• MS 2021 wrap up with 64 patches

    From August Abolins@1:396/45.29 to All on Saturday, March 05, 2022 20:37:00
    Microsoft wraps up 2021 with 64 patched vulnerabilities-
    including Windows 7 fixes

    https://news.sophos.com/en-us/2021/12/14/microsoft-wraps-up- 2021-with-64-patched-vulnerabilities-including-windows-7-fixes/

    I found this comment somewhat amusing yet disconcerting:

    "fixes apply to versions of Windows stretching the way back to
    the end-of-life'd Windows 7. In fact, there are 17 bugs being
    patched in Windows 7 this month"

    WRT Win7, "vulnerability in Windows' Encrypted File System
    (EFS) that also extends back to Windows 7 (CVE-2021-43217)-one
    that can be triggered regardless of whether or not EFS is in
    use on the targeted system. A specially-crafted attack could
    result in a buffer overflow write to memory that could result
    in unauthenticated code being executed by triggering EFS. This
    bug has been publicly disclosed, making it an urgent fix."

    The EFS exploit sounds a bit worrisome since "the problem" can
    be triggered even when EFS is not even in use. I *was*
    thinking of trying it a while back though.

    --
    ../|ug

    --- OpenXP 5.0.51
    * Origin: (1:396/45.29)
  • From Sean Dennis@1:18/200 to August Abolins on Monday, March 07, 2022 20:40:55
    August Abolins wrote to All <=-

    The EFS exploit sounds a bit worrisome since "the problem" can
    be triggered even when EFS is not even in use. I *was*
    thinking of trying it a while back though.

    Remember that Windows includes a way to delibrately crash it[1]. That makes
    me a little concerned. <G>

    -- Sean

    1 = https://tinyurl.com/ya4cgqld (docs.microsoft.com)

    ... WinErr 010: Reserved for future mistakes by our developers.
    --- MultiMail/Linux
    * Origin: Outpost BBS * Johnson City, TN (1:18/200)
  • From August Abolins@2:221/1.58 to Sean Dennis on Monday, March 07, 2022 21:39:00
    The EFS exploit sounds a bit worrisome since "the problem" can
    be triggered even when EFS is not even in use. I *was*
    thinking of trying it a while back though.

    Remember that Windows includes a way to delibrately crash it[1]. That makes me a little concerned. <G>

    1 = https://tinyurl.com/ya4cgqld (docs.microsoft.com)


    WHY would anyone need to implement a way to force a crash like
    that?

    "After this is completed, the keyboard crash can be initiated
    by using the following hotkey sequence: Hold down the rightmost
    CTRL key, and press the SCROLL LOCK key twice."

    OMG.

    I have to wonder what other keys (hold down key x and tap key y
    n times) ..they might have wasted time implementing.

    EFS intriqued me. I always thought it would be handy to have at
    least one live-encryted folder or something. But it doesn't
    sound prudent to play with it now.

    --
    ../|ug

    --- OpenXP 5.0.51
    * Origin: (2:221/1.58)
  • From Sean Dennis@1:18/200 to August Abolins on Tuesday, March 08, 2022 21:07:25
    Hello August,

    07 Mar 22 21:39, you wrote to me:

    I have to wonder what other keys (hold down key x and tap key y
    n times) ..they might have wasted time implementing.

    You know that Control-Alt-Delete was never meant to be part of the original IBM PC? It "escaped" the lab.

    I read an article interviewing the engineer that developed that at IBM. He said that it was deliberately awkward so it couldn't be performed accidentally.

    EFS intriqued me. I always thought it would be handy to have at
    least one live-encryted folder or something. But it doesn't
    sound prudent to play with it now.

    I'd use VeraCrypt and do the whole hard drive if you go encryption. My opinion, of course, but in my IT career, I found that to be a good solution (there's a Linux filesystem that can do that also).

    -- Sean

    ... You know you're getting old when the candles cost more than the cake.
    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Outpost BBS * Johnson City, TN (1:18/200)
  • From August Abolins@2:221/1.58 to Sean Dennis on Wednesday, March 09, 2022 08:16:00
    Hello Sean!

    ** On Tuesday 08.03.22 - 21:07, you wrote to me:

    You know that Control-Alt-Delete was never meant to be part of the original IBM PC? It "escaped" the lab.

    I don't recall the "escape" story. But, interesting.


    I read an article interviewing the engineer that developed that at IBM.
    He said that it was deliberately awkward so it couldn't be performed accidentally.

    Ctl-Alt-Del doesn't seem awkward to me. For the most part it's
    a two-hander, but achieved rather comfortably.

    What *is* awkward is the way for changing a simple default
    operation on a car radio: press and hold power button, turn
    ignition on, tap volume up twice, turn ignition off and on
    twice, press volume down three times.

    I'd use VeraCrypt and do the whole hard drive if you go encryption. My opinion, of course, but in my IT career, I found that to be a good solution (there's a Linux filesystem that can do that also).

    The Thinkpad T60 has HDD password feature, and a fingerprint
    scanner. I've been afraid to even try those incase the
    internal systems would fail.

    --
    ../|ug

    --- OpenXP 5.0.51
    * Origin: (2:221/1.58)
  • From Kurt Weiske@1:218/700 to August Abolins on Wednesday, March 09, 2022 08:19:00
    August Abolins wrote to Sean Dennis <=-

    Ctl-Alt-Del doesn't seem awkward to me. For the most part it's
    a two-hander, but achieved rather comfortably.

    In the mid 2000s, HP came out with a keyboard with a ctrl-alt-delete KEY.

    The Thinkpad T60 has HDD password feature, and a fingerprint
    scanner. I've been afraid to even try those incase the
    internal systems would fail.

    They worked well, and there's no way around them if you lose the password. I supported T43s, X60s and T60s with those features on remote workers and we turned everything on until we'd rolled out whole-disk encryption.


    ... Start where you are. Use what you have. Do what you can.
    --- MultiMail/DOS v0.52
    * Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/700)
  • From Rob Swindell@1:103/705 to Sean Dennis on Saturday, March 19, 2022 12:13:38
    Re: Re: MS 2021 wrap up with 64 patches
    By: Sean Dennis to August Abolins on Mon Mar 07 2022 08:40 pm

    August Abolins wrote to All <=-

    The EFS exploit sounds a bit worrisome since "the problem" can
    be triggered even when EFS is not even in use. I *was*
    thinking of trying it a while back though.

    Remember that Windows includes a way to delibrately crash it[1]. That makes me a little concerned. <G>

    A handy feature (that's not enabled by default) for driver and kernel developers.

    *nix's have similar kernel-mode debug capabilities.
    --
    digital man (rob)

    Breaking Bad quote #11:
    My apologies to the HR department: Grow tumescent with anticipation. - Hank Norco, CA WX: 67.4°F, 47.0% humidity, 3 mph WSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.15-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Sean Dennis@1:18/200 to Rob Swindell on Saturday, March 19, 2022 20:58:40
    Rob Swindell wrote to Sean Dennis <=-

    A handy feature (that's not enabled by default) for driver and kernel developers.

    I understand that. :) I was being facetious, however, with some of the poorly-written Windows drivers I've had to deal with, that crash capability seems only too easy to access even if it's not enabled by default. <G>

    *nix's have similar kernel-mode debug capabilities.

    The Magic SysRq keys are a way to do that if I remember right. My 29 year
    old Model M keyboard has the SysRq key on the Print Screen key...I once recovered from a kernel panic using the SysRq key but I do not remember now
    how to do it.

    -- Sean

    ... I sold my soul to the devil. He gave it back.
    --- MultiMail/Linux
    * Origin: Outpost BBS * Johnson City, TN (1:18/200)