Microsoft: A Legitimate Point about Good Enough

October 20, 2021

A post by Stefan Kanthak caught my attention. The reason was an assertion that highlights what may be the “good enough” approach to software. The article is “Defense in Depth — the Microsoft Way (Part 78): Completely Outdated, Vulnerable Open Source Component(s) Shipped with Windows 10&11.” I am in the ethical epicenter of the US not too far from some imposing buildings in Washington, DC. This means I have not been able to get one of my researchers to verify the information in the Stefan Kanthak post. I, therefore, want to point out that it may be horse feathers.

Here’s the point I noted in the write up:

Most obviously Microsoft’s processes are so bad that they can’t build a current version and have to ship ROTTEN software instead!

What’s “rotten”?

The super security conscious outfit is shipping outdated versions of two open source software components: Curl.exe and Tar.exe.

If true, Stefan Kanthak may have identified another example of the “good enough” approach to software. If not true, Microsoft is making sure its software is really super duper secure.

Stephen E Arnold, October 20, 2021

Mapping the Earth: A Big Game?

October 20, 2021

I read “Was Google Earth Stolen?” I have not thought about making a map of the earth game-like for many years. I read the article by Avi Bar-Zeev, one of the individuals close to the Keyhole approach. Interesting stuff.

I want to underscore the fact that Microsoft was noodling around in this geographic earth space as well. There is a short item on the Microsoft Web site called “The Microsoft TerraServer.” The write up states:

The Microsoft TerraServer stores aerial and satellite images of the earth in a SQL Server Database served to the public via the Internet. It is the world’s largest atlas, combining five terabytes of image data from the United States Geodetic Survey, Sovinformsputnik, and Encarta Virtual Globe™. Internet browsers provide intuitive spatial and gazetteer interfaces to the data. The TerraServer demonstrates the scalability of Microsoft’s Windows NT Server and SQL Server running on Compaq AlphaServer 8400 and StorageWorks™ hardware. The TerraServer is also an E-Commerce application. Users can buy the right to use the imagery using Microsoft Site Servers managed by the USGS and Aerial Images. This paper describes the TerraServer’s design and implementation.

The link to download the 23 year old Microsoft document is still valid, believe it or not!

Other outfits were into fancy maps as well; for example, the US government entity in Bethesda and some of the folks at Boeing.

Is this germane to the Bar-Zeev write up? Nah, probably no one cares. I find stories about technology “origins” quite interesting for what each includes and what each omits. Quite game-like, right?

Stephen E Arnold, October 20, 2021

Registering Dismay: Microsoft Azure Blues

October 20, 2021

The Beyond Search team loves Microsoft. Totally.

Some are not thrilled with automated customer service. Talk to smart software. Skip the human thing. Microsoft’s customer service has been setting a high standard for decades. . Despite the company getting bigger and more powerful, Microsoft sparked a story in The Register called “WTF? Microsoft Makes Fixing Deadly OOMIGOD Flaws On Azure Your Job.”

Azure is Microsoft’s cloud platform and users using Linux VMs are susceptible to four “OMIGOD” in the Open Management Infrastructure (OMI). Linux Azure users are forced to fend for themselves with the OMIGOD bugs, because Microsoft will not assist them. What is even worse for the Linux users is that they do no want to run OMIs on their virtual machines. OMIs are automatically deployed when the VM is installed when some Azure features are enabled. Without a patch, hackers can access root code and upload malware.

The write up points out that Microsoft did some repairs:

“The Windows giant publicly fixed the holes in its OMI source in mid-August, released it last week, and only now is advising customers. Researchers quickly found unpatched instances of OMI. Security vendor Censys, for example, wrote that it discovered ’56 known exposed services worldwide that are likely vulnerable to this issue, including a major health organization and two major entertainment companies.…In other words, there may not be that many vulnerable machines facing the public internet, or not many that are easily found.”

Linux VM users on Azure are unknowingly exposed and a determined hacker could access the systems.

Is it possible Windows 11 is a red herring. OMIGOD, no.

Whitney Grace, October 20, 2021

Interesting Behavior: Is It a Leitmotif for Big Tech?

October 18, 2021

A leitmotif, if I remember the required music appreciation course in 1962 is a melodic figure that accompanies a person, a situation, or a character like Brünnhilde from a special someone’s favorite composer.

My question this morning on October 18, 2021, is:

“Is there a leitmotif associated with some of the Big Tech “we are not monopolies” outfits?”

You can decide from these three examples or what Stephen Toulmin called “data.” I will provide my own “warrant”, but that’s what the Toulmin’s model says to do.

Here we go. Data:

  1. The Wall Street Journal asserts that William “Bill” Gates learned from some Softie colleagues suggested Mr. Gates alter his email behavior to a female employee. Correctly or incorrectly, Mr. Gates has been associated with everyone’s favorite academic donor, Jeffrey Epstein, according to the mostly-accurate New York Times.
  2. Facebook does not agree with a Wall Street Journal report that the company is not doing a Class A job fighting hate speech. See “Facebook Disputes Report That Its AI Can’t Detect Hate Speech or Violence Consistently.”
  3. The trusty Thomson Reuters reports that “Amazon May Have Lied to Congress, Five US Lawmakers Say.” The operative word is lied; that is, not tell the “truth”, which is, of course, like “is” a word with fluid connotations.

