Microsoft Security Updates, September 2021

The Microsoft September 2021 security updates have been released and consist of 66 CVEs.

3 are rated Critical
62 are rated Important
1 Moderate in severity

Information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds can be viewed here:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep
In addition the full list of CVEs released by Microsoft for September 2021 can be found here along with other updates: 
https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb

Windows Security Updates, August 2021

Microsoft August 2021 security updates have been released and consist of 44 CVEs.
7 are rated Critical

37 are rated Important
Microsoft reports that two of these bugs are publicly known and one is under active attack at the time of release.
Please use Windows/Automatic Updates to determine which updates are applicable to your particular system.

For more information:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug
https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review

 

Windows Security Updates, July 2021

Microsoft July 2021 security updates have been released and consist of 117 CVEs.
Severity:
13 are rated Critical
103 are rated Important
1 is rated moderate   

According to Microsoft, six of these bugs are publicly known and four are under active attack at the time of release.
See Zero Day Initiative for more details: https://www.zerodayinitiative.com/blog/2021/7/13/the-july-2021-security-update-review

On July 6 an Out-of-Band update was released to address CVE-2021-34527, Windows Print Spooler Remote Code Execution Vulnerability for Windows 10 Versions 21H1, 20H1, 2004, 1909, 1809, 1803, 1507, and Windows 8.1
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Download the update by going to Settings > Update & Security > Windows Update
 The link to download and install the update can be found in the Optional updates available area.  
To find the standalone package, go to the Microsoft Update Catalog website.
 https://www.catalog.update.microsoft.com/Search.aspx

 

Why Do I Need TPM 2 for Windows 11:

This article from Microsoft explains:

“…The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.

PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.

TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices….”

Complete article:
https://www.microsoft.com/security/blog/2021/06/25/windows-11-enables-security-by-design-from-the-chip-to-the-cloud/

 

Windows 11 Is Around the Corner

By now everyone has probably heard that Windows 11 is on the way Windows 11 is packed with innovation. The new Operating system features a new user interface (UI) design that has been built for simplicity and ease of use.

 Users will find new built-in features as well:

* Windows Store has been rebuilt from the ground up. It has a new fluid UI and a change in some of the policies that determine what type of apps are permitted into the storefront.

* Microsoft Teams is built into Windows 11.

* Windows 11 will be compatible with many Android Apps

* Xbox app will also be built into Windows 11. Game Pass subscribers will be able to download from a catalog of games that the service offers, and will be able to stream titles using Xbox cloud gaming. Cross-play between consoles and PCs will also be available.

 * Digital pen allows for creative and personal touches. This assists users in writing and drawing naturally in order to annotate a PDF, website, image, and more.

* Voice typing makes the keyboard optional, allowing work to be transcribed into text easily. 

* Intuitive touch gestures enable fluid workflows. No mouse is necessary. The use of multi-finger gestures will enable quicker navigation.  

* Feature Updates will arrive only once a year, as opposed to twice a year for Windows 10.

 For more information on these features and others see: https://blogs.windows.com/windowsexperience/2021/06/24/introducing-windows-11/

 Windows 11 will begin to roll out late in 2021 and continue into 2022. During this time, Lenovo will be testing compatibility of Windows 11 for use on specific PC’s.

Windows Update will also provide an indication if and when a PC is eligible. Users can check their PC’s eligibility by going to Settings/Windows Update.

 Here are the general hardware Specs for Windows 11: https://www.microsoft.com/en-us/windows/windows-11-specifications For those who are eager to know about their PC’s compatibility, Microsoft has provided a Windows PC Health Check Tool in order to see if a PC meets the requirement of Windows 11:  https://www.microsoft.com/en-us/windows/windows-11#pchealthcheck

 Refer to your OEM’s website for more information specific to your PC.  For Lenovo’s list of FAQ’s and Upgrade Details see:  https://www.lenovo.com/us/en/d/windows-11-upgrade

Microsoft Updates, June 2021

The Microsoft June 2021 security updates have been released and consist of 50 CVEs.
5 are rated Critical
45 are rated Important
According to Microsoft, six of these bugs are currently under active attach and three are publicly known at the time of release.
More information: https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun

Note: May 11, 2021 update (KB5003173) must be installed before installing the latest cumulative update (LCU)
Please see: https://support.microsoft.com/en-us/topic/may-11-2021-kb5003173-os-builds-19041-985-19042-985-and-19043-985-2824ace2-eabe-4c3c-8a49-06e249f52527

Microsoft Updates, May 2021

The Microsoft security updates for May 2021 have been released. They consist of 55 Common Vulnerabilities and Exposures (CVEs):
 4 are rated Critical
 50 Important
 1 is rated Moderate in severity.

