Nouveaux téléchargements disponibles sur MSDN


Bon, en plus de la migration vers la nouvelle plateforme de téléchargement de vos ISO et avantages MSDN, voila les nouveautés disponibles pour le mois de juin:

image

Les ISOs de W10 avec les MAJ histoire d’être sûr de déployer la version UP TO DATE en ces temps de Ransomware….même si W10 n’est pas si exposé!

Bon Téléchargements,

PierrE.

Publié dans Uncategorized | 2 commentaires

Désactiver SMBv1 et éviter les Ransomware!


Les dernières vagues de Ransomware exploitent une faille de sécurité connue et normalement “patchée” avec le MS17-010 en utilisant “Eternal Blue” leaké par The Shadow Brokers plus tôt cette année… plus d’info ici: https://fr.wikipedia.org/wiki/WannaCry

Donc il suffit en théorie de maintenir ses systèmes à jour pour l’éviter!

Si vous souhaitez prendre les devants, vous pouvez également désactiver SMBv1 qui est à la base de la vulnérabilité…et qui présente en plus des inconvénient au niveau des performances par rapport à SMBv2…

Pour cela je vous conseille de suivre les indications d’ Aaron Margosis, de Microsoft données ici:https://blogs.technet.microsoft.com/secguide/2017/06/15/disabling-smbv1-through-group-policy/ . Il s’appuie sur les ADMX/ADML du Guide de Sécurisation de Windows (que tout admin digne de ce nom devrait lire régulièrement) disponible ici: https://blogs.technet.microsoft.com/secguide/2017/06/15/security-baseline-for-windows-10-creators-update-v1703-draft/ .

Si vous avez SCCM, vous pouvez aussi utiliser les “Compliance Settings” pour le faire, voir l’article de Cameron COX (Microsoft PFE) sur les étapes nécessaires ici: https://blogs.technet.microsoft.com/systemcenterpfe/2017/05/22/disable-smbv1-in-your-environments-with-configuration-manager-compliance-settings/

Et voila un trés bon article de Mattias Benninge , pour utiliser le filtrage sur vos serveurs de fichiers afin de déceler rapidement une infection en cours de propagation: https://deploymentresearch.com/Research/Post/634/Using-File-Screen-to-block-Ransomware-like-WannaCry-on-server-shares-Part-1

Alors n’attendez pas la catastrophe pour réagir, cette deuxième vague n’aurait jamais du avoir les conséquences qu’elle a sachant qu’elle exploite les même failles que celles de WannaCry… il faut apprendre ou mourir (oui, je suis Formateur…) et cela parait fou de voir que quelques semaines après une telle attaque de grands groupes n’ont toujours pas mis en place les correctifs ou mesures nécessaires pour se protéger contre une menace connue, exploitée et déjà identifiée clairement il y a plus de 6 mois.

Bon Patchage à tous!

PierrE.

Publié dans business, Ransomeware, Security, System Center, WSUS | Tagué , , , , , , , , , , , | Laisser un commentaire

Alerte Sécurité! Patchez vos système… Petya et Petrwrap arrivent!!!


Seconde alerte Ransomware du trimestre…deuxième vague! du coup Microsoft met à jour un bon nombre de KBs avant le Patch Tuesday…à vos consoles, prêts, patchez!