Now the warrant:

With each of the Big Tech “we’re not monopolies” a high-profile individual defends a company’s action or protests that “reality” is different from the shaped information about the individual or the company.

Let’s concede that these are generally negative “data.” What’s interesting is that generally negative and the individuals and their associated organizations are allegedly behaving in a way that troubles some people.

That’s enough Stephen Toulmin for today. Back to Wagner.

Leitmotifs allowed that special someone’s favorite composer to create musical symbols. In that eminently terse and listenable Der Ring des Nibelungen, Wagner delivers dozens of distinct leitmotiv. These are possible used to represent many things.

In our modern Big Tech settings, perhaps the leitmotif is the fruits of no consequences, fancy dancing, and psychobabble.

Warrant? What does that mean? I think it means one thing to Stephen Toulmin and another thing to Stephen E Arnold.

Stephen E Arnold, October 18, 2021

Office 365: A Petri Dish for Malware?

October 18, 2021

Microsoft has a PR problem? Microsoft may have other issues as well, but “Infosec Expert Beaumont Slams Microsoft Over Hosting Malware for Years” seems like a semi-negative write up. Is the situation as dire as the article suggests? I don’t know, but it seems as if it is not what you would call:

  1. A ringing endorsement for Microsoft security
  2. An illustration of Microsoft’s approach to Office 365

The write up asserts:

An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows.

How has Microsoft responded? The write up quotes infosec expert Beaumont as saying:

Before the train of MS employees arrive saying ‘just report it’, try getting them and future ones taken down yourselves. I did. It was a disaster.

The write up, which is a mish mash of quotes and tweets, contains a number of interesting allegedly true factoids.

True? Maybe. Not-so-great PR for the company that follows China’s content guidelines? Sure seems like it.

Stephen E Arnold, October 18, 2021

Another Reason for Windows 11?

October 13, 2021

The team at Beyond Search talked yesterday about Windows 11. One individual installed the system on one of our test-only machines and reported, “Not too exciting.” Another dismissed the Windows 11 as a distraction from the still-lingering SolarWinds and Exchange Server security face plants. I took a look and said, “Run some tests to see what it does to the performance of our AMD 5950X machines.”

Then I turned my attention to more interesting things. This morning my trusty Overflight system spit out this headline: “Microsoft: Here’s Why We Shrunk Windows 11 Update Sizes by 40%.” I noted this statement in the article:

…It was necessary to reduce the size of them, which in the past have been almost 5 GB in size.   In a word, it’s about bandwidth, which millions of households in the US have a shortage of due to poor broadband in remote areas.

Maybe cost is a factor?

My hunch is that Microsoft has many employees who have opinions about the shift from the last Windows to a last-plus-n Windows.

Several observations from our underground computer lab in rural Kentucky:

  1. Updates create problems for Microsoft; for example, security issues lurk and actors world wide are enthusiastic about exploring “new” code from Microsoft. Vulnerabilities R’Us it seems.
  2. Implementing procedures which produce stable code are more expensive than figuring out how to reduce code bloat in updates. Therefore, the pitch touted in the write up cited above.
  3. Microsoft has shifted from 10,000 sail boats going in the same general direction to 20,000 motor boats going someplace. Evidence? The changing explanation for the existence of Windows 11.

Net net: Big and changing operating system may add vulnerabilities, not just rounded corners and a distraction from deeper issues.

Stephen E Arnold, October 13, 2021

Microsoft and Its Post Security Posture

October 1, 2021

Windows 11 seems like a half-baked pineapple upside down cake. My mother produced some spectacular versions of baking missteps. There was the SolarWinds’ version which had gaps everywhere, just hot air and holes. Then there was the Exchange Server variant. I exploded and only the hardiest ants would chow down on that disaster.

I thought about her baking adventures when I read “Microsoft Says Azure Users Will Have to Patch these Worrying Security Flaws Themselves.” Betty Crocker took the same approach when my beloved mother nuked a dessert.

Here’s the passage that evoked a Proustian memory:

instead of patching all affected Azure services, Microsoft has put an advisory stating that while it’ll update six of them, seven others must be updated by users themselves.

Let’s hope there’s a Sara Lee cake around to save the day for those who botch the remediation or just skip doing the baking thing.

Half baked? Yeah, and terrible.

Stephen E Arnold, October 1, 2021

Forgetting the Lessons of the Phalanx: Zooming In Does Not Work for Some

September 14, 2021

I read a write up from the Android mobile of Captain Obvious. The title? Here she be: “Study of Microsoft Employees Shows How Remote Work Puts Productivity and Innovation at Risk.” Ground breaking!

The article explains without a trace of Saturday Night Live humor:

A new study finds that Microsoft’s companywide shift to remote work has hurt communication and collaboration among different business groups inside the company, threatening employee productivity and long-term innovation.

