Category: Microsoft

Posted on

CVE-2019-0232

New vulnerability that requires attention from the users that run the apache / tomcat from windows machines.

source:

http://mail-archives.us.apache.org/mod_mbox/www-announce/201904.mbox/%3C13d878ec-5d49-c348-48d4-25a6c81b9605%40apache.org%3E

“When running on Windows with enableCmdLineArguments enabled, the CGI
Servlet is vulnerable to Remote Code Execution due to a bug in the way
the JRE passes command line arguments to Windows. The CGI Servlet is
disabled by default. The CGI option enableCmdLineArguments is disabled
by default in Tomcat 9.0.x (and will be disabled by default in all
versions in response to this vulnerability)”

Posted on

Protecting our Privacy in Windows 10

This post is for the ones that use the windows 10 express installation.

Most of the persons will use the express installation, after it finishes you should follow the video  to disable all settings and protect your privacy.

You can’t disable all things like the windows reporting settings, but at least we can restrict them to basic and hope that it does not send too much private information to Microsoft.

Were is a small video that can help you on the first phase.

Posted on

Windows 10 Feedback, Diagnostics and Privacy…

From all the things that I saw in Windows 10 the one that got most of my attention is the Feedback and Diagnostics option.

At the moment I find really limited the amount of information that Microsoft gives related with the information that she collect using this feature.

This feature is the only one that we can’t disable, we can only change between 3 options.

As you use Windows, we collect performance and usage information that helps us identify and troubleshoot problems as well as improve our products and services. We recommend that you select Full for this setting.

  • Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, we’ll be able to provide updates to Windows (through Windows Update, including malicious software protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all.

  • Enhanced data includes all Basic data plus data about how you use Windows, such as how frequently or how long you use certain features or apps and which apps you use most often. This option also lets us collect enhanced diagnostic information, such as the memory state of your device when a system or app crash occurs, as well as measure reliability of devices, the operating system, and apps. If you select this option, we’ll be able to provide you with an enhanced and personalized Windows experience.

  • Full data includes all Basic and Enhanced data, and also turns on advanced diagnostic features that collect additional data from your device, such as system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred. This information helps us further troubleshoot and fix problems. If an error report contains personal data, we won’t use that information to identify, contact, or target advertising to you. This is the recommended option for the best Windows experience and the most effective troubleshooting.

While I was  trying to see info on what is collected by this feature I stumble on this F.A.Q. page.

There the following question and answer is present:

Who sees the diagnostic and usage information that’s collected through feedback and diagnostics?

Microsoft employees, contractors, vendors, and partners might be provided access to relevant portions of the information collected, but they’re only permitted to use the information to repair or improve Microsoft products and services, or third-party software and hardware designed for use with Microsoft products and services.

This sentence basically says trust us,  we collect lots of information and give it to many persons but do not worry they will only use this to improve the product. 

Once more I trust in good faith but if we do not know how the they achieve the objective  and what is the information they collect it is hard to trust.

(UPDATE) – This features can only be disabled in the enterprise version of windows 10 by GPO value to 0 .

Posted on

Microsoft Visual Studio, OSX and Linux

Microsoft has released a light version of Visual Studio for Linux and Mac OS X, there is also a version for Windows but that does not count…

https://code.visualstudio.com

What is interesting on this?

Well for start it seems that finally Microsoft considers the other OS systems important and the company might think to continue leading by incorporating their framework. (.net) into other Operating Systems.

The app seems more a first version of a trojan horse for OS X and Linux users to persuade them to install mono framework (.net).

Why I say this?
Because they advertise some interesting functionalities but apparently they only work if you install the mono framework.
Without the mono framework the tool is not much different from Text mate.

I am happy that Microsoft is trying to expand the .net framework to other platforms.

I had my first experience with mono in 2005 on earlier versions of .net and it was really useful. We used it to port some code into Linux but it was still immature back then, managed by enthusiasts without no real support from Microsoft.

Now with the .net foundation  and their projects things are starting to become more interesting, it is always good when we have competitors at same level JAVA and .NET… (now my Java friends and coworkers will stop talking with me because I used the words “same level” with java and .net…)

Java will have a huge headache in near future as .net starts spreading into Linux/Unix world.

Also it will be a huge advantage for the cloud when we have a major player like Microsoft Azure and we can start developing apps and tools using Linux instead of being exclusively obligated to have windows for a more efficient development.

According to the Microsoft Objectives .net apps will work in mobile phones, windows, Linux, MAC, etc. We can truly have the code once and use it everywhere…. 🙂

I am still waiting for Visual Studio 2015 for MAC… 🙂 that would be great…

Posted on

Sandworm…

It seems that a new vulnerability on SSL is being used on spy games to the west. 🙂

This information was disclosure by the http://www.isightpartners.com/2014/10/cve-2014-4114/

For what is told on the internet has soon has Microsoft releases the patch, more info on it will be delivered about it.

The vulnerability code:
cve-2014-4114

Posted on

Enabling account recovery for your SharePoint Workspace account

This Help article applies to SharePoint Workspace users whose accounts are hosted via Microsoft servers and not managed on a corporate domain. Typically, these are users who create their own accounts.

The account recovery option is enabled by default at account creation time. You may need to use the account recovery feature under the following circumstances:

  • You want to restore your account by opening an account backup file, but you have forgotten the password you set when you created the backup.

For security purposes, SharePoint Workspace prompts you to set a log-in password when you create an account backup file. When you open the account backup file to restore the account, you are prompted to enter this password. If you had “Enable account recovery” enabled in your account preferences, A “Forgot your password?” link displays in the password dialog box. If you click the link, an account reset code is sent to your e-mail address. You can use the account reset code in the Account Configuration Wizard to restore your account.

  • The Windows log-in on your system has been changed in a way that is not recognized by your SharePoint Workspace account.

Though this is a highly unusual circumstance, it also presents a serious issue if this is the only system on which you have your SharePoint Workspace account. In this case, if you have not enabled account recovery, you will be unable to recover your account. The only recourse is to create an entirely new account and then ask your contacts to re-invite you to your workspaces. You will be unable to recover workspaces in which you were the only member.

To enable account recovery:

  1. On the File tab, click Info, click Manage Account, and then click Account Preferences.
  2. Click the Account tab.
  3. Check Enable account recovery and click OK.