********************************************************************
Title: Microsoft Security Update Releases
Issued: June 27, 2017
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2017-0173  * CVE-2017-0299  * CVE-2017-8482  * CVE-2017-8522 
* CVE-2017-0193  * CVE-2017-0300  * CVE-2017-8483  * CVE-2017-8523 
* CVE-2017-0215  * CVE-2017-8460  * CVE-2017-8484  * CVE-2017-8524 
* CVE-2017-0216  * CVE-2017-8462  * CVE-2017-8485  * CVE-2017-8527 
* CVE-2017-0218  * CVE-2017-8464  * CVE-2017-8488  * CVE-2017-8528 
* CVE-2017-0219  * CVE-2017-8465  * CVE-2017-8489  * CVE-2017-8529 
* CVE-2017-0282  * CVE-2017-8466  * CVE-2017-8490  * CVE-2017-8530 
* CVE-2017-0283  * CVE-2017-8468  * CVE-2017-8491  * CVE-2017-8531 
* CVE-2017-0284  * CVE-2017-8469  * CVE-2017-8492  * CVE-2017-8532 
* CVE-2017-0285  * CVE-2017-8470  * CVE-2017-8493  * CVE-2017-8533 
* CVE-2017-0286  * CVE-2017-8471  * CVE-2017-8494  * CVE-2017-8534 
* CVE-2017-0287  * CVE-2017-8472  * CVE-2017-8496  * CVE-2017-8543 
* CVE-2017-0288  * CVE-2017-8473  * CVE-2017-8497  * CVE-2017-8544 
* CVE-2017-0289  * CVE-2017-8474  * CVE-2017-8498  * CVE-2017-8547 
* CVE-2017-0291  * CVE-2017-8475  * CVE-2017-8499  * CVE-2017-8548 
* CVE-2017-0292  * CVE-2017-8476  * CVE-2017-8504  * CVE-2017-8549 
* CVE-2017-0294  * CVE-2017-8477  * CVE-2017-8515  * CVE-2017-8553 
* CVE-2017-0295  * CVE-2017-8478  * CVE-2017-8517  * CVE-2017-8554 
* CVE-2017-0296  * CVE-2017-8479  * CVE-2017-8519  * CVE-2017-8555 
* CVE-2017-0297  * CVE-2017-8480  * CVE-2017-8520  * CVE-2017-8575 
* CVE-2017-0298  * CVE-2017-8481  * CVE-2017-8521  * CVE-2017-8576 
                                                  * CVE-2017-8579 
Revision Information:
=====================
– – https://portal.msrc.microsoft.com/en-us/security-guidance
– Version: 4.0
– Reason for Revision: Microsoft is announcing the release of the
  following updates to address a known issue customers may experience
  when printing from Internet Explorer or Microsoft Edge: 4032782 for
  Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on
  Windows Server 2012; 4032695 for Internet Explorer 11 and Microsoft
  Edge on Windows 10; 4032693 for Internet Explorer 11 and Microsoft
  Edge on Windows 10 1511; 4022723 for Internet Explorer 11 and Microsoft
  Edge on Windows 10 1607; 4022716 for Internet Explorer 11 and Microsoft
  Edge on Windows 10 1703; 4022720 which is the monthly rollup preview for
  Windows 8.1 and Windows Server 2012 R2; 4022721 which is the monthly
  rollup preview for Windows Server 2012; 4022168 which is the monthly  
  rollup preview for Windows 7 Service Pack 1 and Windows Server 2008 R2
  Service Pack 1. ??This update removes the protection from CVE-2017-8529.
  All updates are available only on the Microsoft Update Catalog, with
  the exceptions of 4022720, 4022721, 4022168, and 4022716, which are
  also available through Windows Update.
– Originally posted: June 27, 2017 
– Aggregate CVE Severity Rating: Critical

Mais aussi AzureADConnect si vous l’avez mis en place!

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 27, 2017
********************************************************************
Security Advisories Released or Updated Today
==============================================
* Microsoft Security Advisory 4033453
– Title: Vulnerability in Azure AD Connect Could Allow Elevation
  of Privilege
https://technet.microsoft.com/library/security/4033453.aspx
– Reason for Revision: Microsoft is releasing this security advisory
  to inform customers that a new version of Azure Active Directory
  (AD) Connect is available that addresses an Important security
  vulnerability.
– Originally posted: June 27, 2017
– Updated: N/A
– Version: 1.0

Attention cette seconde vague est au moins aussi sensible que celle de Wanacry, donc prenez les mesures adéquates, backups et patchs en urgence!

oh, et Voila de la lecture de la part de Veeam:

Alors que le ransomware WannaCry a récemment alerté le monde entier en ciblant toutes les organisations des hôpitaux aux entreprises ferroviaires et en exigeant plus de 60 millions de dollars de rançons pour plus de 200 000 ordinateurs verrouillés, il faut retenir que ces attaques sont sans pitié : elles peuvent se produire à tout instant et frapper n’importe qui.
Alors, comment vous préparer à une infection par ransomware potentiellement inévitable et si vous êtes touché, comment restaurez-vous vos données critiques sans payer de rançon ?

Recevez l’e-book GRATUIT et son webinar bonus réalisés par Veeam® et Conversational Geek pour en savoir plus sur (en anglais) :

■ce qui rend les ransomware si difficiles à prévenir et à arrêter ;

■la manière de se préparer à affronter les ransomware avec des correctifs fréquents, des sauvegardes de qualité et la sensibilisation des utilisateurs ;

■la réponse aux attaques par ransomware grâce aux capacités de restauration de Veeam ;

■et encore beaucoup, beaucoup plus !