 Although three of the bugs are listed as being publicly known, none are listed as currently being exploited.
For more information please see THE MAY 2021 SECURITY UPDATE REVIEW by Dustin Childs https://www.zerodayinitiative.com/blog/2021/5/11/the-may-2021-security-update-review

Microsoft Updates, April 2021

The Microsoft April 2021 security updates have been released.
The updates apply to a long list of products listed here: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Apr
Of these the latest Common Vulnerabilities and Exposures (CVE’s), 19 are rated Critical, 89, and 1 is rated Important in severity. Six additional bugs impact Chromium-based Edge. The updates released today will automatically remove Edge Legacy which is out of support and replace it with the new Chromium-based Edge. In the event you still use legacy Edge or if you have blocked the Chromium Edge update using group policies/registry hacks, those settings will be ignored and the legacy version will be removed automatically.

Review: ThinkPad T14 With Windows 10 v. 20H2

A ThinkPad T14 Gen2 arrived at my home a week ago. As a member of Lenovo Advocates, every so often I receive units to review.

ThinkPads are always a favorite with business professionals because of their sleek design, power, mobility, and durability, as well as many features including a Kensington lock slot.

This year for the T14 Gen 2 there are some special features including:

  • Choice between Black and Storm Grey Aluminum
  • New 11th Gen Intel CPUs with Iris Xe Graphics
  • Nvidia MX450 dGPU
  • WWAN options CAT16 or CAT12
  • Dolby Vision UHD panels
  • Smoother touchpad surface

ThinkPad T14 Gen 2 14 inch laptops are tested against 12 military-grade requirements and more than 200 quality checks to ensure that they run in extreme conditions. From the Arctic wilderness to desert dust storms, from zero-gravity to spills and drops.

Options are available at order, but the following were included in the ThinkPad that I received for review:

Color

Storm Gray (aluminum top) which is a dark gray graphite color

Dimensions

(W X D X H) 329x227x17.9mm/12.9×8.9×0.70in

Operating system:

Windows 10 Pro v. 20H2 (build 19042.867)

Windows Note: When I do reviews I manually clone the system to my most recent daily driver so I can compare performance. I have been a person who preferred to operate Windows with a local account so I could handle updates, etc. manually. However this time, as I was short on time between meetings and Easter Week, I opted to allow Windows to use the cloud to enable a few features available with a log-in to my Microsoft account. To be honest, I was very impressed. Apps, including my printer, installed smoothly. As soon as I turned the printer on, there it was on the new T14. I was prepared as usual with all my backups and removeable media for installations, but I did not need any of it except for my graphics application and one security app. Even with that, once I installed the initial setups via online or DVD, all my tools, settings and personal resources were there – as if by magic. I am now convinced that the cloud is the way to go when setting up a new computer.

Drive:

1022.87 Gigabytes Usable HD Capacity

954.50 Gigabyte HD Free Space

Processor

11th Generation Intel Core i7 vPro Processor

Memory Modules

32472 Megabytes Usable Installed Memory

2 Slots of 16384 MB

Storage

1 TB PCIe SSD

Display

14” FHD IPS PrivacyGuard On-Cell Touch (500nit)

Quite a bit of my hours are spent creating designs for a watch face business. My graphics application performed well by displaying clear colors. There was no lag as I worked on multi-layered multiple images at the same time.

Keyboard

This T14 includes the Lenovo’s classic spill resistant ThinkPad design with trackpad and red TrackPoint as well as a LED backlit keyboard with UC functions for F9–F11. Key travel is smooth and quiet.

Camera

HD IR hybrid camera with webcam privacy shutter2

Ports and Slots

  1. USB-C Thunderbolt™ 4 (power delivery)
  2. USB-C Thunderbolt™ 4
  3. Side docking connector
  4. USB-A 3.2 Gen 1
  5. HDMI 2.0
  6. Headphone / mic combo
  7. MicroSD card reader
  8. Optional Smart card reader
  9. USB-A 3.2 Gen 1 (always on)
  10. RJ45
  11. Kensington lock slot

Docking Option

Existing mechanical side docking stations are sold separately: Thunderbolt™ dock /USB 3.0 cable dock/ USB-C cable dock/ Side mechanical dock

After updating firmware on my two-year-old Pro 40 AH Side Dock, it worked beautifully with the T14 Gen 2 .

Battery

Up to 10.7 hours , 50Whr battery (MM18)

AC Adapter

The T14 uses a Type-C 65W that supports RapidCharge.

