Microsoft want to make our digital world safe for everyone by providing security that reflects, empowers and includes everyone. When Microsoft says security for all it really means all:
All organisations, big and small
All your data
All clouds (Azure, AWS, GCP etc)
All your people (wherever they are)
All your devices and platforms
All the risks you face
All the opportunities ahead
As always, there is an evolving threat landscape. Microsoft gather over 8 trillion security signals a day and have seen an increase in cybercrime, ransomware and nation state attacks. These have been led by attacks emanating from Russia, but also Iran, North Korea and China. Microsoft produced a Digital Defence Report in September 2020 that describes the current threat intelligence landscape and provides guidance and insights from experts, practitioners, and defenders at Microsoft.
Solorigate was an incredibly sophisticated nation state attack that targeted the SolarWinds Orion software. FireEye found it and asked Microsoft to help investigate. Using the 8 trillion signals they could find the traces/footprints and then could highlight it to customers. Microsoft don’t just sell security software or respond to threats, it is working to reduce digital crimes, disrupt botnets and nation state actors. You can read more about Microsoft’s analysis of Solorigate/NOBELIUM on its security blog.
Any Microsoft Windows operating system has services. These are little programs that run in the background of the OS to keep things ticking over. They’re really fundamental to servers as it means that programs can run in the background without any user being logged. In fact Windows servers are fine-tuned to give better performance to background services rather than any app running on the screen.
It’s always the best principle to log on with the least amount of privileges on any PC, i.e. you shouldn’t log on to a desktop or server with full admin rights. You should log on as a normal user and only elevate the programmes authority to admin level if absolutely necessary.
Some System Administrators may want an easy life and just let everything “run as admin” as it cuts back on a lot of problems, especially when using old software. Obviously this greatly widens the security attack vector, as any user who can gain access to the machine can do anything they want on it.
However, one of the issues of running as a standard user is that you are not allowed to stop or start Windows services. That is by design, you wouldn’t really want a non-admin to stop a critical service. The problem is when you have a Service Account running (as good practice dictates) as a lowly user. To get around this you can give the Service Account permission to do whatever you want to a particular service you want. Unfortunately, this is a bit more convoluted than setting file permissions. This article will explain how to achieve this. It applies to all versions of Windows from Windows 2000 or newer. My screenshots are from the Windows 8 Developer Preview. Continue reading →
Windows Update (a.k.a. Microsoft Update) is normally pretty reliable in terms of keeping your computer up to date and secure. Unfortunately, there are times when an update crashes your PC (usually due to a conflicting OEM driver) or the update process just stops working. Since Windows Vista, Microsoft moved away from using the update.microsoft.com website and now has a dedicated app in the Control Panel. However, the underlying technologies are still the same. Even if you have the Windows Software Update Services (WSUS) server, controlling 100s or 1000s of computers in a corporate network, you are still going to come across the same kind of problems. You would hope that WSUS had some easy troubleshooting/rollback tools built in but unfortunately that is not the case.
I thought it would be a good idea to gather all the various methods and tools I use when troubleshooting Windows/Microsoft Update to help both Home and Enterprise users alike
Many a time I have been pained at the thought of going through another registration process just to see a quick bit of info. This site offers you usernames & passwords for dummy accounts on websites to let you log into a multitude of places. Bear in mind, these aren’t stolen credentials, they are just accounts that others have created and shared for anyone to use.
Simply type in the domain you are trying to access and you will get a list of usernames and passwords as well as success rates of whether they work or not. Be careful though, the password should be readable in plain text not **** or the common “click Yes to see password”. This is a way people are trying to mess with the voting system.
It seems to be getting more and more common that Adobe Reader (previously known as Acrobat Reader) is the target for phishing scams and malware. Today I got another email pretending to be from Adobe alerting me of new updates to Reader.
This can easily lure the reader into clicking before reading the message properly. There are a few thing that should ring alarm bells to someone who works with computers e.g.
Adobe only release updates from their own site not the one listed in the email
The new versions are called Adobe Reader X and Acrobat X not Acrobat 2011
It is sent from a newsletter that I haven’t subscribed to.
Read more to find tips and info on the real Adobe updates