TÉLÉCHARGER MAINTENANT !

Et une super vidéo de Mr Mark Russinovich sur les techniques de diagnostiques et d’éradication de Ransomware/malware/virus..à voir absolument!

PierrE.

Publié dans Ransomeware, Security, SysInternals, System Center, WSUS | Tagué , , , , , , , , , | Laisser un commentaire

[ENGLISH] Device Guard notes from the Field…


1. Hardware Prerequisite

Support HYPERV et SLAT + Secure Boot + UEFI

2. Software Prerequisite

Only for the Windows 10 Enterprise version!

HyperV (the platform, not necessarily the management tools)

Isolated user mode

3. Create GPO/GPO Pack

a. Create a GPO for device Guard

clip_image002

clip_image003

clip_image004

Make appropriate choices in accordance with material capacity and desired configuration. Confirm and link the GPO on a test O.U. Then do a GPUPDATE / FORCE.

In this case, I used a local GPEDIT.MSC, but the system stays the same…

b. Creating a GPOPack

GPO Pack ‘s system allows you to deploy the exact same settings on non-domain joined PCs, through a script or from a TS MDT/SCCM.

In my case the purpose was to deploy automatically that GPOPack during MDT deployment.

To do so, you’ll have to export those settings with LocalGPO tool (included in SCM 3.0):

Cscript localgpo.wsf /Path:D: /export /GPOPack

This creates a file, on D, containing the included settings in the local GPO created here

Exporting Local Policy… this process can take a few moments.

Local Policy Exported to D:\{5179D33A-64A1-4432-AD76-D5D1BAE898FE}

Rename the file (for example WINGPOPACK1), then copy it in your MDT tree view

(C:\DeploymentShare\Templates\GPOPacks)

You’re good to go! You’ll just have to list it in CS.INI:

ApplyGPOPack=YES

GPOPackPath=WINGPOPACK1

During TS, there is a step called Apply Local GPO Packs that will apply your GPO Pack in deployment.

We can also produce a commandline as to manage/deploy several GPOPacks in a much more granular way:

cscript localgpo.wsf /Path:D:\{5179D33A-64A1-4432-AD76-D5D1BAE898FE}

4. Create a basic rule (certificate based)

Administrator mode in Windows PowerShell

New-CIPolicy -Level PcaCertificate -FilePath C:\ScanDeBase.xml -userPEs 3> C:\ScanDeBaseLog.txt

Checking for Catalog Signers…

Generating Rules…

Unable to generate rules for all scanned files at the requested level. A list of files not covered by the current policy can be found at C:\Users\Administrateur\AppData\Local\Temp\tmp550C.tmp. A more complete policy may be created using the -fallback switch

5. Convert in binary format

ConvertFrom-CIPolicy C:\ScanDeBase.xml C:\CIPolicydeBase.bin

6. Copy in CodeIntegrity folder

xcopy C:\CIPolicydeBase.bin C:\Windows\System32\CodeIntegrity\SIPolicy.p7b /y

7. Restart your computer and test

8. Audit Device Guard mode

Eventvwr : CodeIntegrity Events 3076

9. Create the rule based on the audit (hash on detected exceptions)

New-CIPolicy -Audit -Level Hash -FilePath C:\ScanAuditBase.xml -UserPEs 3> CIAuditPolicylog.txt

10. Merging both rules

Merge-CIPolicy -PolicyPaths C:\ScanDeBase.xml, C:\ScanAuditBase.xml -OutputFilePath C:\ScanMerged.xml

11. Convert and copy…restart

ConvertFrom-CIPolicy C:\ScanMerged.xml C:\ScanMerged.bin

xcopy C:\ ScanMerged.bin C:\Windows\System32\CodeIntegrity\SIPolicy.p7b /y

Restart once again.

12. Second audit for verification

13. If conclusive: go on mode PROD.

To do so, you must uncheck the audit strategy option:

Set-ruleoption -Option 3 -delete C:\ScanMerged.xml

Compile and copy the file, then restart.

To deploy it with MDT/SCCM, you’ll just have to insert a copy stage of your SIPolicy.p7b in your TS MDT/SCCM if necessary:

(ex : xcopy \\DC01\DeviceGuard\ScanMerged.bin C:\Windows\System32\CodeIntegrity\SIPolicy.p7b /y)

14. Conclusions

Device Guard allows you to achieve optimum security for your sensitive machines. It is not a tool you would apply on all machines, only on those you really want to secure!

@RioJoubert


Publié dans ENGLISH, Formation, Ransomeware, Security, Windows10 | Laisser un commentaire

Patch Tuesday!!! et il est chargé….


Tout d’abord les nouvelles releases du mois….beaucoup de critiques, donc Patchez!!!

This summary lists security updates released for June 2017.
Complete information for the June 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.
Critical Security Updates
============================
Critical        Adobe Flash Player
Critical        Internet Explorer 9
Critical        Internet Explorer 10
Critical        Internet Explorer 11
Critical        Microsoft Edge
Critical        Microsoft Office 2007 Service Pack 3
Critical        Microsoft Office 2010 Service Pack 2 (32-bit editions)
Critical        Microsoft Office 2010 Service Pack 2 (64-bit editions)
Critical        Microsoft Office 2013 RT Service Pack 1
Critical        Microsoft Office 2013 Service Pack 1 (32-bit editions)
Critical        Microsoft Office 2013 Service Pack 1 (64-bit editions)
Critical        Microsoft Office 2016 (32-bit edition)
Critical        Microsoft Office 2016 (64-bit edition)
Critical        Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Critical        Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Critical        Microsoft Office Compatibility Pack Service Pack 3
Critical        Microsoft Office Web Apps 2010 Service Pack 2
Critical        Microsoft Office Web Apps 2013 Service Pack 1
Critical        Microsoft Office Word Viewer
Critical        Microsoft Excel 2013 RT Service Pack 1
Critical        Microsoft Outlook 2007 Service Pack 3
Critical        Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Critical        Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Critical        Microsoft Outlook 2013 RT Service Pack 1
Critical        Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Critical        Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Critical        Microsoft Outlook 2016 (32-bit edition)
Critical        Microsoft Outlook 2016 (64-bit edition)
Critical        Microsoft Outlook 2016 for Mac
Critical        Microsoft PowerPoint 2007 Service Pack 3
Critical        Microsoft PowerPoint 2013 RT Service Pack 1
Critical        Microsoft PowerPoint 2016 for Mac
Critical        Microsoft PowerPoint for Mac 2011
Critical        Microsoft Project Server 2013 Service Pack 1
Critical        Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Critical        Microsoft SharePoint Enterprise Server 2016
Critical        Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
Critical        Microsoft SharePoint Server 2013 Service Pack 1
Critical        Microsoft Word 2007 Service Pack 3
Critical        Microsoft Word 2010 Service Pack 2 (32-bit editions)
Critical        Microsoft Word 2010 Service Pack 2 (64-bit editions)
Critical        Microsoft Word 2013 RT Service Pack 1
Critical        Microsoft Word 2013 Service Pack 1 (32-bit editions)
Critical        Microsoft Word 2013 Service Pack 1 (64-bit editions)
Critical        Microsoft Word 2016 (32-bit edition)
Critical        Microsoft Word 2016 (64-bit edition)
Critical        Microsoft Word 2016 for Mac
Critical        Microsoft Word for Mac 2011
Critical        Skype for Business 2016 (32-bit)
Critical        Skype for Business 2016 (64-bit)
Critical        Microsoft Lync 2013 Service Pack 1 (32-bit)
Critical        Microsoft Lync 2013 Service Pack 1 (64-bit)
Critical        Microsoft Silverlight 5 Developer Runtime when installed on
Microsoft Windows (32-bit)
Critical        Microsoft Silverlight 5 Developer Runtime when installed on
Microsoft Windows (x64-based)
Critical        Microsoft Silverlight 5 when installed on Microsoft Windows (32-
bit)
Critical        Microsoft Silverlight 5 when installed on Microsoft Windows (x64-
based)
Critical        Windows 7 for 32-bit Systems Service Pack 1
Critical        Windows 7 for x64-based Systems Service Pack 1
Critical        Windows 8.1 for 32-bit systems
Critical        Windows 8.1 for x64-based systems
Critical        Windows RT 8.1
Critical        Windows 10 for 32-bit Systems
Critical        Windows 10 for x64-based Systems
Critical        Windows 10 Version 1511 for 32-bit Systems
Critical        Windows 10 Version 1511 for x64-based Systems
Critical        Windows 10 Version 1607 for 32-bit Systems
Critical        Windows 10 Version 1607 for x64-based Systems
Critical        Windows Server 2008 for 32-bit Systems Service Pack 2
Critical        Windows Server 2008 for 32-bit Systems Service Pack 2
            (Server Core installation)
Critical        Windows Server 2008 for Itanium-Based Systems Service
            Pack 2
Critical        Windows Server 2008 for x64-based Systems Service
            Pack 2
Critical        Windows Server 2008 for x64-based Systems Service
            Pack 2 (Server Core installation)
Critical        Windows Server 2008 R2 for Itanium-Based Systems
            Service Pack 1
Critical        Windows Server 2008 R2 for x64-based Systems Service
            Pack 1
Critical        Windows Server 2008 R2 for x64-based Systems Service
            Pack 1 (Server Core installation)
Critical        Windows Server 2012
Critical        Windows Server 2012 (Server Core installation)
Critical        Windows Server 2012 R2
Critical        Windows Server 2012 R2 (Server Core installation)
Critical        Windows Server 2016
Critical        Windows Server 2016 (Server Core installation)

