Microgoof of the Day: The Print Thing
July 9, 2021
I read “Microsoft’s Emergency PrintNightmare Pat Doesn’t actually Fix the Issue.” If this article is correct, it warrants a honk from the Beyond Search goose. The story was the inspiration for an irregular series of posts to be called “Microgoof of the Day.” The write up says without any stand up comedy joke writer:
…there are reports of new proof-of-exploit code that circumvents the fix altogether.
Well, well, well.
The write up nods to another publication with this passage:
Reporting on the findings of Benjamin Delpy, creator of popular post exploitation tool Mimikatz, The Register says that it’s how Microsoft checks for remote libraries in the PrintNightmare patch that offers an opportunity to work around the patch. “They did not test it for real,” Delpy bluntly told The Register, reportedly describing the issue as “weird from Microsoft.”
Weird from Microsoft? Hmmm.
Regardless of who’s right or wrong, PrintNightmare is a hoot in some circles. In others, maybe not so much. That’s the microgoof for you.
Stephen E Arnold, July 9, 2021
Amusing Confusing Wizards
July 7, 2021
More from the Redmond wizards’ humor generating machines.
Microsoft has found a way to deflect attention from yet another security issue. Do you print over the Internet? “Microsoft Acknowledges PrintNightmare Remote Code Execution Vulnerability Affecting Windows Pint Spooler Service” says:
IT Admins are also invited to disable the Print Spooler service via Powershell commands, though this will disable the ability to print both locally and remotely. Another workaround is to disable inbound remote printing through Group Policy, which will block the remote attack vector while allowing local printing.
So what distracts one from a print nightmare? That’s easy. Just try to figure out if your PC can run Windows 11? TPM, you say? Intel what?
PrintNightmare aptly characterizes Microsoft’s organizational acumen perhaps?
Stephen E Arnold, July 7, 2021
Microsoft in Perspective: Forget JEDI. Think Teams Together
July 7, 2021
I received some inputs from assorted colleagues and journalistic wizards regarding JEDI. The “real” news outfit CNBC published “Pentagon Cancels $10 Billion JEDI Cloud Contract That Amazon and Microsoft Were Fighting Over.” The write up stated:
… the Pentagon is launching a new multivendor cloud computing contract.
What caused this costly, high-profile action. Was it the beavering away of the Oracle professionals? Were those maintaining the Bezos bulldozer responsible? Was it clear-thinking consultants who asked, “Wasn’t Microsoft in the spotlight over the SolarWinds’ misstep?” I don’t know.
But let’s put this in perspective. As the JEDI deal was transported to a shelf in a Department of Defense store room at the Orchard Range Training Site in Idaho, there was an important — possibly life changing — announcement from Microsoft. Engadget phrased the technology breakthrough this way: Microsoft Teams Together Mode test lets just two people start a meeting. I learned:
Together Mode uses AI-powered segmentation to put all participants in a meeting in one virtual space.
I assume that this was previously impossible under current technology like a mobile phone, an Apple device with Facetime, Zoom, and a handheld walkie talkie, a CB radio, a ham radio, FreeConference.com, or a frequently sanitized pay phone located in a convenient store parking lot near the McCarran International Airport in Las Vegas.
I have a rhetorical question, “Is it possible to print either the news story about the JEDI termination or the FAQ for Together in the midst of — what’s it called — terror printing, horror hard copy effort — wait! — I have it. It is the condition of PrinterNightmare.
I have to stop writing. My Windows 10 machine wants to reboot for an update.
Stephen E Arnold, July 7, 2021
Microsoft and LinkedIn: How about That Security?
July 2, 2021
I spotted an interesting and probably made up post titled “New LinkedIn Data Leak Leaves 700 Million Users Exposed.” Isn’t this old news? I must be thinking about the 500 million names scraped earlier this year. (See “Reported LinkedIn Data Breach: What You Need to Know,” please.)
The write up states:
Since LinkedIn has 756 million users, according to its website, this would mean that almost 93% of all LinkedIn users can be found through these records.
I am eagerly awaiting Microsoft’s explanation. Will it be 1,000 programmers? Russia? China? A flawed update?
Excuses: Microsoft has offered a few. Is ineptitude in the quiver of rhetorical arrows? Perhaps it was an illusion?
Stephen E Arnold, July 2, 2021
Microsoft Code Recommendations: Objectivity and Relevance, Anyone?
June 30, 2021
The “real news” outfit CNBC published an interesting news item: “Microsoft and OpenAI Have a New A.I. Tool That Will Give Coding Suggestions to Software Developers.” The write up states:
Microsoft on Tuesday announced an artificial intelligence system that can recommend code for software developers to use as they write code…The system, called GitHub Copilot, draws on source code uploaded to code-sharing service GitHub, which Microsoft acquired in 2018, as well as other websites. Microsoft and GitHub developed it with help from OpenAI, an AI research start-up that Microsoft backed in 2019.