To make the academic goodness of the report even more credible, the write up explains that the research report was:

published Thursday morning by Microsoft researchers in the journal Nature Human Behaviour. It coincides with Microsoft’s announcement that employees won’t be returning to the office Oct. 4 as previously expected.

I circled this quote nestled in the article:

The desire of employees to have both flexibility and connection with others is what Microsoft CEO Satya Nadella calls the “Great Paradox.” The company is also announcing new features in Teams, LinkedIn and other products meant to address some of the challenges revealed by the data.

War fighters employing the reliable phalanx figured out that Zooming in to a battle was not a reliable way to win. Teaming in, even with new features, is unlikely to yield better results.

Perhaps the lack of togetherness at Microsoft makes life easier for those exploiting the security peculiarities of Microsoft systems and software? No, hold that thought, please. Microsoft’s Windows 11 is a Covid era product. The Microsoft Exchange Server and Azure issues are from PC time; that is, the pre Covid period.

Perhaps the already present communications and togetherness issues have been present for many years. The work from home approach just amplified them.

Paradoxical? Nope. Management acting as a 50000 watt AM radio station. Static, anyone? Will Microsoft employees do the Thermopylae thing to defeat Microsoft’s antagonists? Sure, just via Zoom and one hopes a functioning Teams with extra features.

Stephen E Arnold, September 14, 2021

Microsoft: What Is the Priority?

September 8, 2021

Two items caught my attention today (September 3, 2021). The first was “Conti Ransomware Now Hacking Exchange Servers with ProxyShell Exploits.” What’s interesting is that Microsoft Exchange is in the news again. Here’s the interesting part of the write up:

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits….  While Microsoft fully patched these vulnerabilities in May 2021, technical details regarding exploiting the vulnerabilities were recently released, allowing threat actors to start using them in attacks. So far, we have seen threat actors using the ProxyShell vulnerabilities to drop webshells, backdoors, and to deploy the LockFile ransomware.

Isn’t this like a 45 rpm recording of the The Trashmen’s “Surfin’ Bird.” Repetitive much? Here’s the lyric. Just substitute breach or break for bird, and you may have a hit on your hands:

A well a everybody’s heard about the bird
B-b-b bird, bird, bird, b-bird’s the word
A well a bird, bird, bird, the bird is the word
A well a bird, bird, bird, well the bird is the word
(Repeat endlessly)

The second item was “Don’t Like the New Windows 11 Start or Taskbar? Don’t Worry – Microsoft’s Got Your Back.” The main thrust of this write up is that Microsoft trashed the task bar and start menu of Windows 11. I learned:

Affected Insiders found, according to Microsoft, “that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load.” The result was a hurried update requiring those impacted to do a bit of Registry tinkering in order to get things back to normal.

From the all-important security assurances to the suggestions of the best Windows ever, Microsoft delivers flawed experiences for some it seems.

Trust, confidence in Microsoft software, and commitment to providing secure and stable tools are in short supply in Harrod’s Creek. Your mileage may vary, but bad actors continue to get useful tips about ways in which Microsoft says, “Hey, pay us a visit.”

Stephen E Arnold, September 8, 2021

The Print Nightmare Method Advances to the Windows 11 Tool Bar and Start Button

September 8, 2021

Once again someone has discovered a bug in Windows machines. The vulnerability allows bad actors access to remove code execution and local privilege escalation. Tech Radar details how this is the second issue related to this vulnerability in “There’s Yet Another New PrintNightmare Hack.” The problem started when Chinese security researchers shared a proof-of-concept exploit online, believing that Microsoft had patched the hole in Windows Print Spooler. Nope!

Microsoft quickly released a patch, but not before damage was done. Creator of the popular exploitation tool Mimkatz, Benjamin Delpy exploit exploited the bug again. The bug enables anyone to gain admin privileges on vulnerable machines. It works like this:

“According to reports, Delpy’s workaround takes advantage of the fact that Windows doesn’t prevent Limited users from installing printer drivers. Furthermore, it won’t complain when these drivers are fetched from remote print servers, and will then run them with the System privilege level.”

Microsoft issued another PrintNightmare patch, but Delpy and other security researchers are not happy with it. They say that Microsoft checks for remote libraries in PrintNightmare patch and it gives an opportunity to work around it. Delpy and other security researchers have since learned a lot about printer spooler and drivers. He released his own proof-of-concept that downloads a rogue driver that misuses the latitude to allow Windows users access to admin privileges. Delpy and others explain this will not be the last of Windows printer spooler abuse.

And how’s that Microsoft method working out?

It is consistent. “Windows 11 Preview Glitch Hits Start menu and Taskbar” explains:

“Recently, Windows Insiders in both the Dev and Beta Channels began reporting that Start and Taskbar were unresponsive and Settings and other areas of the OS wouldn’t load,” wrote the Windows Insiders team at Microsoft in a blogpost.

Yep, consistent.

Whitney Grace, September 8, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta