Microsoft

Microsoft Patched the KRACK Vulnerability Last Week

Last week, Microsoft released an update Windows 10 Cumulative Update KB4041676. Guess what was also included within this… Yup! The Patch for the Krack Vulnerability.  At this time the KRACK vulnerability that was not publicly disclosed, until Monday, October 16 2017.

Very slick move on the part of Microsoft slipping this in to protect its customers against such a threat.  For those who dig deep into the updates notes would have arrived at Microsoft’s Security TechCenter post which reads.

“A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network.”

For the post and affected Microsoft products:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

 

Windows 10 Cumulative Update KB4041676 Fixed

On Tuesday, October 10, 2017 Microsoft released KB4041676 as an update that includes quality improvements. What many started to notice was that it was accompanied by an issue included systems unable to boot and those cause in boot-loops.

 

Jump to quick fix: for those of you who already installed this

In the cmd line of the advanced repair options type:

Dism /Image:C:\ /Get-Packages (could be any drive, had it on D, F, and E.)
Dism /Image:C:\ /Remove-Package /PackageName:package_ for_###
(no space between package_ and for)

Remove every update that’s pending – There are 3 updates that are causing the issue they are:

  • Rollupfix_wrapper~31bf3856ad364e35~amd64~14393.1770.1.6
  • Rollupfix~31bf3856ad364e35~amd64~14393.1770.1.6
  • Rollupfix~31bf3856ad364e35~amd64~14393.1715. 1.10

 

Microsoft explained in a support article that this has been caused by what it describes as a “publishing issue,”

““We have corrected the publishing issue as of the afternoon of October 10th and have validated the cumulative security updates. We recommend all customers take these cumulative security updates,”.

 

At the office and in the lab:

I have taken steps to flush the update from my WSUS environments as a precaution and to allow for the corrected package to be downloaded.

 

ref:

https://support.microsoft.com/en-ca/help/4049094/windows-devices-may-fail-to-boot-after-installing-october-10-version-o

Install Windows Server 2016 Step by Step

There may come a time that you may need to install Windows Server 2016.
Here I will provide a high-level step by step on this installation process.

Requirements:

Windows Server 2016 Installation media (DVD, USB flash, WDS, etc.)
Installation Target (Computer, Server, Virtual Machine)
Keyboard (Mouse is optional)

Video Example of Installation:

Installation Steps:

Power on Installation Target (Computer, Server, Virtual Machine), specify the language, time zone and keyboard or input method then, click Next.

Click Install now on the Windows Setup screen.

Enter your license key or click “I don’t have a product key”.
This option is normally chosen when you have a local KMS host used to activate the Windows Installation

Select the desired Windows Server edition, Click Next.

Accept the license terms by placing a check in the box, then click Next

On the next screen choose “Custom” install. This is for clean installs of the Windows OS

Select the disk, you want to install the widows on, click Next

The installation will copy files and install the base features and updates. When complete the computer will reboot. After your restart, you will be asked to compose a secure password. Once completed you will be able to log into your Windows 2016 Server.

Job well done.

The Ten Immutable Laws Of Security: Version 2

You can’t patch these, but you can take steps to be more aware of these law’s.

 

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.

Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.

Law #5: Weak passwords trump strong security.

Law #6: A computer is only as secure as the administrator is trustworthy.

Law #7: Encrypted data is only as secure as its decryption key.

Law #8: An out-of-date anti-malware scanner is only marginally better than no scanner at all.

Law #9: Absolute anonymity isn’t practically achievable, online or offline.

Law #10: Technology is not a panacea.

 

Ref: https://technet.microsoft.com/en-us/library/hh278941.aspx?f=255&MSPPError=-2147217396

In Place Upgrade Of Windows Server 2008 R2 Standard

If you have a need to upgrade a server running Windows Server 2008 R2 Standard to either the Enterprise, or Datacenter edition, it’s possible to do so online, without re-installing Windows. This not only a simple process, it saves you time.

Open an elevated command prompt and type DISM /Online /Get-CurrentEdition. This returns the current Windows version.

Type DISM /Online /Get-TargetEditions to list the Windows editions to which this server can be upgraded to.

Type DISM /Online /Set-Edition:ServerDataCenter /ProductKey:xxxxxx will upgrade the operating system. All that’s required to complete the upgrade is a reboot.

Done!

Ref Info:

DISM Windows Edition-Servicing Command-Line Options – https://technet.microsoft.com/en-us/library/hh825157.aspx

KMS Client Setup Keys – Link