SharePoint is under attack as attackers have discovered and are exploiting vulnerability CVE-2019-0604. Find out more about the vulnerability in the linked security advisory by Microsoft below:
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.– Microsoft SharePoint Remote Code Execution Vulnerability
According to an article by HelpNetSecurity, the attackers are able to install a web shell that then “allows them to achieve continuous access to the system and, potentially, to the internal network on which it resides.” The article also reports that, “According to the Canadian Centre for Cyber Security, researchers have identified compromised systems belonging to the academic, utility, heavy industry, manufacturing and technology sectors.”
Windows has a really cool tool you will be glad to discover if, like me, you like to have lots of power on you computer. Some people have called this feature the “God Mode,” but we will call it “Power Tools Mode,” because we fear God here.
The Power Tools Mode is easy to access. Just create an empty folder on your Desktop, Rename the folder to the following exact code with the brackets and dot and then press Enter.
The folder icon should change to look like that of the Control Panel et voila!
The new icon
This folder gives you access to tools like:
- Shortcuts to several actions in the Action Center (including a shortcut to View the Reliability History discussed in one of our articles),
- Several Administrative Tools,
- Devices and Printers,
- Several Accessibility features in the “Ease of Access Center.”
Power Tools accessible via the so-called “God Mode” on Windows.
One of the hidden gems on Windows computers is the Reliability Monitor. This tool can help you detect problems on your system before it is too late. The Monitor is hidden in the Control Panel > System and Security > Action Center > Reliability Monitor in some of the flavors of Windows, but the quickest way to unearth it on Windows 10 is to Windows Start / Search for “Reliability.” This should bring up a result to “View reliability history.” You can also find the tool by going to your Action Center > Maintenance, then under Check for Solutions to problem reports, click View reliability history.
Control Panel > System and Security > Action Center > Maintenance > View reliability history
According Windows Help and Support, Reliability Monitor is an advanced tool that measures hardware and software problems and other changes to your computer. It provides a stability index that assesses your system’s overall stability on a scale from 1 to 10, 10 being the most stable. The history is presented such that, by selecting a specific period in time, you may review the specific hardware and software problems that have impacted your system.
A view of the Reliability and Problem History on Windows Server 2012
According to a report this morning from SonicWall, a vulnerability that could allow remote code execution has been discovered in WinRAR. This software vulnerability exposes the half a billion users of this Windows unarchiver. The vulnerability exploited is detailed by MITRE in CVE-2018-20250.
To find out if you are vulnerable, check to see if your WinRAR version is anything prior to WinRAR prior to 5.70 beta 1.
The fix is to update your software to the latest WinRAR version to resolve the issue.
For those not familiar with WinRAR, according to Wikipedia, “WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. To enable the user to test the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports creating encrypted, multi-part and self-extracting archives.”
Update: According to a March 23 2019 report by SonicWall, this WinRAR vulnerability is now being exploited in the wild.
“There have been two major exploits of this vulnerability, one targeting Ukraine with an Ukrainian law related PDF document and another targeting users in the Middle East. Last week, SonicWall Capture Labs Threat Research team has observed another campaign targeting users in Chile. WinRAR vulnerability is the most sought after exploit used by both cyber criminals and nation state actors.”
The security news brief from SonicWall also details the infection cycle of a WinRAR exploit. Be on guard!
On Windows 10, using the Windows Management Instrumentation Command Line (WMIC), you can set the password never to expire with the command:
WMIC UserAccount WHERE NAME='username' SET PasswordExpires=FALSE
Note that you have to run the command from an elevated command prompt window.
Hello, World! Your Internet connection may be going down this November 15, 2018 onward if your devices are connected to the internet via Norton ConnectSafe’s DNS IP addresses and you do not have a secondary DNS in place. The announcement is currently displayed at https://connectsafe.norton.com/configureRouter.html with a link to this FAQ that hopefully will answer most of your questions.
The DNS IP Addresses you need to check for and change from are any pair among the following:
If you changed your DNS, you probably know already which one you want to go to next. If you have no idea and need some time to investigate, you can either remove the DNS settings that you have in your device (computer or mobile device) and therefore default to your Internet Service Provider’s DNS settings or you can temporarily follow this How-To Geek article that offers step by step instructions on how to change your DNS to OpenDNS’ or Google’s if you trust these two tech companies.
Alright, you are now in the know, friend!
There are programs that are not easy to uninstall. Sometimes you can easily uninstall the said programs only to find out that they left a trail of files in C:\Program Files\ or C:\Program Files (86)\ that you then try to manually delete.
If all goes away and leaves your computer alone, great! You do not need this article. This article is for times when the program just won’t go away and reports that there is another system using it or another user currently running the program. If there is no user that you know of and there are not programs you are aware of that are still running the unwanted application:
- Try to kill the process in the Applications tab of your Windows Task Manager.
- If the problem persists, Check your Services tab of the Windows Task Manager and look for the name of the unwanted application or for anything related to it.
- If the application you are uninstalling had a server component, you will find it in the list of Services. (Hint: Sort the list by Name instead of PID you can at least identify the program by name.)
- Once you find the problematic service. Right mouse click on it to Stop the service and then try to delete the folder or application you had a hard time deleting.
- If that still does not let you remove it, then go ahead and run an elevated command prompt to run sc.exe
- The command sc.exe delete <service name> should help you completely remove or delete the service, where <service name> is the name of the service itself as you see it in the service management console, not of the exe.
- Finally try to delete the folder you were attempting to delete from C:\Program Files\ or wherever you had installed the application.
- If all none of the above solves the problem, there are certainly other methods out here. Let us know what did the trick for you by commenting below. (Pro Tip: Consider bringing in some of the big guns like the Process Explorer from Microsoft’s SysInternals Utilities).