For those of you that are interested in information security, Kali Linux is now available in the Windows Store as part of the Windows Subsystem for Linux. While this isn’t as great as a native Kali installation, it still brings some great tools to Windows. I know this might interest some people, as well as students learning about Kali, but most infosec professionals will most likely stick with the native installation. This is still pretty cool and I will definitely be playing with it and comparing it to the dedicated install of Kali on a separate machine.
While running Kali on Windows has a few drawbacks to running it natively (such as the lack of raw socket support), it does bring in some very interesting possibilities, such as extending your security toolkit to include a whole bunch of command line tools that are present in Kali. While not officially supported by WSL yet, we’ve tested running a desktop manager such as XFCE on WSL’d Kali…and it seems to work quite well. We will update our blog with more news and updates regarding the development of this app as it’s released.
As we get closer to the final release of this new version, the builds come quicker and quicker. Up today, we have build 17112 for the Windows 10 Fast Ring Insider group. Definitely some things to check in the Known Issues section as it might affect you. Also, be aware of a critical Windows Mixed Reality bug if you have a WMR device.
IMPORTANT: The Microsoft Store may be completely broken or disappeared altogether after upgrading to this build. Please see this forum post for details including a workaround on how to get the Microsoft Store back.
If you try to open a file that is available online-only from OneDrive that hasn’t been previously downloaded to your PC (marked with a green checkmark in File Explorer), your PC could bugcheck (GSOD). You can work around this problem by right-clicking on these files and selecting “Always keep on this device.” Any file-on-demand from OneDrive that is already downloaded to the PC should open fine.
Post-install at the first user-prompted reboot or shutdown, a small number of devices have experienced a scenario wherein the OS fails to load properly and may enter a reboot loop state. For affected PCs, turning off fast boot may bypass the issue. If not, it is necessary to create a bootable ISO on a USB drive, boot into recovery mode, and this this will allow bypass.
When Movies & TV user denies access to its videos library (through the “Let Movies & TV access your videos library?” popup window or through Windows privacy settings), Movies & TV crashes when the user navigates to the “Personal” tab.
For those in the Fast Ring of the Windows 10 Insider group, you can now update to build 17110. Some cool new things included in this one for enterprise users. As usual, check the known issues. As we are edging close to the final release, they are minimal but still might be impactful to you.
What’s new in Build 17110
Improvements for Enterprise Customers in RS4
Enterprises can now run custom actions during feature update: In RS4, we are adding a new feature that will enable your enterprise to run your own custom actions/scripts synchronously with setup. Setup will execute custom actions during two update phases controlled by using preinstall.cmd or precommit.cmd:
- Pre-install: This would be just before all the system and device compatibility scans run.
- Pre-commit: This would be just before the system reboots into the offline phase.
For those Windows 10 Fast Ring Insiders, a new build has been unleashed – Build 17093. A lot of new things in this build, as well as a lot of fixes. As usual, check the known issues for anything that might be a show stopper for you. For some, it may be best to stay on the slow or release preview ring. I’ve noticed a few posts in various forums complaining about the various bugs (and many are in the known issues) and other things. The Insider program releases are guaranteed to have bugs during most of the development. They are not meant for critical production machines. They are to try out the latest and greatest and provide feedback, including telling them of those bugs, so that they can create a much better product. You are a beta tester and feedback producer. If you’re good with that, like many are, the Insider builds are excellent and fun. If you have something to lose on your PC, try a VM or wait for the final release to consumers.
Also, the Bug Bash continues until the 11th, so do some quests and throw the Insider team some good feedback to help make this release a great one!
We have observed seeing longer-than-normal delays during install at the 88% mark. Some delays are as long as 90 minutes before moving forward. Please be patient as the install will complete successfully.
Some PCs will fail to resume from hibernate requiring a hard reboot to recover.
If you install a font product from the Microsoft Store, then later install a new build (feature update), the Store package will remain installed, but the fonts within the package are not installed. Until this is fixed, the temporary workaround is to uninstall the product from the Apps page in Settings, then re-acquire the product from the Store.
If an East Asian keyboard is the only input method on your system the touch keyboard will show an English layout with no IME on/off key. Until this is fixed, the workaround is to add a second keyboard language from the Region & Language Settings page, or to use the IME mode button in the taskbar.
We’re investigating an issue where the Japanese IME sometimes can’t turn on in UWP apps. If you encounter this issue switch to a Win32 application (e.g. Notepad), turn the IME on there, then switch back to the UWP app.
We’re investigating reports that 3 and 4 finger gestures on the touchpad have become unresponsive starting with the previous flight.
Windows Hello will fail to work on Surface Laptops with this build.
Plugging in an external optical drive (DVD) will cause an Explorer.exe crash.
Settings will crash if you open the Themes Settings page.
