Category Archives: Windows 10

Microsoft Windows 10 security updates KB4532695 and KB4528760 causes TPM driver to fail and results in windows 10 BSOD

Windows 10 Update :

Yesterday and today Microsoft released KB4532695 and KB4528760 causes TPM 2.0 driver to stop functioning and causes BSOD with error “Memory Management” Issue.

clip_image001

image

Windows Hello Face Authentication

In the first KB Microsoft says they have improved the accuracy of Windows Hello Face authentication however this would cause your PIN to be reset, TPM driver stop functioning and BitLocker to change in Pause state.

Check KB Article here

clip_image001[4]

image

The BSOD will generate an event ID 1001 stating the bugcheck code and saves a dump. ( I haven’t analyzed that yet).

clip_image001[6]

I suggest not to run it till Microsoft releases a bug fix

Warning for millions of Windows 10 users

The “Windows List” website, which follows the news of the famous operating system “Windows 10“, issued a warning to the users of the Operating system after it monitored a new security update for the operating system, which is “KB4528760” causing serious problems, noting that the problem “appears to be widespread now.”

Related image

In its interpretation of the sequence of events, the site says that this update initially fails to install on the device, issuing “a number of general error messages” that do not provide any indication of the cause of the problem, then the problem escalates as the next time you restart the computer it fails to boot .

“The recent update KB4528760 for Windows 1909 (the Windows build version number) appears to cause problems with some computers and prevents them from Starting up, causing the oxcooooooe error code. The number of devices affected by this problem has increased after installing this update,” says a user on the official Microsoft Community Forum. .

Image result for windows 10 error code oxcooooooe

Some users attribute the problem to Microsoft’s Connect app, which the company has terminated. Although it is not the only scenario of the cause of the problem, the users who installed the app or had it installed and then uninstalled it, have been particularly severely affected. It is only Windows Vista that completely re-installs the Windows 10 operating system.

What increases the importance of the warning issued by “Windows Light” is precisely that Microsoft is not yet aware of this problem. Indeed, until the moment the company states on the support page of the latest update that it is “currently not aware of any problems with this update.”

This is a recurring series of slow responses in recent years, as Windows 10 users have experienced problems caused by system updates, and this is disappointing because it encourages users to continue to download the update that might harm their computers

The good thing here is that Microsoft is working on substantive modifications to improve the updates of “Windows 10”, but the bad thing is that the process of testing the modifications in its entirety is fundamentally flawed, according to the site mentioned

MICROSOFT EXPOSES A SECURITY ISSUE THAT AFFECTS MILLIONS OF WINDOWS 10 COMPUTERS, RDP AND DHCP ON WIN2008R2

Windows 10 Crypto API Spoofing

Microsoft has released a new security patch for a vulnerability that could affect millions of Windows 10 Users world wide. The decades old CryptoAPI tool validates and signs packages/software which could be utilized by hackers/developers to sign and execute illegitimate software thus would allow users to run anything without user’s nor Antivirus/Internet Security software’s notice.

Microsoft mentioned that the vulnerability could also allow hackers to change or modify encrypted communications.

It’s important to notice that CryptoAPI is a legacy API that’s being replace by a new CNG (Cryptography Next Generation API) which also supports CryptoAPI.

CryptoAPI Key Storage Architecture

cryptoapi architecture

Download Patch

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

Windows 2008 R2, Windows 7 RDP

A day ago Microsoft released two very important security patches on May 14, 2019. One of these patches has been detected in the RDP service (CVE-2019-0708) which affects Windows 7 and Windows 2008 R2. According to MS’s Article a remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Download Patch

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Windows 2008R2, 2012R2, 2016 and 2019 DHCP

The other one is in the DHCP service (CVE-2019-0725), and both exploitations are very critical. When we look at CVE-2019-0708, which is related to the RDP service, we see that attackers are able to run code on systems by sending specially produced packages without any user interaction and authentication and manage to install malware like Ransomware or other execution files.

Download Patch

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0725

Sources:

Microsoft, NSA, Other Security Researchers

Enable PowerShell remotely on all PCs in a domain

Enable PowerShell remotely on all PCs in a domain

First from the DC I’ll get all the PCs list in the forest/domain and add them to a text file called “Servers.txt” in C root drive.

Add-Content -path C:\Servers.txt -Value Dummy ; Get-ADComputer -LDAPFilter “(name=*)” -SearchBase “DC=moh10ly,DC=com” | Select -expand Name | Out-File -Encoding utf8 “C:\Servers.txt” -append

Next I will add those servers list to the syntax $PC

$PC = Get-content “c:\servers.txt”

Then I will get the list of the PCs in the $PC (server.txt file) to get ready for processing commands with a domain admin credentials.

Invoke-Command -ComputerName $PC -ScriptBlock { hostname } -Credential moh10ly\administrator

Enable powershell access remotely on all clients in the text file.

Get-Content C:\Servers.txt | ForEach-Object {Enable-PSRemoting -Force} –Verbose

This should do the job and now you ‘ll be able to access powershell remotely on all your domain clients.

https://technet.microsoft.com/en-us/library/hh847893.aspx

https://technet.microsoft.com/en-us/magazine/ff700227.aspx

Windows 10 powershell’s Linux sudo apt-get install like CMDlet with Chocolately app

Windows 10 has arrived finally and with it came lot of new features, and one of my favorite new features is that you can finally install applications through powershell just like Linux OS’s terminal window command (apt-get install).

Although the command is still pretty new and lack many repositories where you can find and install applications from…. there’s already some people who are working on adding sources of applications which you can test initially before Microsoft asks product companies to start making their own repositories so Powershell can trust these sites and applications.

One of the sites that are working on providing Windows 10 with repositories is https://chocolatey.org/ which provides hundreds of softwares that can be installed through PS.

To install Chocolately repository simply do the following

Open powershell as an administrator and paste the following cmdlet

@powershell -NoProfile -ExecutionPolicy Bypass -Command “iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))” && SET PATH={308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}PATH{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f};{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}ALLUSERSPROFILE{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}chocolateybin

clip_image001

Then this
iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))

clip_image002

From
https://chocolatey.org/

As soon as you have installed chocolately, you will get a new huge list of applications that can be installed with a very simple and short cmdlet as in the below screenshots.

The good things about these cmdlets is it can be used to deploy an app for a huge number of clients by simply running the script through GPO or batch file.

I am going to install VLC and Google drive on my computer using these cmdlet …

Find-Package

clip_image003
clip_image004

Install-package

clip_image005
clip_image006
clip_image007

Checking if the app is really installed or not?

clip_image008

——————————————

Find and install google drive package

Downloading

clip_image009

Installing

clip_image010

clip_image011

If an application doesn’t install, how to troubleshoot it?

If for instance you were trying to install a package or app and that doesn’t work or get stuck then you can navigate to the Chocolately directory and delete any package that you tried to install but were suspended for any reason.

c:Chocolatelylib

clip_image012

You can simply delete the whole directory or the file that ends with extension .nupkg and try again to install…

clip_image013

Hope you find this useful