework
  • Microsoft.Data.OData


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Microsoft Delivers the First Version of its Security Servicing Criteria for Windows

In June this year, Microsoft delivered a draft copy of its very first Security Servicing Criteria for Windows. This policy document was to serve as transparent evidence on how the company will work with security researchers and customers to display the criteria used for determining when reported vulnerability will be addressed through a security update.

After feedback and modifications, today, Microsoft has delivered the first version of the Security Servicing Criteria for Windows.

Full doc:  Security Servicing Criteria for Windows

And, as part of this release, Microsoft is also releasing the Microsoft Vulnerability Severity Classification for Windows document. That document is available for download from HERE.

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections