NCC April Microsoft: Customer and User Focused?
April 29, 2022
Bill Gates designed Microsoft to make personal computers more user friendly. While the Microsoft operating system is among the easiest to learn, unfortunately it is also the most hackable. Black hat bad actors adore Microsoft systems, especially when the company releases a new update. Bleeping Computer shares a problem with the newest Windows update: “Microsoft: Windows Domain Controller Restarts Caused By LSASS Crashes.”
The bug occurred in the Local Security Authority Subsystem Service (LSASS). The LSASS crashed, users lost access to their Windows accounts, shown an error message, then the system rebooted. The LSASS crash bug was one of many issues that a Microsoft patch fixed in January 2022:
“Microsoft addressed the LSASS crash issue in out-of-band updates released in mid-January 17 [1, 2] to fix numerous other critical bugs introduced during the January 2022 Patch Tuesday, including Hyper-V no longer starting, L2TP VPN connections failing, and ReFS volumes becoming inaccessible.”
Bad actors discover coding errors in Microsoft systems then exploit them. The bad actors detect many vulnerabilities during updates, then they quickly devise plans to take advantage of users. Threat Post explains a new hacker trick in, “Microsoft Accounts Targeted By Russian-Themed Credential Harvesting.” Russia has threatened cyber attacks with their current war plan, so it did not take long for bad actors to create spam campaigns. The spam email reads:
“Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account
Sign-in details
• Country/region: Russia/Moscow
• IP address:
• Date: Sat, 26 Feb 2022 02:31:23 +0100
• Platform: Kali Linux
• Browser: Firefox
A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.
Report the user
Thanks,
The Microsoft account team”
As with other spam, users are encouraged to click on a link and submit a response. If users respond to the link, they will most likely receive an email asking for login details and payment information.
My thought was that Windows Defender and other Microsoft security services would handle these types of issues. Guess not.
Whitney Grace, April 29, 2022
Microsoft: A Consistently Juicy Target
April 25, 2022
I am perched in Washington, DC, checking news flows. What did I spy this morning (April 24, 2022)? This article caught my eye: “Microsoft Exchange Servers Are Being Infected with Ransomware.” Is this a remembrance from times past? The story asserts as actual factual (but who knows anymore?):
In the attack the team studied, Hive commenced its assault via the exploitation of ProxyShell, a collection of Microsoft Exchange Server vulnerabilities (and critical ones at that) that provide a way for attackers to remotely execute code. Microsoft reportedly patched this problem in 2021.
The key phrase in this allegedly accurate write up is “Microsoft reported patched this problem in 2021.”
Several observations:
- Yo Windows Defender and the other Microsoft security systems, “What’s shaken’?”
- What’s with the “reportedly”? If the write up is accurate, the problem was fixed.
- How many thousands of bad actors are involved in this problem? Probably quite a few because this is CaaS, crime as a service.
Net net: Microsoft may be faced with security problems for which there is no reliable remediation. PR, however, is quite easy to deploy.
Stephen E Arnold, April 25, 2022
Has the Softie Been Winged by EU Antitrust Regulators?
April 25, 2022
I read “ Microsoft on EU Antitrust Regulators’ Radar after Cloud Practices Complaints by Rivals.” The big outfit in Redmond has been keeping a low profile, allowing Amazon, Apple, Facebook / Zuckbook, and Google take the glow in the dark paint ball pellets. Now the Softie has been splatted in acid green polyethylene glycol. Lookin’ good in spring colors I suppose.
The write up states:
Microsoft’s rivals and customers have been served a questionnaire with various queries by EU antitrust regulators seeking information about the company’s business and licensing deals. The latest action hints at a possible formal investigation into Microsoft’s cloud business that might take place down the line.
Paint balls can sting, but direct hits are fairly safe, just messy. Take two or three in one eye, and the target might stumble around looking for a safe haven.
What competitors are not happy with Microsoft’s approach to the cloud market? The write up names NextCloud and OVHcloud, and others may have shared their thoughts.
The next volley of shots may not be from paint ball guns. More lethal weapons might be flown over the customer centric folks in Redmond. Microsoft has coughed up money in the past, and it may have to bleed some cash to make the possible legal drones stop dropping grenades from the clouds.
Stephen E Arnold, April xx, 2022
Microsoft: Twice Cooked PR with Ban Mao?
April 18, 2022
Going green is important. Microsoft is important. Therefore, Microsoft is going green. How that logic for you, gentle reader. The editors at Fast Company followed this line of reasoning and enjoyed a sizzling plate of twice cooked PR with ban mao in “Microsoft’s Hottest New Product Is a Wok.” Yep, a wok for the woke maybe?
The write up states:
The wok is part of Microsoft’s brand new all-electric kitchen at its headquarters outside Seattle, where nearly 50,000 employees are based. The company is adding 3 million square feet of offices and facilities, and the entire project is being designed to be powered by a vast geothermal system and produce zero carbon emissions. A big part of getting there was eliminating fossil fuels from its energy portfolio. And one of the biggest users of fossil fuels were the company’s kitchens.
I wonder if Microsoft and Fast Company looked at the Microsoft Azure server farms and calculated what percentage of the energy these installations consumed and then answered this question: How much of the energy consumed is of the going green, whale saving variety?
No.
No surprise. I would like a century egg too. I wonder if Fast Company has ordered some Microsoft ads to accompany the article.
Stephen E Arnold, April 18, 2022
Google Hits Microsoft in the Nose: Alleges Security Issues
April 15, 2022
The Google wants to be the new Microsoft. Google wanted to be the big dog in social media. How did that turn out? Google wanted to diversify its revenue streams so that online advertising was not the main money gusher. How did that work out? Now there is a new dust up, and it will be more fun than watching the antics of coaches of Final Four teams. Go, Coach K!
The real news outfit NBC published “Attacking Rival, Google Says Microsoft’s Hold on Government Security Is a Problem.” The article presents as actual factual information:
Jeanette Manfra, director of risk and compliance for Google’s cloud services and a former top U.S. cybersecurity official, said Thursday that the government’s reliance on Microsoft — one of Google’s top business rivals — is an ongoing security threat. Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government’s reliance on Microsoft products is a cybersecurity vulnerability.
There you go. A monoculture is vulnerable to parasites and other predations. So what’s the fix? Replace the existing monoculture with another one.
That’s a Googley point of view from Google’s cloud services unit.
And there are data to back up this assertion, at least data that NBC finds actual factual; for instance:
Last year, researchers discovered 21 “zero-days” — an industry term for a critical vulnerability that a company doesn’t have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple.
I don’t want to be a person who dismisses the value of my Google mouse pad, but I would offer:
- How are the anti ad fraud mechanisms working?
- What’s the issue with YouTube creators’ allegations of algorithmic oddity?
- What’s the issue with malware in approved Google Play apps?
- Are the incidents reported by Firewall Times resolved?
Microsoft has been reasonably successful in selling to the US government. How would the US military operate without PowerPoint slide decks?
From my point of view, Google’s aggressive security questions could be directed at itself? Does Google do the know thyself thing? Not when it comes to money is my answer. My view is that none of the Big Tech outfits are significantly different from one another.
Stephen E Arnold, April 15, 2022
Windows System Flaw Exploited In Ransomware
April 15, 2022
Will your Windows 11 set up result in losing your data? That’s a rumor. We learned that there may be other risks in the Microsoft ecosystem as well.
Microsoft Windows is the most deployed operating system in the world. It is also the easiest operating system to learn and, unfortunately, exploit. Tech Radar explains how bad actors hack Windows systems in the article, “Windows And LinkedIn Flaws Used In Conti Ransomware Attacks, Google Warns.”
The Conti ransomware group Exotic Lily work as initial access brokers to hack organizations, steal their digital data, and ransom it back to the rightful owners or sell access to the highest bidder. What is interesting is ransomware groups usually outsource their initial access efforts before taking over the attack, then deploying the malware. Google’s Threat Analysis Group research Exotic Lily and was surprised by the amount of advanced tactics and the large amount of grunt work it does. The Threat Analysis Group discovered that Exotic Lily works in the following way:
“The group would use domain and identity spoofing to pose as a legitimate business, and send out phishing emails, usually faking a business proposal. They would also use publicly available Artificial Intelligence (AI) tools to generate authentic images of humans, to create fake LinkedIn accounts, which would help the campaign’s credibility. After initial contact has been made, the threat actor would upload malware to a public file-sharing service, such as WeTransfer, to avoid detection by antivirus programs, and increase the chances of delivery to the target endpoint. The malware, usually a weaponized document, exploits a zero-day in Microsoft’s MSHTML browser engine, tracked as CVE-2021-40444. The second-stage deployment usually carried the BazarLoader.”
