Microsoft wraps up 2021 with 64 patched vulnerabilities-
including Windows 7 fixes

https://news.sophos.com/en-us/2021/12/14/microsoft-wraps-up- 2021-with-64-patched-vulnerabilities-including-windows-7-fixes/

I found this comment somewhat amusing yet disconcerting:

"fixes apply to versions of Windows stretching the way back to
the end-of-life'd Windows 7. In fact, there are 17 bugs being
patched in Windows 7 this month"

WRT Win7, "vulnerability in Windows' Encrypted File System
(EFS) that also extends back to Windows 7 (CVE-2021-43217)-one
that can be triggered regardless of whether or not EFS is in
use on the targeted system. A specially-crafted attack could
result in a buffer overflow write to memory that could result
in unauthenticated code being executed by triggering EFS. This
bug has been publicly disclosed, making it an urgent fix."

The EFS exploit sounds a bit worrisome since "the problem" can
be triggered even when EFS is not even in use. I *was*
thinking of trying it a while back though.

--
../|ug

--- OpenXP 5.0.51
* Origin: (1:396/45.29)

August Abolins wrote to All <=-

The EFS exploit sounds a bit worrisome since "the problem" can
be triggered even when EFS is not even in use. I *was*
thinking of trying it a while back though.

Remember that Windows includes a way to delibrately crash it[1]. That makes
me a little concerned. <G>

-- Sean

1 = https://tinyurl.com/ya4cgqld (docs.microsoft.com)

... WinErr 010: Reserved for future mistakes by our developers.
--- MultiMail/Linux
* Origin: Outpost BBS * Johnson City, TN (1:18/200)

The EFS exploit sounds a bit worrisome since "the problem" can
be triggered even when EFS is not even in use. I *was*
thinking of trying it a while back though.

Remember that Windows includes a way to delibrately crash it[1]. That makes me a little concerned. <G>

1 = https://tinyurl.com/ya4cgqld (docs.microsoft.com)

WHY would anyone need to implement a way to force a crash like
that?

"After this is completed, the keyboard crash can be initiated
by using the following hotkey sequence: Hold down the rightmost
CTRL key, and press the SCROLL LOCK key twice."

OMG.

I have to wonder what other keys (hold down key x and tap key y
n times) ..they might have wasted time implementing.

EFS intriqued me. I always thought it would be handy to have at
least one live-encryted folder or something. But it doesn't
sound prudent to play with it now.

--
../|ug

--- OpenXP 5.0.51
* Origin: (2:221/1.58)

Hello August,

07 Mar 22 21:39, you wrote to me:

I have to wonder what other keys (hold down key x and tap key y
n times) ..they might have wasted time implementing.

You know that Control-Alt-Delete was never meant to be part of the original IBM PC? It "escaped" the lab.

I read an article interviewing the engineer that developed that at IBM. He said that it was deliberately awkward so it couldn't be performed accidentally.

EFS intriqued me. I always thought it would be handy to have at
least one live-encryted folder or something. But it doesn't
sound prudent to play with it now.

I'd use VeraCrypt and do the whole hard drive if you go encryption. My opinion, of course, but in my IT career, I found that to be a good solution (there's a Linux filesystem that can do that also).

-- Sean

... You know you're getting old when the candles cost more than the cake.
--- GoldED+/LNX 1.1.5-b20180707
* Origin: Outpost BBS * Johnson City, TN (1:18/200)

Hello Sean!

** On Tuesday 08.03.22 - 21:07, you wrote to me:

You know that Control-Alt-Delete was never meant to be part of the original IBM PC? It "escaped" the lab.

I don't recall the "escape" story. But, interesting.

I read an article interviewing the engineer that developed that at IBM.
He said that it was deliberately awkward so it couldn't be performed accidentally.

Ctl-Alt-Del doesn't seem awkward to me. For the most part it's
a two-hander, but achieved rather comfortably.

What *is* awkward is the way for changing a simple default
operation on a car radio: press and hold power button, turn
ignition on, tap volume up twice, turn ignition off and on
twice, press volume down three times.

I'd use VeraCrypt and do the whole hard drive if you go encryption. My opinion, of course, but in my IT career, I found that to be a good solution (there's a Linux filesystem that can do that also).

The Thinkpad T60 has HDD password feature, and a fingerprint
scanner. I've been afraid to even try those incase the
internal systems would fail.

--
../|ug

--- OpenXP 5.0.51
* Origin: (2:221/1.58)

August Abolins wrote to Sean Dennis <=-

Ctl-Alt-Del doesn't seem awkward to me. For the most part it's
a two-hander, but achieved rather comfortably.

In the mid 2000s, HP came out with a keyboard with a ctrl-alt-delete KEY.

The Thinkpad T60 has HDD password feature, and a fingerprint
scanner. I've been afraid to even try those incase the
internal systems would fail.

They worked well, and there's no way around them if you lose the password. I supported T43s, X60s and T60s with those features on remote workers and we turned everything on until we'd rolled out whole-disk encryption.


... Start where you are. Use what you have. Do what you can.
--- MultiMail/DOS v0.52
* Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/700)

Re: Re: MS 2021 wrap up with 64 patches
By: Sean Dennis to August Abolins on Mon Mar 07 2022 08:40 pm

August Abolins wrote to All <=-

The EFS exploit sounds a bit worrisome since "the problem" can
be triggered even when EFS is not even in use. I *was*
thinking of trying it a while back though.

Remember that Windows includes a way to delibrately crash it[1]. That makes me a little concerned. <G>

A handy feature (that's not enabled by default) for driver and kernel developers.

*nix's have similar kernel-mode debug capabilities.
--
digital man (rob)

Breaking Bad quote #11:
My apologies to the HR department: Grow tumescent with anticipation. - Hank Norco, CA WX: 67.4°F, 47.0% humidity, 3 mph WSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Rob Swindell wrote to Sean Dennis <=-

A handy feature (that's not enabled by default) for driver and kernel developers.

I understand that. :) I was being facetious, however, with some of the poorly-written Windows drivers I've had to deal with, that crash capability seems only too easy to access even if it's not enabled by default. <G>

*nix's have similar kernel-mode debug capabilities.

The Magic SysRq keys are a way to do that if I remember right. My 29 year
old Model M keyboard has the SysRq key on the Print Screen key...I once recovered from a kernel panic using the SysRq key but I do not remember now
how to do it.

-- Sean

... I sold my soul to the devil. He gave it back.
--- MultiMail/Linux
* Origin: Outpost BBS * Johnson City, TN (1:18/200)