Windows

Microsoft’s Windows 10 Patch Again Tuesday Brings New GPO Setting

Microsoft today has rolled out new updates for Windows 10 versions 1803, 1709, 1703, and 1607. Among the slew of fixes included in the updates, Microsoft has also developed a new Group Policy setting that should help customers with PCs that have difficulty with network connections. New setting… Adds a new Group Policy setting called “Enable Windows to soft-disconnect a computer from a network”. This determines how Windows will disconnect a computer from a network when it determines that the computer should no longer be connected to the network. If enabled, Windows will soft-disconnect (disconnection is not immediate or abrupt) a computer from a network. If disabled, Windows disconnects a computer from a network immediately. If not configured, the default behavior is soft-disconnect. ...

Tip: Roll Your Own Windows 10 Toast Notifications for Upgrades and Reboots

Martin Bengtsson has put together a cool script that you can use to develop your own toast notifications to warn users about available upgrades or PC reboots. The Windows 10 Toast Notification Script enables you to create nice and nifty toast notifications for the logged on user in Windows 10. This can be done with Configuration Manager or with Group Policy Preferences and Scheduled Tasks (and probably other means too). Download: Windows 10 Toast Notification Script Configuration and usage information: Windows 10 Toast Notification Script

Microsoft Clarifies the Delivery Date for Its Upcoming Auto-uninstall Feature for Bad Updates

Microsoft’s bad updates abound and apparently, the company is giving up trying to fix the updates itself. There’s just too many variables and PC variances to ensure that a single update will be successful for every configuration. So, to give the company time to resolve issues introduced by supposedly “bad” updates, a new strategy is being introduced. Announced through a KB article recently, updates will have the ability to uninstall (or rollback) themselves when problems are found. At the time of the KB article release, though, there’s was no further information about when this feature would be available. Now there is. According to a recent edit on the KB article… This new feature is only available for Windows Insiders running Windows 10 Insider Preview,...

Tip: Using PowerShell to Perform Offline Servicing to a Windows Operating System Image

OSDBuilder is a PowerShell module capable of performing offline servicing for Windows images. OSDBuilder is the product of David Segura, a self-described Windows Offline Servicing and Customization Expert.  Details including documentation and guidance are available from the same website as the download: OSBuilder Home OSBuilder is a PowerShell module to help you perform Offline Servicing to a Windows Operating System Image. By using an Offline method of configuring an Operating System, it can then be imported in MDT or SCCM and used like any other OS Deployment. This includes being able to use in an Upgrade Task Sequence, which you cannot do with a Captured Image. The main difference between OSBuilder and other scripted methods for Servicing a Windows Image Offline is that OSBuilder create...

With a Serious Exploit Being Actively Targeted Against Windows 7, Google Pushes Windows 10 Upgrades

Google recently patched a zero-day flaw in its Chrome web browser, but a second one that affects Windows 7 is still being actively exploited. Google relayed the information about the vulnerability to Microsoft, and the Windows company has responded directly to Google that a fix is in the works. Of course, there’s no timeline given, so Windows 7 users are vulnerable. Based on the vulnerability that only affects Windows 7, Google is providing this guidance: As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows and to apply Windows patches from Microsoft when they become available. We will update this post when they are available. Details: Disclosing vulnerabilities to protect users across platform...

Workplace Join for non-Windows 10 Computers

Microsoft has provided an installation tool for non-Windows 10 computers to enjoy self-service registration on the corporate domain. The tool is distributed through an .MSI file and is available for download: Microsoft Workplace Join for non-Windows 10 computers The tool allows you to register non-Windows 10 computers for Workplace Join and supports the following non-Windows 10 systems: Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

February Cumulative Update for Windows 7 Makes it Difficult to Troubleshoot NIC Problems

With the rollout of Microsoft’s monthly updates for Windows 7, a new bug has been introduced that could make troubleshooting network problems more difficult. After installing this update, the Event Viewer may not show some event descriptions for network interface cards (NIC). Microsoft doesn’t go any further in describing exactly what event descriptions are forfeit but does promise a resolution to the issue sometime in March 2019.

Mid-February Slated for Microsoft to Fix Virtual Machines for Windows 7

As has often been the case, Microsoft has introduced a new gotcha this month in the cumulative update for Windows 7. After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).” This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures. Microsoft is aware of the issue and has set mid-February as a tentative time to see a fix. Stay close, we’ll keep a watchful eye out and let you know when the fix is available.

February 2019 .NET Update Contains Security Fixes for Domain Spoofing and Remote Code Execution

Many customers try hard not to have to update the .NET code for Windows. These days, some consider every Windows update as a potential timebomb, but the .NET updates have a long history of being a difficult problem child. Microsoft delivered .NET updates for February 2019 and these updates come with some fixes that may cause some to do a double-take. These may warrant some heightened attention. Here is what’s up… CVE-2019-0613 – Remote Code Execution Vulnerability This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of a file. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on by using administrative user rights,...

Microsoft Officially Ends Support for Windows 10 Mobile in 2019

Microsoft has now posted an FAQ so customers can get more information about a recent decision. According to the FAQ: As of December 10, 2019, Windows 10 Mobile users are no longer eligible to receive new security updates, non-security hotfixes, free assisted support options, or online technical content updates from Microsoft for free. Third parties or paid support programs may provide ongoing support, but it is important to recognize that Microsoft support will not publicly provide updates or patches for Windows 10 Mobile. Only device models that are eligible for Windows 10 Mobile, version 1709 are supported through the end date. For Lumia 640 and 640 XL phone models, Window 10 Mobile version 1703 was the last supported OS version and will reach end of support on June 11th, 2019. 

CVE-2019-0543 Changes How Windows PowerShell and PowerShell Core 6 WinRM Based Remoting Works

If you’re attempting to do loopback remoting for Windows PowerShell or PowerShell Core 6 after applying January security updates, you may have run into problems. Per Microsoft… The breaking change is not in PowerShell but in a system security fix that restricts process creation between Windows sessions. This fix is preventing WinRM (which PowerShell uses as a remoting transport and host) from successfully creating the remote session host, for this particular scenario. There are no plans to update WinRM. Further… The breaking change only affects local loopback remoting, which is a PowerShell remote connection made back to the same machine, while using non-Administrator credentials. Details and workaround: Windows Security change affecting PowerShell

Microsoft Delivers Out-of-Band Security Update for Internet Explorer

Microsoft has identified a vulnerability in Internet Explorer and is delivering an update today to close a remote code execution hole. CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or de...