According to some metrics, Windows 10 has surpassed Windows 7 in usage. While there have been some indications of this in the past (Steam surveys), it is now becoming more widespread with other analytic firms. This time it’s Statcounter which claims a 42.78% market share for Windows 10. While I tend to take these individual firms claims with a grain of salt (due to the various analytic methodologies), it seems more and more of them are coming out with similar results. The original linked article mentioned similar issues with the various methodologies as well.
This is because there are various differences in the methodologies that these organizations use to collect and process their statistics, not to mention the fact that Netmarketshare covers all desktop operating systems – i.e. macOS and Linux as well as Windows. Whereas Statcounter just focuses purely on Windows versions, although the latter holds the vast majority of the overall market anyway, at around 90%.
This is mostly for the IT professionals out there. Microsoft has changed a few things with Office and Windows servicing and support. For some of the older versions of Windows 10, Microsoft has extended support for Education and Enterprise editions an extra six months.
As far as Office 2019, it will be supported on Windows 10 and LTSC of Windows Server. Starting in 2020, Office 365 Professional Plus will no longer be supported on Windows 8.1 or older. This does not include the stand alone Office products, only the Office 365 products.
Delivering a secure and productive modern workplace is a top priority for many of our commercial customers, and we’re committed to help. Last July, we took a big step forward in this journey with the introduction of Microsoft 365, a new product suite that brings together Office 365, Windows 10, and Enterprise Mobility + Security. Many customers are in the process of moving to one or more of these products, and they’ve asked us to clarify a few key points to help them with their upgrades. Today – two years before the end of extended support for Windows 7 and Office 2010 (January and October 2020, respectively) – we’re announcing servicing extensions for Windows 10, changes to the Office 365 ProPlus system requirements, and new details on the next perpetual release of Office and Long-Term Servicing Channel (LTSC) release of Windows.
There have been reports about the latest fix to Intel’s microcode to protect against the Spectre vulnerability causing higher than expected reboots and other unpredictable system behavior. So, in light of this, Intel has recommended users hold off on deploying the current fix while they continue testing.
Microsoft has offered an out of band update (KB4078130) that will disable this fix for the time being until a new, tested and stable update has been released. Currently, this Spectre variant has not been used in the wild for any attacks, so the current risk of disabling this patch is seen as fairly low.
Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22, Intel recommended that customers stop deploying the current microcode version on affected processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential effect of the current microcode version, and we encourage customers to review their guidance on an ongoing basis to inform their decisions.
While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing, this update has been found to prevent the described behavior in devices that have affected microcode. For the full list of affected devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an affected device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”
There have been a lot of programs released that can scan your PC for issues and then give you strong worded advertisements to buy the full version of the software so you can fix the issues. However, these purchases are usually unnecessary. Microsoft is aiming to reduce the practice by changing their evaluation criteria for removing the software with Windows Defender.
I’ve seen the software in question many times, and I’ve had customers duped out of money by purchasing the software. Most of the time, they bring their PC to me to fix the issues that the software claimed it would fix. The first step is usually to remove the offending, paid for software, and then continue on with fixing the other issues.
There are a few questions I have, though. How long before the vendors create a workaround for this detection and what would the workaround be? How many false positives will there be? And, will there be a way to turn this feature off if desired? All in all, it’s a good thing and keeps the consumer protected against this scammy software practice.
We have recently updated our evaluation criteria to state:
Unwanted behaviors: coercive messaging
Programs must not display alarming or coercive messages or misleading content to pressure you into paying for additional services or performing superfluous actions.
Software that coerces users may display the following characteristics, among others:
- Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.
- Suggests that no other actions will correct the reported errors or issues
- Requires the user to act within a limited period of time to get the purported issue resolved
For collaboration and communication at the workplace, I find that Microsoft Teams does an excellent job. Microsoft has released some new feature updates for the application. Some decent new features are now included by default, and system administrators can have some granular controls for these new features.
New features in Microsoft Teams make it an even more powerful hub for teamwork by enabling you to use apps in new ways—including the ability to command apps and take quick actions from the command box, as well as include content from an app in a conversation. This marks the biggest single release of new functionality since Teams launched last March.
Microsoft has given Windows Insiders a look at the new Windows Diagnostic Data Viewer program that will be released with the next release of Windows 10. This allows greater transparency for Windows 10 users into the diagnostic data that is sent from your device as well as what data that is stored in relation to your device. Windows telemetry has been a big point for a lot of people hesitant to install the OS, and this is one more step in keeping things transparent for those users.
We’ve updated the Microsoft Privacy Dashboard with a new Activity History page which provides a clear and easy to navigate way to see the data that is saved with your Microsoft account. The Microsoft Privacy Dashboard allows you to manage your data and change what data is collected by adjusting the privacy settings on your device or browser at any time.