Dr. Bill.TV #424 – Video – “The Meltdown Over Security Edition!”

ASUS Chromebook Flip, CES 2018, Nintendo Switch fastest-selling video game console, Meltdown and Spectre, Ajit Pai gets death threats, Apple confirms vulnerability, HP recall, GSotW: SpecuCheck, check if your AV blocks Microsoft patch, M$ breaks Cortana

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

SpecuCheck GitHub Site


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


Dr. Bill.TV #424 – Audio – “The Meltdown Over Security Edition!”

ASUS Chromebook Flip, CES 2018, Nintendo Switch fastest-selling video game console, Meltdown and Spectre, Ajit Pai gets death threats, Apple confirms vulnerability, HP recall, GSotW: SpecuCheck, check if your AV blocks Microsoft patch, M$ breaks Cortana

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

SpecuCheck GitHub Site


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download M4V Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


Unintended Consequences: Microsoft Breaks Cortana Feature

CortanaWhen you drop services, things can happen!

Microsoft’s Cortana isn’t able to identify songs anymore

Engadget – By: Swapna Krishna – “Microsoft didn’t have much luck in the digital music realm, from the Zune to its Groove Music service. At the end of 2017, the company switched all of its existing Groove users over to Spotify and shut Groove down. But now it turns out the move came with an unforeseen complication, as reported by Neowin. Cortana, Microsoft’s smart assistant, can no longer recognize individual songs.

Previously, users could use the song identification feature by pressing Cortana’s music icon while a song was playing. But now, because Cortana doesn’t have the Groove library to check songs against, it says ‘Song unrecognized’ and informs the user that the feature has been retired. Jason Deakins, a Microsoft software engineer, discussed the issue in response to a Twitter user.

It makes sense that the lack of a music library would make the song identification feature unusable, but Neowin points out that the popular song recognition app Shazam is not available on the Windows Store. This means that Windows users no longer have a tool to identify music. It’s certainly not a great situation for anyone who used this feature regularly.”

Does YOUR Antivirus Stop the Meltdown/Spectre Patch?

Check the chart at the link below:

Windows Meltdown-Spectre fix: How to check if your AV is blocking Microsoft patch

ZDNet – By: Liam Tung – “Antivirus firms are gradually adding support for Microsoft’s Windows patch for the Meltdown and Spectre attack methods that affect most modern CPUs.

As Microsoft warned this week, it’s not delivering its January 3 Windows security updates to customers if they’re running third-party antivirus, unless the AV is confirmed to be compatible with it.

Microsoft’s testing found some antivirus products were producing errors by making unsupported calls into Windows kernel memory, resulting in blue screen of death (BSOD) errors.

Third-party Windows antivirus products need to support Microsoft’s security update and set a Windows registry key for customers to receive the update via Windows Update.

See: 50 time-saving tips to speed your work in Microsoft Office (free PDF)

To make matters more confusing, only some antivirus vendors are actually doing both, while others require admins to set the registry key themselves, using Microsoft’s instructions. Additionally, some antivirus companies haven’t completed compatibility testing.

Microsoft hasn’t said which antivirus products are compatible beyond its own Windows Defender and Microsoft Security Essentials. However, security researcher Kevin Beaumont has created a public spreadsheet that may help IT admins prepare for installing Microsoft’s mitigations for the attack techniques that affect CPUs from Intel, AMD and Arm, albeit to differing degrees.

Trend Micro says its products Trend Micro OfficeScan, Worry-Free Business Security, and Deep Security are affected by Microsoft’s new requirement for vendors to verify compatibility with the patch. While the company has completed testing and confirmed compatibility, customers who rely on Windows Update currently need to set the registry key themselves.

It hasn’t completed compatibility testing for all its products yet because Microsoft released the patch earlier than expected, according to Trend Micro. The company had been targeting the expected Patch Tuesday on January 9 rather than January 3. As such, the company is currently working on setting the registry in its products.

Others that have confirmed compatibility but haven’t set the registry key in their products include CrowdStrike, Endgame, McAfee, and SentinalOne. Microsoft offers separate instructions for setting the registry key on Windows Server and Windows clients.

Antivirus firms that have confirmed compatibility and set the registry keys in their products include Avast, Avira, EMSI, ESET, F-Secure, Kaspersky, and Malwarebytes.

Symantec is also in this second group but some customers have reported that the Symantec Endpoint Protection (SEP) tray icon is reporting ‘multiple problems’ after applying Microsoft’s update and Symantec’s updated Erasure engine.

‘On January 4, 2018, Symantec released an updated Eraser engine to ensure compatibility with the Microsoft out-of-band update that had been released the previous day. While this engine update resolves the compatibility issues it was meant to address, some environments have reported issues with the SEP system tray icon after applying both updates,’ Symantec says in a support note.

Applying operating system updates and dealing with antivirus compatibility issues are only half the solution.

As Microsoft noted previously, mitigating Meltdown and Spectre also requires installing firmware updates from hardware vendors.

While the operating system updates address Meltdown, Spectre fixes rely on firmware updates from hardware vendors that implement microcode fixes from chip vendors. In Intel’s case, its microcode update introduces its Indirect Branch Prediction Side Channel Analysis Method.

Microsoft has released this firmware in the form of UEFI updates for the Surface Pro 3, Surface Pro 4, Surface Book, Surface Studio, Surface Pro Model 1796, Surface Laptop, Surface Pro with LTE Advanced, and Surface Book 2.

‘The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center,’ says Microsoft.

Google has devised its own software alternative mitigation for the microcode fix using a technique called Retpoline. This addresses one of two Spectre attacks known as ‘branch target injection’.”

Geek Software of the Week: SpecuCheck!

CheckAre your systems properly patched?

SpecuCheck GitHub Site

“SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre). It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and reports the data as seen by the Windows Kernel.

An official Microsoft Powershell Cmdlet Module now exists as well, which is the recommended and supported way to get this information.

On January 3rd 2018, Intel, AMD and ARM Holdings, as well as a number of OS Vendors reported a series of vulnerabilities that were discovered by Google Project Zero:

Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)

Microsoft released patches for Windows 7 SP1 and higher later that same day. These patches, depending on architecture, OS version, boot settings and a number of hardware-related properties, apply a number of software and hardware mitigations against these issues. The enablement state of these mitigations, their availability, and configuration is stored by the Windows kernel in a number of global variables, and exposed to user-mode callers through an undocumented system call.

SpecuCheck takes advantage of this system call in order to confirm if a system has indeed been patched (non-patched systems will fail the call) and what the status of the mitigations are, which can be used to determine potential performance pitfalls.

Motivation
There was originally a lot of noise, hype, and marketing around thie issue, and not a lot of documentation on how to see if you were affected, and at what performance overhead. SpecuCheck aimed to make that data easily accessible by users and IT departments, to avoid having to use a Windows debugger or reverse engineer the API themselves.

Since then, Microsoft has done great work to expose that data from the kernel-mode in a concise matter, which succintly indicates the kernel’s support and usage of the various mitigating technologies and hardware features, and released a PowerShell CmdLet Module to retrieve that data. SpecuCheck therefore remains only as a research tool and is not recommended — please use the Microsoft-approved PowerShell Module instead.

Installation on Windows
To run SpecuCheck, simply execute it on the command-line:

c:\SpecuCheck.exe

Which will result in an informational screen indicating which features/mitigations are enabled. If you see the text:

Your system either does not have the appropriate patch, or it may not support the information class required

This indicates that your system is not currently patched to mitigate against these vulnerabilities.

References
If you would like to know more about my research or work, I invite you check out my blog at https://www.alex-ionescu.com as well as my training & consulting company, Winsider Seminars & Solutions Inc., at https://www.windows-internals.com.

You should also definitely read the incredibly informative Project Zero Post.

Finally, for additional information on the appropriate and required Windows patches, please read the Microsoft Advisory.

Caveats
SpecuCheck relies on undocumented system calls and information classes which are subject to change. Additionally, SpecuCheck only returns the information that the Windows Kernel is storing about the state of the mitigations and hardware features — based on policy settings (registry, boot parameters) or other compatibility flags, the Windows Kernel’s state may not match the true hardware state. The goal of this tool is to give you a Windows-specific assessment, not a hardware assessment that is OS-agnostic.

SpecuCheck is only a research tool and is not recommended for general use — please use the Microsoft-approved PowerShell Module instead.”

HP Recalls Certain Notebook Batteries

HP has announced a recall of certain laptop batteries due to overheating issues. Batteries manufactured between December 2015 and December 2017 are affected. HP has released a statement concerning this issue saying:

“The quality and safety of all HP products is our top priority. We recently learned that batteries provided by one of our suppliers for certain notebook computers and mobile workstations present a potential safety concern. We are taking immediate action to address this issue including a voluntary recall and replacement of the batteries. This action pertains to 0.1% of the HP systems sold globally over the past two years. Customers can visit HP’s website to learn if thier batteries should be replaced. Impacted customers will have their batteries replaced free of charge and may continue safely using their device by placing the battery in safety mode and connecting to an external power source.”

Affected models of notebooks include HP ProBooks (64x G2 and G3 series, 65x G2 and G3 series), HPx360 310 G2, HP Envy m6, HP Pavilion x360, HP 11, HP ZBook (17 G3, 17 G4, and Studio G3) Mobile Workstations.

Apple Makes a Statement About Meltdown and Spectre

AppleApple confirmed yesterday that the Meltdown and Spectre vulnerabilities DO affect Mac OS and iOS as well as their Apple TV operating system. There are fixes coming in the near future to defend against this vulnerability, however, no official dates of been set for their release.

Again, it’s amazing how much time has gone by before vendors are acknowledging that there are security issues regarding these exploits! The key to security in the computing world is transparency of information. Don’t hide your issues, thinking that it will protect you from bad publicity. You’ll get much more respect from computer users if you’re open about the issue and actually show that you’re working to address it as quickly and efficiently as possible!

Again, I’ll let you know when announcements are made concerning the patches and release of the fix for both the Mac and PC worlds.

Ajit Pai Cancels CES Speech

Ajit PaiFCC chairman Ajit Pai has announced that he will not be speaking at CES 2018 as he was originally scheduled, due to death threats relating to his championing the repeal of rules regarding Net Neutrality. He and his family received death threats regarding this appearance, and there had been many prior to this event as well.

I am entirely sympathetic to the danger that he and his family are in, and certainly don’t blame him for changing his plans. This does, however, point out how many people have been energized, even in this extremely negative fashion, over the issue of Net Neutrality.

It is certainly my hope that Congress will address this with new laws that will ensure true Net Neutrality in the future. Large Internet providers, like Comcast, are already creating “fast lanes” for their services and charging people for them. This is exactly what was predicted would happen if the Net Neutrality rules were scaled-back.

Meltdown and Spectre Get Ugly!

Snarl!So the big security news this week was the Meltdown and Spectre attack methods that affect most modern CPUs. Since they affect the CPUs directly, this is independent of operating system.

Microsoft has released a patch on January 3, which was Wednesday, however they have announced that if you’re running a third-party antivirus that is not confirmed to be compatible with this patch, the patch will be blocked. Some antivirus products were creating unsupported calls in the Windows kernel memory which resulted in blue screens of death (BSODs) in Windows. Third-party antivirus producers are scrambling to release their own updates that will allow the Microsoft patch to work correctly without crashing the system. Unfortunately, the third-party antivirus producers not only need to support the security update; there also needs to be a Windows registry key update as well. To really mitigate this issue system administrators have to make this registry change themselves. This is really sloppy, time-consuming, and generally a hassle for system administrators! The various vendors, including Microsoft, need to address this very quickly!

My assumption is that this will be taken care of given enough time, but in the meantime we’re left in an environment with a fairly large hole in the security arena. Plus, Microsoft is not specifically announcing which third-party antivirus products do work correctly with their patch! Come on guys, transparency is best and a free flow of information in order to keep us safe on our systems!

There’s also going to be a patch for the Linux kernel that should be out fairly soon. I’ll try to stay on top of this and let you know what happens, when it happens.

Nintendo Switch is the Fastest-Selling Video Game Console

Nintendo SwitchYep, we got the GameMaster one. He loves it! He says Super Mario Odyssey is the best game ever on it!

Nintendo Switch is the fastest-selling video game console ever in the U.S.

TechCrunch – By: Darrell Etherington – “Nintendo has managed to sell so many of its Nintendo Switch console that it’s become not only its own fastest-selling console, but also the fastest selling in the U.S. ever, beating the record set by the Wii back during its launch. The Switch has sold over 4.8 million units in its first 10 months of availability, which beats out the Wii’s 4 million sold during the same initial window.

The success of the Switch probably isn’t surprising to anyone who owns one, or to those who’ve been following its rise. The console had a strong start thanks to flagship title The Legend of Zelda: Breath of the Wild, which has been purchased by over 55 percent of Switch console owners. Also, Nintendo revealed that Super Mario Odyssey is on over 55 percent of Switch consoles, and Mario Kart 8 Deluxe all has an ownership rate of more than 50 percent. Clearly, marquee first-party software is doing a lot to drive demand for Nintendo’s hybrid home/portable console.

Nintendo is looking good going into 2018 based on these numbers, and the overall performance of the Switch should quickly eclipse the lifetime sales of the Wii U, which never really struck a chord with consumers. The game lineup for the forthcoming year will be a big determining factor in terms of figuring out what kind of pace is maintained with continued console sales after the initial thrill of the Switch dies down a little.”

1 4 5 6 7