About This Site

I'm a Tech Guy for over 30 Years Knowledge of Computers, Networks, PC Gadgets. This site is to be used to share some of my knowledge and reviews
If you find info useful from this site then please consider to Donate

Spam

Spam. Everyone gets it. If you have an email address you have all gotten spam. Maybe you have some really obscure address or you started with a spam filter from the beginning of email but that would be the minimal. We all get it. I try to encourage all my business clients to go through some spam hardware device to eliminate most. (Barracuda is a great example that some of my clients go through that eliminate a good percentage) Myself for my business I go through my ISP’s spam filter that is pretty good. Most spam filters have some control to limit spam at different degrees. Not any spam filter can catch everything. As the filters improve the bad guys spammers also improve so its a cat/mouse scenario. So what can you do. First try and go through a hardware spam utility before you even get the emails. That will likely eliminate 80% of the crap. Next is have a decent virus program. Sure I am an IT guy and I know what normally is a spam/scam/virus email. This is for the general public. For the general public they still need a decent virus protection if they do a lot of email. The problem with relying on a good virus protection is again the bad guys know how to get around it so they are usually ahead of the virus protectors so again don’t rely 100% on them. What might be more important  than a good virus protection is knowing the difference between a legit email and a spam/scam/virus/ etc. People need to be educated on what could be real and what is fake. That is the best defense. I also have a Gmail account and they do a great job of filtering also but it does not catch everything. Education I believe is the best filter but not everyone can do it.

Print Friendly, PDF & Email

Microsoft DNS Server Security Issue

From Security Now Episode 776

A link to CheckPoint’s detailed write-up is in the show notes for anyone who’s interested. It’s very detailed and wonderful and takes us step-by-step through their process. But I’ll just hit the high points here: For every query type that a DNS server makes there’s a corresponding reply.What the CheckPoint guys found was a classic math result variable sizing mistake in the parsing logic for the reply to a “SIG” (as in signature) query which is part of DNSSEC.They discovered a mishandling of values between the 16-bit fields used by the DNS protocol and the 64-bit register math used by the code compiler. Coders know that if a 64-bit value is calculated to allocate memory, and if the result is larger than 65,535 (the maximum absolute quantity that can be represented by 16-bits), then the least 16-bits of that value will be a small integer — which is the amount of the overflow over 65,535. And if THAT smaller integer 16-bitvalue was then used to allocate memory for a buffer, the resulting buffer will be much too small to hold the larger calculated amount of data. And, of course, that’s exactly what happened.They discovered that by sending a DNS response containing a larger-than-64KB SIG record, they could cause a controlled heap-based buffer overflow of roughly 64KB more than a small allocated buffer. For hackers that’s the golden keys to the server kingdom.CheckPoint concluded their write by noting:This high-severity vulnerability was acknowledged by Microsoft and was assignedCVE-2020-1350.We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug. Due to time constraints, we did not continue to pursue the exploitation of the bug (which includes chaining together all of the exploitation primitives), but we do believe that a determined attacker will be able to exploit it.Successful exploitation of this vulnerability would have a severe impact, as you can often find unpatched Windows Domain environments, especially Domain Controllers. In addition, some Internet Service Providers (ISPs) may even have set up their public DNS servers as WinDNS.We strongly recommend users to patch their affected Windows DNS Servers in order top revent the exploitation of this vulnerability.As a temporary workaround, until the patch is applied, we suggest setting the maximum length of a DNS message (over TCP) to 0xFF00, which should eliminate the vulnerability. You can do so by executing the following commands:

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters” /v “TcpReceivePacketSize” /t REG_DWORD /d 0xFF00 /fnet stop DNS && net start DNS

Print Friendly, PDF & Email

Outlook Opens And Then Closes

Got a few calls and clients seem to be having this major issue. Searched and seems there was a MS update that has caused this. Found the following solution:

Run CMD as Administrator (Click start button and type cmd, right click on cmd.exe and run as administrator)

At the command prompt type the following command:

cd “\Program Files\Common Files\microsoft shared\ClickToRun”

then:

officec2rclient.exe /update user updatetoversion=16.0.6366.2062

For newer version type this one instead:

officec2rclient.exe /update user updatetoversion=16.0.12527.20880

It will then start download an update that should fix it.

Print Friendly, PDF & Email

Windows 10 2004 Update Is Odd

So the new upgrade to the latest Windows 10 is out. Almost. Its not like the last one which I believe was a 30 min normal upgrade of normal security etc stuff. OH NOOO!!!! I have witness upgrading I believe 3 PCs (not the fastest but average) take 2-4 hour upgrade!! Wow!!. Also for my own experience I try and manually install and no go. I try the Windows update and I even try the manual download all files, right click on setup and select run as administrator. Nope. Looking on line there seems to be a lot of print issues with this update and older 1909 updates. Other major issues also. MS own hardware are not getting any updates. Make you think of a company that focus on Software for all their life (50+) and can’t get their Software to work with their own HARDWARE!!. Gee wonder why Apple will kick them in the ass again!!

Print Friendly, PDF & Email

Latest Windows 10 updates Causes USB-PRINT-SSD issues

From Security Now Episode 771

Security NewsPatch TuesdayMicrosoft continues its record-break streak. Or as Sophos put it:“Whoosh. You hear that? It’s the sound of Microsoft’s security fire hose spraying out a river ofCVE fixes. That’s right – Patch Tuesday was last [this] week and the software giant releasedpatches to fix 129 CVEs.”In other words, it has once again broken its all-time record for the most patches released in onemonth.While most of those are regarded as and rated “important”, 11 of those 129 CVE are CRITICALremote code execution vulnerabilities which Windows 10, since last Tuesday, no longer has.There’s CVE-2020-1286, a Windows shell RCE triggered by improper file path validation.And 1299, an RCE bug that an attacker could exploit using a malicious .LNK file and associatedbinary. Note that either we still haven’t got .LNK link files working right, or we keep breakingthem, since Windows has been having security problems with link files from the start. In thiscase Microsoft warns us that if a malicious link file was placed onto a removable drive or networkshare, clicking on the .LNK file would run the attacker’s malicious code in the file.The there’s 1281, a vulnerability in the Windows Object Linking and Embedding (OLE) codestemming from poor input validation and it’s exploitable via a malicious website, file, or emailmessage.1248 is a memory object handling bug in GDI, Windows Graphics Device Interface, which isdeliverable by a website, instant message, or document file.Those all affected Win10, of course, since Windows 7 is no longer being maintained, and many ofthese also affected the latest 2004 build of Windows 10 since, of course, most of the code neverchanges.Not to be forgotten, IE had its own batch of critical vulnerability bungles. Both IE 9 and 11 weresusceptible to RCE via bug CVE-2020-1213, 1216 and 1260, all memory handling errorsaffecting VBScript.The original Edge browser (isn’t that history, yet?) had a critical vulnerability, 1073, a memoryhandling bug in its ChakraCore JavaScript engine. And CVE-2020-1219 affects both IE andEdgeHTML with more memory-handling issues.1181 is a bug in the SharePoint Server. It can be exploited by unsafe ASP.Net controls that don’tfilter properly. Attackers able to upload a malicious page to the server (not clear how they woulddo that, but perhaps through remote website authoring) could achieve pwnage. As aconsequence, admins of SharePoint Enterprise Server 2016, Foundation 2010 SP2 and 2013SP1, or SharePoint Server 2019 should all patch now.Security Now! #7712
There’s also 1300, a long standing bug in Windows’ handling of cabinet files. It affects mostversions of Windows, Win7 through Win10 2004, and also Windows Server.And, believe it or not, those were just the 11 ?critical? bugs. If I were to attempt to detail theother one hundred and eighteen “important” flaws, this entire podcast would have to be retitled:“Patch Tuesday.” I’ll spare us that, since we have plenty more to talk about. In the meantime,Microsoft, ?BIG? congrats on achieving another lifetime milestone.And speaking of milestones, we also have…The case of the disappearing printer portMicrosoft’s disclosure of this oddball Win10 delight is titled: “USB printer port missing afterdisconnecting printer while Windows 10 (version 1903 or later) is shut down” and it is stated asapplying to: Windows 10, version 1903, all editions. Windows 10, version 1909, all editions. AndWindows 10, version 2004, all editions.https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10What happens? Microsoft explains:“If you connect a USB printer to Windows 10 version 1903 or later, then shut down Windows anddisconnect or shut off the printer, when you start Windows again the USB printer port will not beavailable in the list of printer ports. Windows will not be able to complete any task that requiresthat port.”Resolution:You can avoid the issue by connecting a powered-on USB printer before starting Windows.“Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the”Applies to” section. We are working to fix the issue in a future version of the operating system.”According to reporting of this in the tech press, if you need to print something to yourUSB-connected printer and you didn’t have it on ?before? you started Windows, no problem. Justshut down your computer, turn the printer on and wait for it to finish initializing and settle down,then you can fire up Windows and the printer port should reappear and you’ll be able to print.Because this is a state-of-the art modern operating system.And, believe it or not, in a related but separate matter…Last week;s Patch Tuesday broke ALL PRINTING (even to PDFs) for many users:Windows 10 users are reporting that they are unable to print to printers from several vendorsafter installing last week’s updates for Windows 10 versions 1903, 1909, and 2004 OS’s.The two specific patches causing the trouble have been determined to be cumulative updatesKB4560960 and KB4557957. Although Microsoft hasn’t yet gone official, a Microsoft AnswersIndependent Community Advisor has stated that Microsoft engineers are “already aware of thisSecurity Now! #7713

issue and working a patch to be deployed in the next update.” Oh, joy. No printing for a month.So after updating their machines last Tuesday, users started flooding both Microsoft Answersforums and Reddit with reports of printing issues affecting various models of HP, Canon,Panasonic, Brother, and Ricoh devices. Typical posted included:?“Unable to print after installing update KB4560960 and/or KB4561608. Uninstalling updatesfixes problem. This is happening to every Windows 10 computer in our organization asupdates install.”?Another says that right after installing the KB4560960 on multiple systems, users startedreporting “Windows cannot print due to a problem with the current printer setup” errors thatwent away after uninstalling the update.?Someone wrote: “Found this problem today where all clients at a customer site had the sameproblem,” others complained. “They have Ricoh, but a few other brands too. Even the virtualPDF printers do not work anymore. Explorer.exe crashes completely when doing atest-print…”?A network technician posted: “HPs seem to be hit or miss with this issue. Ricoh / Canon /Brother / KM / Kyocera all seem to be experiencing problems. As everyone else is saying,backing out update KB4560960 and postponing updates seems to be our only salvation atthis point.”?“Hopefully Microsoft will produce a patch for this quickly, call volume is picking up witheverybody returning to work, this is going to make things awfully hectic!”Affected users have found that the printer’s native driver ?can? be replaced with PCL6 driverswhich reportedly work, or by uninstalling last week’s cumulative updates to restore printing, andalso to restore those 11 critical remote code execution bugs. You’ll be fine. It’s been determinedthat attempting to uninstall and reinstall the printer, or updating its drivers, does not help. PCL6printer drivers do work… either vendor-specific PCL6 drivers or the universal Windows 10 PCL6drivers for Canon, HP, Ricoh, Kyocera, and Brother.Windows 10 2004 is messing up SSDs and non-SSDs.Just a quick note for those running Windows 10 who have moved to 2004 with SSDs: The 2004feature update has broken Windows awareness that it has ever previously defragmented thesystem’s drive. As a result, rather than only defragging occasionally, like once a month bydesign to improve the performance of Windows “volume shadow copy on write” performance,Win10 is defragging every time the system is started.This isn’t a huge problem since SSDs should have strong write endurance, but it’s still not whatwe want. Microsoft has acknowledged the problem but hasn’t indicated when it will be resolved.The release notes for the Insider Preview build 19551 states: “Thank you for reporting that theOptimize Drives Control Panel was incorrectly showing that optimization hadn’t run on somedevices. We’ve fixed it in this build.”Security Now! #7714
And in another oddity,? Win10 2004 is also attempting to use the TRIM command on non SSDdrives. That fails and logs an error into the Windows error log. But it should not be trying.Our longtime listeners will recall that SSDs have a TRIM command to allow the operating systemto inform the drive of the drive regions that are not in use by the OS. Normally, drives treat allsectors alike and only the OS has any awareness of which regions are in use by its file system,and which are free. Hard drives write data by simply overwriting what was there before. ButSSDs are only able to set bits that have been previously reset by an erase cycle. And erasecycles erase large blocks of the SSD all at once. This means that to write a small region of alarger block, the previous contents of the larger block must first be read and held in RAM whilethe underlying block is all reset. Then the cached data must be rewritten into the block. But IFthe SSD has an awareness of which sectors are not in use, it can leave them reset rather thanneeding to rewrite them with unneeded data. AND those reset and unwritten blocks can later bewritten to directly without needing any pre-erase since they were left erased.But although doing this clearly makes no sense for hard drives, some new bug introduced into2004 is causing Windows to issue these superfluous TRIM commands to spinning hard drivesnonetheless.There were also reports that many programs would no longer run at all after last Tuesday’supdates, but it turned out that the problem was caused by an interaction with a recent updatefor Avast and AVG anti-malware software. They hook into a feature that allows them to interceptthe running of other programs and that didn’t go as expected.Overall, much as Win10 2004 is promising some new features, it does feel as though perhapsholding back a bit and waiting for things to settle down might be prudent.

Print Friendly, PDF & Email

Outlook 2016 opens with “Something is wrong with one of your data files and outlook needs to close.”

Had this exact error for a client. Found here for solution.

The solution was as follows:

In regedit, go to: Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\PST
Delete the following two keys: LastCorruptStore and PromptRepair
Start Outlook
That’s it.

Print Friendly, PDF & Email

Why Microsoft Office 365 Is Better Than Gmail

I deal with many clients with many email options. A lot of my clients (like myself) use on-site Exchange. The advantages of on-site Exchange are plenty. There are some disadvantages but if you are a one site company that need privacy and easily flexibility then there is nothing like Exchange!! What are the advantages? First one time payment. You have to purchase a server ( now separate from DC is VERY recommended). You have to purchase Exchange and CALs for every person who will connect. This can be expensive upfront BUT you purchase once and thats it. (Much like MS Office license where you can purchase either Office 365 annually pay every year or purchase one time  Office Home and Student or Home and Business.

So the question is MS Office 365 vs Gmail. Mostly in the Email version. A lot of my clients are on a corporate Gmail account. They have their own domain name in their email (ex John@Domain.com). They can access through browser at Gmail.com anywhere BUT most business people use Outlook so they use it to connect using likely IMAP. IMAP is great when you need to access the same email from multiple devices (PC/PHONE/ETC) BUT to control contacts and appointments it SUCKS!! Any person I have dealt with using a Gmail IMAP account has usually fallen into the trap of when I move to a new PC or new profile I lose my contacts or calendar. They only keep a copy in local .OST file that is hard (unless you have the tools) extract content.Other issues I deal on a daily bases is its syncing all the time especially with large mailboxes.

Then there is a different world. Its call Microsoft. I know there are a lot of MS haters but I have to say MS Exchange and MS Outlook is a perfect match. I have used MS Mail before Outlook. When Exchange and Outlook started it was great. Not perfect at first but grew better. So now in the cloud email time it is Outlook connecting to Office 365 in the cloud. Again both MS both connect as normal. Oh look if I open Outlook on another computer to my 365 account I get all my email, contacts, calendar, AND cache contacts. Let see Google do that!!!! AND the greatest thing is there is rarely a sync issue. Gmail wants to sync all the time unless you change a few settings in Outlook and it usually slows it down but still. Office 365 and Exchange issues. Close Outlook. Rename .OST file. Open Outlook let it rebuild new .OST file. Everything is great. You would NEVER do this with a Gmail account that have local contacts and calendar.

One other thing that really bugs me is notification of mailbox getting full. MS have had this built in Exchange on premise and now 365 as a default. You have a warning that the mailbox is getting close to full and then after full you can’t send or receive any mail. Google does not have this as an option if you are using Outlook. You can login to Gmail through a browser and it can show up if you look in the right location. Client of mine contacted Google to see if this could be an option in the future and they said nothing is planned. Again. By Google. Oh and the last straw that might make you want to switch or move to. MS Office 365 is cheaper than Google Gmail account.

Oh and one last comment. I have had over the 20+ years with over 20+ clients I have never had a major issue with their MS on-premise Exchange. Exchange is VERY ROBUST!!!

Print Friendly, PDF & Email

TWIT.TV

I have been a fan of The Screen Savers on Tech TV and before on other tech channels. Really liked Leo and Patrick banter and their tech (at the day a 486 to Pentium was a big deal). I got my Gmail account because of Kevin Rose’s second giveaway when Gmail accounts were invite. So now its 2020. Leo is a millionaire running a million dollar tech Internet channel tv on TWIT.TV. The last that I saw of Patrick Norton he and his family are traveling out of California in a RV looking for a place to call home. He had been still doing TWITCH on Twit.tv. March 19 was the last that it was on. Twit now classified it as archived. There is a brief explanation that it is retired. No explanations on why. It has been on for 10 years!! Then gone!! WTF!!! The shows I like on TWIT.TV are dwindling rapidly!! Know How!! is my favorite. The Arduino, Raspberry Pie and Quadcopters are my favorite. I understand that Padre could not be there that it would go. NOW TWITCH!!! I like to keep up with the latest GPU and SSD info! Now that everybody is at home you would think it would be more popular!! Now its gone!!. Twit and Security Now and Windows Weekly are the only ones left for me. When one of those goes its over for Leo.

Print Friendly, PDF & Email

Windows Server 2008R2 Won’t Boot After Installing KB4539602 Update

Got this from Security Now #753.

“Can’t Boot This!”
Windows Server 2008 R2 won’t boot after installing the KB4539602 update!

Believe it or not, on any instance of Windows server 2008 R2 which is lacking those prerequisite
updates I noted above, the consequence of attempting to install KB4539602 isn’t a notice of an
update failure, or a nice mention that some prerequisite updates are missing. No… the result is a
fully BRICKED server!

For reasons only Microsoft knows, attempting to fix the desktop wallpaper stretching issue
introduced the previous month on Windows Server 2008 R2 results in the deletion of two critical
boot files “winload.efi” and “winload.exe” from the server’s C:\windows\system32\ directory.

Security Now! #753 2

Windows 2008 R2 servers have been getting bricked left and right since Friday and the community
finally figured out what was going on. Those two files need to be copied back into the
C:\Windows\System32\ directory from another installation, or the system must be rolled back using
the system imaging command. You can boot into “System Recovery” then issue the following command
against the proper system drive letter:

dism.exe /image:C:\ /cleanup-image / revertpendingactions

Or, boot into System Recovery and, as I mentioned, copy those two files from another instance. But
these are not the only consequences of January’s troubled final update.

Print Friendly, PDF & Email

Can’t Create Mailbox Database In Exchange 2016

When I attempt to create a new Mailbox Database using a PS command similar to the following:

New-MailboxDatabase -Name “DB1” -Server ThatLazyEX-02 -EdbFilePath D:\DB\DB1.edb -LogFolderPath D:\Logs\

I would get an error regarding Active Directory operation failed

Found solution here.

Basically I have to specify the preferred server with the command:

Set-ADServerSettings –PreferredServer DC1

If you run Get-ADServerSettings it will display what it is. Before running the set command the server was {}.

After running the set command the New-MailboxDatabase command worked.

 

 

Print Friendly, PDF & Email