The push to make programming “easier” is moving into Recommendation Land. Recommendation technology from Bing is truly remarkable. Here’s a quick example. Navigate to Bing and enter the query “Louisville KY bookkeeper.” Here are the results:
The page is mostly ads and links to intermediaries who sell connections to bookkeepers accepting new clients, wonky “best” lists, and links to two bookkeeping companies. FYI: There are dozens of bookkeeping services in Louisville, and the optimal way to get recommendations is to pose a query to the Nextdoor.com Web site.
Now a question: How “objective” will these code suggestions be? Will there be links to open source supported by or contributed to by such exemplary organizations as Amazon, Google, and IBM, among others?
My hunch is that Bing points the way to the future. I will be interested to see what code is recommended to a developer working on a smart cyber security system, which may challenge the most excellentness of Microsoft’s own offerings.
Stephen E Arnold, June 30, 2021
Another Friday, More Microsoft Security Misstep Disclosures
June 28, 2021
I think Microsoft believes no one works on Friday. I learned in “Microsoft Warns of Continued Attacks by the Nobelium Hacking Group” that SolarWinds is the gift that keeps on giving. Microsoft appears to have mentioned that another group allegedly working for Mr. Putin has been exploiting Microsoft software and systems. Will a “new” Windows 11 and registering via a Microsoft email cure this slight issue? Sure it will, but I am anticipating Microsoft marketing jabber.
The write up states:
The Microsoft Threat Intelligence Center said it’s been tracking recent activity from Nobelium, a Russia-based hacking group best known for the SolarWinds cyber attack of December 2020, and that the group managed to use information gleaned from a Microsoft worker’s device in attacks. Microsoft said it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.” The affected customers were notified of the breach.
The applause sign is illuminated.
I spotted this remarkable statement in the write up as well:
It’s possible that successful attacks went unnoticed, but for now it seems Nobelium’s efforts have been ineffective.
Wait, please. There is more. Navigate to “Microsoft Admits to Signing Rootkit Malware in Supply-Chain Fiasco.” This smoothly executed maneuver from the Windows 11 crowd prompted the write up to state:
Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.
This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.
The write up concludes:
This particular incident, however, has exposed weaknesses in a legitimate code-signing process, exploited by threat actors to acquire Microsoft-signed code without compromising any certificates.
Amazing. The reason cyber crime is in gold rush mode is due to Microsoft in my opinion. The high tech wizards in Redmond can do rounded corners. Security? Good question.
Stephen E Arnold, June 28, 2021
A $2 Trillion Market Cap and Tops at Diversity and Inclusion
June 25, 2021
Forget the Windows 10 (the last version of Windows once). Forget the SolarWinds’ misstep. Forget the complexity of Teams for a consultant used to Zoom. Think about this milestone. Fortune has named the Redmond outfit the big dog in diversity and inclusion.
For a big tech firm, the company is refreshingly free of discrimination-based scandals. Windows Central reports, “Microsoft Tops Fortune 500 Charts for Diversity and Inclusion.” Writer Sean Endicott shares some data from this year’s Fortune 500 report on the subject:
Fortune and Refinitiv partnered together to gather data and rank organizations based on 14 key metrics, including the percentage of minorities on a company’s board, the percentage of employees that are women, and the percentage of employees with disabilities. This list also includes Measure Up, a ranking of the most progressive companies based on diversity and inclusivity. Microsoft measures well in several key areas. Fortune highlights that it provides day-care services and has an employee resource group voluntarily formed by workers. The company also has targets for diversity and inclusion and policies regarding gender diversity. According to Fortune, 39.7% of Microsoft’s board is made up of racial and ethnic minorities. Overall, Microsoft’s workforce is 49.8% racial or ethnic majorities. 41.3% of managers at Microsoft are racial or ethnic minorities. While Microsoft has positive figures regarding racial and ethnic diversity, it falls behind in gender diversity. According to 2020 data reported by Microsoft, only 28.6% of its employees were women. 26.3% of managers at Microsoft were women in the same timeframe.”
The Windows cheerleaders may see some room for improvement. The write-up reminds us Microsoft makes a habit of emphasizing diversity and inclusion, linking to examples here, here, here, and here. Perhaps Google could learn a thing or two from that company. For example, reduce the management goofs that lead to global awareness of stuff like the Timnit Gibru and ethical AI matter. And Fortune knows a lot about diversity and inclusion, right?
Stephen E Arnold, June 25, 2021
Microsoft Teams: More Search, Better Search? Sure
June 23, 2021
How about the way Word handles images in a text document? Don’t you love the numbering in a Word list? And what about those templates?
Microsoft loves features. It is no surprise that Teams is collecting features the way my French bulldog pulls in ticks on a warm morning in the woods in June.
Here is an interesting development in search. We learn from a very brief write-up at MS Power User that “Microsoft Search Will Soon Be Able to Find Teams Meeting Recordings Based on What Was Said.” It occurs as the company moves MS Teams recordings to OneDrive and SharePoint. (We note Zoom offers similar functionality if one enables audio transcription and hits “record” before the meeting.) Writer Surur reports:
“Previously, Teams meeting recordings were only searchable based on the Title of the meetings. You will now be easily able to find Teams meeting recordings based on not just the Title of the meeting, but also based on what was said in the meeting, via the transcript, as long as Live Transcription was enabled. Note however that only the attendees of the Teams meeting will have the permission to view these recordings in the search results and playback the recordings. These meetings will now be discoverable in eDiscovery as well, via the transcript. If you don’t want these meetings to be discoverable in Microsoft Search or eDiscovery via transcripts, you can turn off Teams transcription.”
This is a handy feature. It does mean, however, that participants will want to be even more careful what they express in a Teams meeting. Confirmation of any surly utterances will be just a search away. How does the system index an expletive when the dog barks or a Teams’ session hangs?
Cynthia Murrell, June 23, 2021
Clear Signals of Deeper, Less Visible Flaws, Carelessness, and Corner Cuts
June 21, 2021
I read “State of the Windows: How Many Layers of UI Inconsistencies Are in Windows 10?” I found the listing of visual anomalies interesting. I don’t care much about Windows. We run a couple of applications and upgrade to new versions once the point releases and bugs have been identified and mostly driven into dark holes.
The write up points out:
As you may know, Microsoft is planning on overhauling the UI of Windows with their “Sun Valley” update, which aims to unify the design of the OS. However, as we can see, Windows is one behemoth of an operating system. Will their efforts to finally make a cohesive user experience succeed?
My answer to this question is that Microsoft has embraced processes which tolerate inconsistencies. I see this as a strategic or embedded function of the company’s management attitude: Good enough. If a company cannot make interfaces consistent, what about getting security issues, software update processes, and code quality under control.
I want to mention the allegation that Microsoft may have been signing malicious drivers. For more on this interesting assertion, navigate to Gossi The Dog at this link. One hopes the information in this sequence of messages and screenshots is fabricated. But if there are on the money, well …
If you can’t see it, perhaps “good enough” becomes “who cares.” Obviously some at Microsoft hold both of these strategic principles dear.
Stephen E Arnold, June 21, 2021
Microsoft: Timing and Distraction
June 16, 2021
From my point of view, the defining event of 2021 was the one-two punch of SolarWinds and the Microsoft Exchange Server breaches. I call these “missteps” because the jargon of the cyber wizards at the Redmond outfit and the legions of cyber security vendors talk around compromising systems in ways which are mind boggling. Yep, a “misstep.” Not worth worrying about.
I scanned the research data in “Unsuccessful Tech Projects Get Axed During the Pandemic” and checked with my trusty red ink ball point pen, these items. Let’s just assume these data are close enough for horse shoes, shall we?
- 30 percent of a sample of 700 plus “professionals” say they killed one or more unsuccessful digital transformation projects. Okay, one third failure rate. How’s that work if one is building 100 school buses? Yep, one third go up in flames, presumably killing some of the occupants. Call it 20 children per bus when one detonates. That works out to 600 no longer functioning children. Acceptable? Okay for software, just not for school buses.
- 65 percent of the sample are going to try and try again. Improving methods? No data on that, so we can figure one third of these digital adventures will drive off a cliff I assume.
- Making the right decision is almost a guess. The article’s data suggest that 29 percent of those in the sample “struggle to keep pace with technological developments.” So let’s do marketing, maybe hand waving, or just some Jazz Age razzle dazzle, right?
That what I thought when I read “Windows 11 Has Leaked Online: What the Next Version of Windows Looks Like.” This write up does not talk about addressing the software update methods, the trust mechanisms within the Windows ecosystem, nor the vulnerabilities of decades old practices for libraries and dynamic linked libraries, among others. Nope. It’s this in my opinion:
Image source: Noemi P.
A new look, snappy dance moves, and distraction. The tune is probably going to be a toe tapper. The only hitch is that the missteps of SolarWinds and Microsoft Exchange Server missteps might throw the marketing routine off beat.
Stephen E Arnold, June 16, 2021