The Threat Analysis Group believes Exotic Lily is an independent operator and works for the highest bidder. It has used ransomware attacks based on Conti, Wizard Spider, and Dial. Exotic Lily targets healthcare, cyber security, and IT organizations, however, it has been expanding its victim base.
But is Google overstating, do some marketing, or trying to help out valued users?
Whitney Grace, April 11, 2022
Teams Tracking: Are You Working at Triple Peak?
April 14, 2022
I installed a new version of Microsoft Office. I had to spend some time disabling the Microsoft Cloud, Outlook, and Teams, plus a number of other odds and ends. Who in my office uses Publisher? Sorry, not me. In fact, I knew only one client who used Publisher and that was years ago. We converted that lucky person to an easier to use and more stable product.
We have tried to participate in Teams meetings. Unfortunately the system crashes on my Mac Mini, my Intel workstation, and my AMD workstation. I know the problem is obviously the fault of Apple, Intel, and AMD, but it would be nice if the Teams software would allow me to participate in a meeting. The workaround in my office is to use Zoom. It plays nice with my machines, my mostly secure set up, and the clumsy finger of my 77 year old self.
I provide the context so that you will understand my reaction to “Microsoft Discovers Triple Peak Work Day for Its Remote Employees.” As you may know, Microsoft has been adding features to Teams since the pandemic lit a fire under what was once a software service reserved for financial meetings and some companies that wanted everyone no matter what to be in a digital face to face meeting. Those were super. I did some work for an early video conferencing player. I think it was called Databeam. Yep, perfect for kids who wanted to take a virtual class, not a presentation about the turbine problems at Lockheed Martin.
Microsoft’s featuritis has embraced surveillance. I won’t run down the tools available to an “administrator” with appropriate access to a Teams’ set up for a company. I want to highlight the fact that Microsoft shared with ExtremeTech some information I find fascinating; to wit:
… when employees were in the office, it found “knowledge workers” usually had two periods of peak productivity: before lunch and after lunch. However, with everyone working from home there’s now a third period: late at night, right before bedtime.
My workday has for years begun about 6 am. I chug along until lunch. I then chug along until dinner. Then I chug along until I go to sleep at 10 pm. I like to think that my peak times are from 6 am to 9 am, from 10 am to noon, from 1 30 pm to 3 pm, and from 330 to 6 pm. I have been working for more than 50 years, and I am happy to admit that I am an old fashioned Type A person. Obviously Microsoft does not have many people like me in its sample. The morning, as I recall from my Booz, Allen & Hamilton days, the productive in the morning crowd was a large cohort, thousands in fact. But not in the MSFT sample. These are lazy dogs its seems.
Let’s imagine your are a Type A manager. You have some employees who work from home or from a remote location like a client’s office in Transnistia which you may know as the Pridnestrovian Moldavian Republic. How do you know your remotes are working at their peak times? You monitor the wily creatures: Before lunch, after lunch, and before bed or maybe to a disco in downtown Tiraspol.
How does this finding connect with Teams? With everyone plugged in from morning to night, the Type A manager can look at meeting attendance, participation, side talks, and other detritus sucked up by Teams’ log files. Match up the work with the times. Check to see if there are three ringing bells for each employee. Bingo. Another HR metric to use to reward or marginalize a human personnel asset.
I will just use Zoom and forget about people who do not work when I do.
Stephen E Arnold, April 14, 2022
Microsoft Search: Getting Better and Better
March 30, 2022
In early versions of Windows operating systems, the search function stank worse than rotting garbage in summer. Since the initial Windows deploy, Microsoft has improved the search function and as technology advances there are still upgrades to be made says Make Use Of in: “Microsoft Is Making Windows 11’s Search Function Better Than Ever.” In a refreshing take on its past mistakes, Microsoft admits that its former search tools were not the best. When it comes to Windows 11, Microsoft revamped the search into a quality tool and does not plan to rest on its laurels.
One of the best upgrades with the newest Windows 11 patch is the that search will be streamlined between work/business accounts. The search function will locate items on all accounts. Microsoft is also adding lifestyle widgets to make the OS more entertaining, such as a “word of the day” and altering users to Microsoft Reward offerings. Search will also take the place of Facebook and inform users of important dates, such as birthdays, anniversaries, and holidays. Whenever Microsoft releases a new Windows version, they do their best to get users to adopt the new OS:
“When Microsoft releases a new operating system, it always faces the same challenge. Users and businesses are comfortable with their operating system of choice, and now the Redmond tech giant has to convince them to upgrade to the newer one. The best way to do that is to make an operating system that improves upon the old one’s formula. As such, Microsoft’s touch-ups to Windows 11’s Search tool may be an effort to convince people to leave Windows 10 behind and adopt the newer, shinier system.”
Microsoft has a poor track record when it comes to system upgrades. They have a pattern of every other OS being a bad. Windows users might want to stick with Windows 10 a little longer and wait until Windows 12. It would be nice if Microsoft also added database search options like specific date, file name, Boolean, etc.
Whitney Grace, March 30, 2022
Microsoft Help Files: Truly Helpful?
March 28, 2022
We are approaching April Fools’ Day. One company reliably provides a clever way to make me laugh. CHM? Do you know what the acronym means? No. It is a short hand way to say Compiled HTML Help file. CHH becomes CHM. Makes perfect sense to a Softie.
The tickled ribs result from bad actors using the CHM files to deliver malware. You can read the explanation and inspiration for bad actors in “Microsoft Help Files Disguise Vidar Malware.”
The write up states:
… the .ISO file contains a .CHM file named “pss10r.chm.” Towards the end of the file’s code is a snippet of HTML application (HTA) code containing JavaScript that covertly triggers a second file, “app.exe.” This is, in fact, Vidar malware. “One of the objects unpacked from the .CHM is the HTML file ‘PSSXMicrosoftSupportServices_HP05221271.htm’ — the primary object that gets loaded once the CHM pss10r.chm is opened,” according to the Trustwave writeup. “This HTML has a button object which automatically triggers the silent re-execution of the .CHM “pss10r.chm” with mshta.” Mshta is a Windows binary used for executing HTA files.
With the preliminaries out of the way the malware payload downloads, does some house cleaning, and phones home.
Microsoft, the go to solution for compromising security? Maybe. And what about Defender? What about the super smart cyber security systems from big name vendors. Yeah, how about those defenses?
Now we know there is one thing worse than the informational content of Microsoft help files.
Want to guess?
The Register reports that “Microsoft Azure developers targeted by 200 data stealing npm packages.” Not familiar with npm? NPM is a software registry and contains more than 750,000 code packages. Some open source developers use npm to share software. What if an npm code package has been modified so that malicious actions are included?
Yeah.
Stephen E Arnold, March 28, 2022
Google and Microsoft: Are Your Wizards Really Innovating Again?
March 23, 2022
I scanned my headlines this morning and noted two different companies which have revealed their latest innovations. These are big outfits, and one expects each company to come up with big plays. Little plays won’t move the revenue needle, and money is important to these estimable enterprises.
What’s Google’s most recent innovation? I think it is ad supported video streaming of 4,000 old TV shows and about 1,500 old movies. “YouTube Makes Thousands of TV Show Episodes Available to Stream for Free” reports:
For the first time, YouTube is letting users in the US stream thousands of free, ad-supported TV shows like Hell’s Kitchen, Heartland and Unsolved Mysteries, it announced. That will put it into competition with OTA (over-the-air) TV and streaming services with ad tiers including Peacock, the Roku Channel, Tubi and others.
To me, Google’s “play” is a me too, not a “first time.”
What’s Microsoft’s most recent Eureka! moment? “Microsoft Looks Poised to Dominate the Quantum Computing Industry” states:
Microsoft Azure recently announced that its quantum computing research teams had invented “a new kind of qubit” based on elusive, never-before-demonstrated properties of physics. According to the Redmond company, this will allow it to build scalable quantum computers capable of solving the hardest problems facing humanity.
Hopefully Microsoft’s quantum efforts have not pulled resources from the company’s security initiatives.
For me, the Google announcement is another step in a long, somewhat confused video journey. The channeling of Peacock and Roku is interesting. Instead of confronting TikTok, Google wants to take on incumbents recycling old content. YouTube’s new content initiatives did not achieve orbital velocity in my opinion. There’s content on YouTube, but it is non directed. TikTok takes a different approach. Old TV shows are not a response to a competitive challenge.
The Microsoft quantum play is another attempt to demonstrate that Microsoft has something really big up its sleeve. Years ago, Microsoft was into search and contact lenses that worked like Google Glass. Now the future is quantum computing, and it is like general artificial intelligence going to be the next big thing after Teams I suppose.
Stepping back, these two “innovations” illustrate the me-too approach to generating excitement, appeasing stakeholders, and capturing mindshare. Am I quivering with excitement yet? Nope. Marketing and PR are bummers for me.
Stephen E Arnold, March 23, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
