Tag: Microsoft

Epson Printer Having Issues? It Could Be A Microsoft Update

Do you have an older Epson printer that suddenly stopped working? If so, it may not be the printer at all, but a recent Windows update that lies at the heart of the issue.

German engineer Gunter Born tracked the problem to the following Microsoft Patches:

  • KB4048953 for Windows 10, Ver. 1607
  • KB4048954 for Windows 10, Ver. 1703
  • KB4048955 for Windows 10, Ver. 1709
  • KB4048957 for Windows Server 2012, R2
  • KB4048958 for Windows 8.1
  • KB4048959 for Windows Server 2012
  • And KB4048960 for Windows 7, Service Pack 1

These recent updates caused a malfunction where Epson dot matrix printers are not recognized if they are connected via USB cables.

Epson users noticed the problem immediately, of course, and the issue was reported on a wide range of support forums across the internet as users cast about desperately for a solution. Microsoft ended speculation into the matter fairly quickly, confirming the recent patches as the root cause of the issue, and promised that a patch to the patches was coming. As of now, though, we don’t have an ETA on when the fix can be expected.

In the interim, users can still make use of their printers by uninstalling the faulty updates. Gunter Born recommends running the following command in a cmd.exe window:

Wusa /uninstall /kb: xxxxx /quiet /warnrestart

If this command is run as Administrator, and “xxxxx” is swapped out for the faulty KB update you installed, printer functionality will be restored.

It’s far less than optimal, though, because those updates contained a variety of patches for security issues. However, if you need immediate access to that printer, until Microsoft issues a revised patch, it’s about the only option you’ve got. Just make sure your IT staff is aware so that they can be on the lookout for the update.

Many Businesses Found To Be Running Old Microsoft Office Versions

When an operating system reaches the end of its supported life, such as Windows XP, NT and Vista have, it’s big news. It makes headlines. When other forms of software reach the end of the line, there’s just not as much fanfare. It’s not that it’s not important; it’s just not something people think or care very much about.

They probably should, at least according to a recently released survey by Spiceworks, which revealed statistics that were both shocking and dismaying. Here are a few of the highlights:

• Fully 68 percent of businesses surveyed are still running instances of Office 2007, in spite of the fact that the software stopped receiving security updates in October
• Nearly 50 percent (46 percent to be exact) are still running Office 2003
• 21 percent are still running Office 2000
• 15 percent are running Office XP
• And three percent are amazingly still running some instances of Office 97

Of particular interest was the fact that most of the firms running outdated software are mid-sized companies employing between 100 and 1000 people. Large companies have the resources to keep their software up to date and smaller firms, recognizing their lack of resources, have readily moved to embrace Office 365, which is always up to date, and thus, saves them money and headaches.

Those firms stuck in the middle, though, and possibly your own company, find themselves in a tricky position. They’ve invested heavily in productivity tools, then found themselves in the unenviable position of not having the resources to keep them fully updated, and of course, are reluctant to lose their investment by switching to Office 365.

It’s undeniably a balancing act, but the reality is that if your company is using outdated productivity tools, your risks of a breach are higher than they should be. It’s something that’s too important to gloss over or delay. If you’re using an outdated version of Office or other productivity tools, find a way out of that box as soon as is feasible. Your data security staff will thank you for it, and it’ll give you peace of mind.

Ransomware Is Spreading Through Macros In Word

Security researcher Jaromir Jorejsi of Trend Micro has discovered a disturbing new strain of ransomware named qkG that spreads by way of macros inside MS Word.

The ransomware strain targets only Office documents, encrypting them and infecting the Word default document in order to propagate to newly created documents opened via the Office suite on the infected computer.

This new threat is unusual in the world of ransomware because it abides by a completely different and much more tightly targeted set of operating principles than any other form of ransomware found in the wild today. It’s also a bit of a throwback. The use of macros to spread worms is still fairly commonplace on older machines running out-of-date or pirated copies of Office, but it hasn’t really been in fashion in the mainstream hacking community for quite some time.

An analysis of the code reveals it to be a work in progress. The researchers were quick to point out the ransomware has not found any actual victims to date, and that several different variants and strains of the code were found in different documents, each with a different and slightly more robust feature set.

Based on evidence Horejsi found in the qkG samples he had the opportunity to analyze, the author of this new strain is apparently based somewhere in Vietnam, and goes by the alias “TNA-MHT-TT2.”

The malware is notable for its rather innovative use of malicious macros. Horejsi warns that these techniques will undoubtedly be picked up by other hackers, refined and used more broadly in the months ahead.

That’s likely to pose a special challenge for your IT security team, who have probably fallen out of the habit of watching for such threats, given that they declined in popularity some time ago. It seems, however, that what’s old has been made new again, so alert the troops to be ready.

Microsoft Word Gets Update To Disable DDE After Malware Concerns

In recent months, Microsoft Word has been getting a fair amount of bad press, thanks to an old-but-still-supported feature called DDE (Dynamic Data Exchange). This is the feature that allows Word to pull data from other MS Office applications. For instance, if you embed a chart into your Word document, each time you open the doc, it will automatically poll the spreadsheet the chart was created from and update it dynamically.

It’s a good feature, but unfortunately, it’s subject to abuse by hackers, who can use it to insert malicious code.

For a long time, Microsoft held the opinion that DDE wasn’t flawed per se, and as such, refused to take any action to try and limit its abuse. The thinking was that the company had already done enough since MS Office is designed to display a warning message before actually opening a file, which gives the user a choice.

Unfortunately, hackers have found ways to game that system as well and get around the warning box, and ultimately, that’s what changed the company’s mind.

Back in October, Microsoft published Security Advisory 4053440, which warned of the potential dangers of DDE and advised users on how to disable the feature in Word, Outlook and Excel. The company has now taken things a step further, disabling the feature inside MS Word in the Office Defense in Depth Update, ADV170021.

In fact, the company now sees the problem as being so severe and pervasive that they took the unusual step of issuing an emergency, out-of-band patch to update Word 2003 and 2007, two versions that Microsoft has officially stopped supporting.

If your employees use MS Office, this most recent patch is of critical importance, so if you’re not getting updates automatically, make sure your team knows to grab and apply this one.

Windows 10 Third Party Password Manager Could Have Security Issue

Do you use “Keeper?” If you’re not sure what it is, then you probably don’t. It’s a password manager that Microsoft has been bundling with some of its Windows 10 releases. Either way, there’s a serious flaw in its design that you should be aware of.

Earlier in the year, Tavis Ormandy, a researcher on Google’s Project Zero team, discovered a bug that saw Keeper injecting privileged user information into web pages, exposing all manner of private data unnecessarily to website owners.

The potential damage comes from a user being lured onto a hacker-controlled website, whose owner could siphon up the information (including literally every password stored by Keeper) and resell it, or use it to launch a highly targeted attack against a specific user or device.

The bug was reported, and a patch was issued. Then, in a later version, Ormandy found the same bug cropping up again. He had this to say about the matter:

“I’ve heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages. I checked and, they’re doing the same thing again with this version.

I think I’m being generous considering this a new issue that qualifies for a ninety-day disclosure, as I literally just changed the selectors and the same attack works. Nevertheless, this is a complete compromise of Keeper security, allowing any website to steal any password.”

Craig Lurey, the CTO of Keeper Security, had this to say when informed of the bug:

“This potential vulnerability requires a Keeper user to be lured to a malicious website while logged into the browser extension, and then fakes user input by using a ‘clickjacking’ technique to execute privileged code within the browser extension.”

The two important takeaways here are as follows:

  • The company reports that so far as anyone can tell, this flaw has not actually been exploited in the wild.
  • Keeper Security has issued an emergency patch that has disabled the “Add to Existing” feature, which is where the problem code actually resides.

This temporary measure was implemented as a stop-gap until the bug can be properly patched.

Microsoft May Remove Windows Paint From Operating System

“Paint” is one step closer to being a thing of the past.

In May of this year, Microsoft caught a surprising amount of flak when they announced that the venerable app, which had been included with the OS in every release since 1985, would be going away and replaced by a newer, sleeker version called Paint 3D.

The company had not expected any backlash on the matter and was sent scrambling when tens of thousands of people complained loudly in forums all over the internet.

The company quickly revised its position, explaining that while Paint would no longer come pre-installed on future releases of Windows, it would still be available on Microsoft’s app store. This move seemed to mollify Paint’s surprising number of fans and followers, but now, Microsoft is in the news again over the surprisingly cherished app.

In a recently released Windows 10 Insider Preview, the following message was discovered when accessing Paint: “This version of Paint will soon be replaced with Paint 3D. Classic Paint will then become available in the store.”

Note that this message was not displayed upon opening Paint itself, but rather upon clicking the “Product Alert” button at the top right corner of the app screen.

While the news is certainly no surprise, given the above, the sparse wording of the message does raise the question of whether the transition will be occurring during the next Windows 10 release. So far, the company has not offered any sort of clarification or confirmation.

In any case, we’re now one step closer to saying goodbye to Paint. While it was never a very good image editing program, it has proven to have a surprisingly deep base of support. Support or no, however, the day is soon coming when it will be a thing of the past, unless users go to the store and manually download and install it.

Windows 10 Privacy Becoming More Transparent In Next Version

All companies collect data on their customers, but some are better than others when it comes to being upfront about what kinds of data are collected.  Over the past year, Microsoft has made many moves that have been well-received by their enormous user base.  They’ve become increasingly transparent and offer an unprecedented level of control to the users themselves.

Last year, the company took its first major step, adding a pre-installation/pre-update Privacy Setting screen that allowed users to choose between two settings, Basic or Full, where global data collection was concerned.

Not long after, the company also added a Privacy section to the web dashboard of every Microsoft account, which allowed users to do things like:

  • Exporting any of the data found on the dashboard
  • Deleting specific items to allow for more individualized control
  • Viewing and managing media consumption data, along with product and service activity

The most recent addition is the release of an app called “Windows Diagnostic Data Viewer,” currently available on the Windows Store.  Right now, the app is available only to Windows Insiders, but is slated for release to the general public in April or May of this year.

As the name of the app suggests, it will not allow users to delete or manipulate any of the data collected, but it will provide an in-depth view of what data is collected. This would, at the very least, give system administrators the option to explore methods of disabling selected features in a bid to mitigate data collection.

Although the company is providing more options and becoming increasingly transparent, it has no plans to stop collecting telemetry data, insisting that it is essential in terms of making incremental product improvements and rapidly solving bug reports.  Like it or not, data collection is here to stay.

Microsoft is Adding Much Needed Feature To Windows Defender

Microsoft is getting tough on so-called “registry cleaners”, and it’s about time.  The company recently announced a planned change to Windows Defender (the anti-malware program that comes standard with every Windows installation).  The change will see to the deletion of an increasing number of these registry cleaners.  It’s a great move, and the company deserves credit for it, but there’s a catch.  This type of software has been around for decades. So the move, as welcome as it is, comes very late in the game.

It’s overwhelmingly likely that you’ve seen these programs in action.  They’re usually free downloads (though there are a few web based services too) that scan your system to find problems with your registry that the software claims are causing performance issues and slowing your machine down.

There are two major problems with this:  First, the software tends to be light on details, refusing to provide much information about exactly why the “problems” that have been identified are impacting system performance.  Worse, the software often incorrectly identifies critical system files and registry entries as being problematic. So of course, when they are deleted, they actually create many more problems than they solve.