When I saw this (refer to photo above) my reaction was how “cute” it is compared with older AC adapters.

Audio/Microphone

Dolby Audio Speaker System

 2x User-facing Microphones

Privacy and Security

Match on Chip Touch Fingerprint Reader

RFID and FIPS Fingerprint Reader2

dTPM 2.0 chip

Web camera privacy shutter

ThinkPad PrivacyGuard with On-Cell Touch2

Kensington™ lock slot

Weight:

When it comes to mobility weight is always a factor. ThinkPad T14 weight starts at 1.47kg/3.23lbs. I did not weigh the unit that I received.

Observations and Conclusion:

So far I am enjoying the T14 Gen 2. When I am not writing reviews and helping on Lenovo Forums I spend my work time doing graphic design for a watch face business. The T14 works well with multiple images open online and offline at the same time. Something that I noted on the newer Lenovo  ThinkPads is that there is a red plastic cord holder on the AC adapter cord. I love this because I never remove it by accident, thinking it is my external mouse cord that I’ve used for design work when it is time to do a firmware or BIOS update.

Speaking of BIOS updates, I was pleased to see that Lenovo Commercial Vantage arrived pre-installed. I have always preferred that version. In fact as soon as soon as I powered on, Vantage alerted me of a BIOS update that I did as soon as I finished setting up Windows.

Something else that I noticed is that in a cold environment the aluminum cover becomes quite cold, unlike my black ThinkPads with different coverings. This happened when the T14 was sittings on a desk near a window.  It might be something to consider if ordering a T14 that will be under an AC vent, next to a window, or will be on a worksite outdoors.

Bugbatter

Member, Lenovo Advocates

 

 

Security Features In Microsoft Edge

The new Chromium version Edge Browser keeps the earlier Microsoft Edge name but offers better security for users. The following discusses these features that can be accessed via Settings:

Microsoft SmartScreen

Microsoft Edge relies on Microsoft’s Windows Defender SmartScreen security feature. SmartScreen protects Edge users from phishing attacks by performing a reputation check for the websites that users are trying to visit. SmartScreen lets visitors connect to it, but if it finds anything suspicious, a warning message is shown. In addition, SmartScreen is integrated into Windows 10 shell as well because apps may try to bypass the browser by trying to connect to websites on their own. SmartScreen in Windows 10 Shell makes sure that these websites and apps are screened before users can reach them. Should a user not want to use SmartScreen it can be disabled in Settings.

http://Learn More: What is SmartScreen and how can it help protect me? (microsoft.com)

Tracking Prevention in Microsoft Edge

Many websites use trackers to collect and store data about your browsing behavior. Some trackers gather data about you across multiple sites. The new Microsoft Edge allows the user to detect, block known trackers, and configure which trackers should be blocked.  As shown in the above illustration, there are 3 levels of tracking prevention offered. All of them can block harmful trackers.

Basic – Blocks trackers detected as cryptomining or fingerprinting. Trackers intending to personalize content and ads are enabled.

Balanced – Selected by default and is the recommended setting. As a form of prevention this configuration protects from potentially harmful trackers and trackers from sites that the user has not visited.

Strict – This option blocks the most trackers. However, it can interfere with the opening of some websites, likely causing them to not behave as expected. As an example, you may not be able to log into some sites.

Edge’s Sandboxing

The concept of Sandboxing is one that provides a restricted range that determines which services are limited. Sandboxing helps the user protect the computer from the side-effects of browsing; thus preventing websites from hosting malicious code. In other words, if a website intends to send malicious code, it will go to the sandbox. Closing the sandbox automatically erases the malicious code.

When you start the Windows 10 Sandbox, you will see a new Desktop showing only the Recycle Bin and Edge shortcut. The Start Menu and other icons are visible, but they do not work in the sandboxed mode. When starting Edge from the sandboxed Windows 10 environment for browsing you will have maximum security.  If you are ready to use apps, simply open them in the main Windows 10 instead of sandboxed Windows 10.  However, the benefit of the Sandbox is that, no one can trace your activity on the Internet. Your ISP may obtain a log of your activity, but no one can see the activities performed using Edge Sandbox.

Managing Edge Chromium Extensions

The Chromium version of Edge allows users to add Extensions. For that reason it becomes essential to protect systems when connected to a network. The new Edge browser includes a setting for businesses to enable allowed extensions through Group Policy or added to the Registry as a setting to manage set approved extensions.

 No support for ActiveX controls and BHOs

Finally, Microsoft Edge does not support ActiveX controls and BHOs as Silverlight or the old Java did. If it is necessary to run web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, a workaround would be to run them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and standards support.