Second, in order to actually fix the problems that have been identified, you’ve got to buy the premium version of the package.  The result is that you’re losing money, and the software often breaks your system.  Not a pretty picture.

This latest move by Microsoft builds on action they took back in 2016, when the company started penalizing the makers of such registry cleaners if their software didn’t provide adequate information. This missing information included why the problems they found needed to be fixed in the first place, and if they utilized a high pressure up-sell technique.

Ultimately, those moves proved to be insufficient, so Microsoft decided to take things to the next level.  Now, they’re simply going to start deleting these no- or low-value programs.  Late or not, that’s one less headache for you, and a very good thing.

Vulnerability Found In Popular Grammar Checker

On February 2, Tavis Ormandy, a researcher on Google’s Project Zero team discovered a critical flaw in the popular online grammar checking app, “Grammarly.”  Tens of millions of users make regular use of the app to improve the quality of their writing.  The bug allowed a hacker to steal a Grammarly user’s authentication token and use that token to log on and access every document they’ve run through the Grammarly system. This along with that user’s history, logs and other data. They were able to do it all using just four lines of JavaScript code.

The bug was found in both the Firefox and Chrome Grammarly extensions and was reported immediately.

While response time to such a report varies greatly, Grammarly set a new record for speed and efficiency.  The bug was reported on a Friday, and by Monday, it was patched.  If you use either the Chrome or the Firefox Grammarly extension, there’s nothing for you to do, as these should update automatically.

A spokesman for Grammarly had this to say about the matter:

“Grammarly resolved a security bug reported by Google’s Project Zero security researcher, Tavis Ormandy, within hours of its discovery.  At this time, Grammarly has no evidence that any user information was compromised by this issue.

We’re continuing to monitor actively for any unusual activity.  The security issue potentially affected text saved in the Grammarly Editor.  This bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any text typed on websites while using the Grammarly browser extension.  The bug is fixed, and there is no action required by Grammarly users.”

Kudos to Tavis Ormandy for finding the bug, and a hearty round of applause to Grammarly for their speedy and deft handling of the issue.  Given the severity of the bug, it’s easy to see how such a discovery could have gone an entirely different direction. As it turns out, Grammarly set a new bar for excellence with their handling of the issue.

Microsoft Office Update Available To Only Windows 10 Users

There are big changes coming to MS Office which you need to be aware of, given how widely used “Office” is in most companies.

First, the headline change:  When MS Office 2019 is released, it will only run on Windows 10.  If you’ve still got machines on older operating systems, and you want to keep your productivity suite up to date, then you’ll need to upgrade those older systems.

Also, be aware that when Office 2019 ships, it will only have “Click-to-Run” technology.  No MSI, although Office Server will have an MSI deployment option.

In terms of software support, the company had this to say:

“Office 2019 will provide five years of mainstream support and approximately two years of extended support.  This is an exception to our ‘Fixed Lifecycle Policy’ to align with the support period for Office 2016.  Extended support will end 10/14/2025.”

The Office 2019 bundle will include the following apps:

  • Word
  • Excel
  • PowerPoint
  • Outlook
  • Skype for Business

Additionally, server versions of SharePoint and Exchange will be available.

In conjunction with the announcement above, the company also announced service extensions for Windows 10, and changes to the system requirements for people who use Office 365 ProPlus, the company’s online office suite.

Beginning on January 14, 2020, Office 365 ProPlus will no longer be supported on Windows 7, Windows 8.1, Windows Server 2016, or any Windows 10 LTSC (Long Term Servicing Channel) release.  Windows 10 support (versions 1511, 1607, 1703, and 1709) will get an additional six months of support for both enterprise and education customers.

Although these changes will no doubt inconvenience some users, overall, they have to be judged as a positive.  Microsoft has been taking a number of meaningful steps in recent years to streamline and simplify their product support, and these latest changes are very much in keeping with that.