Puis 2 révisions, critiques encore une fois…..

The following CVEs have undergone a major revision increment.
* CVE-2017-0167
* CVE-2016-3326
Revision Information:
=====================
CVE-2017-0167
– Title: CVE-2017-0167 | Windows Kernel Information Disclosure
   Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0167,
   Microsoft has released security update 4022887 for supported
   editions of Windows Server 2008, and Monthly Rollup 4015549 and
   Security Update 4015546 for supported editions of Windows 7 and
   Windows Server 2008 R2. Microsoft recommends that customers
   running any of these affected editions of Windows should install
   the applicable update to be fully protected from this
   vulnerability. See Microsoft Knowledge Base Article 4022887,
   Microsoft KB4015549 Release Notes, or KB4015546 Release Notes
   for more information.
– Originally posted: April 11, 2017 
– Updated: June 13, 2017
– CVE Severity Rating: Important
– Version: 2.0
CVE-2016-3326
– Title: CVE-2016-3326 | Microsoft Browser Information
   Disclosure Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2016-3326,
   Microsoft is releasing June security updates for all affected
   Microsoft browsers. Microsoft recommends that customers running
   affected Microsoft browsers should install the applicable June
   security update to be fully protected from this vulnerability.
   See the applicable Release Notes or Microsoft Knowledge Base
   article for more information.
– Originally posted: Autust 09, 2016
– Updated: June 13, 2017
– CVE Severity Rating: Important
– Version: 2.0

et pour fnir les autres Major Revisions…

The following bulletins have undergone a major revision increment.
* MS16-095
* MS16-AUG
Revision Information:
=====================
MS16-095
– Title: Cumulative Security Update for Internet Explorer (3177356)
https:https://technet.microsoft.com/en-us/library/security/
   ms16-095.aspx
– Reason for Revision: To comprehensively address CVE-2016-3326,
   Microsoft is releasing June security updates for all affected
   Microsoft browsers. Microsoft recommends that customers running
   affected Microsoft browsers should install the applicable June
   security update to be fully protected from this vulnerability.
   See the applicable Release Notes or Microsoft Knowledge Base
   article for more information.
– Originally posted: August 9, 2016 
– Updated: June 13, 2017
– CVE Severity Rating: Critical
– Version: 2.0
MS16-AUG
– Title: Microsoft Security Bulletin Summary for August 2016
https:https://technet.microsoft.com/en-us/library/security/
   ms16-aug.aspx
– Reason for Revision: To comprehensively address CVE-2016-3326,
   Microsoft is releasing June security updates for all affected
   Microsoft browsers. Microsoft recommends that customers running
   affected Microsoft browsers should install the applicable June
   security update to be fully protected from this vulnerability.
   See the applicable Release Notes or Microsoft Knowledge Base
   article for more information.
– Originally posted: August 09, 2016
– Updated: June 13, 2017
– CVE Severity Rating: N/A
– Version: 2.0

et

The following CVE has been revised in the May 2017 Security Updates.
* CVE-2017-0222
Revision Information:
=====================
CVE-2017-0222
– Title: CVE-2017-0222 | Internet Explorer Memory Corruption
   Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised Affected Products table to include
   Internet Explorer 9 on Windows Server 2008 for 32-bit Systems
   Service Pack 2, and Internet Explorer 9 on Windows Server 2008
   for x64-based Systems Service Pack 2. This is an informational
   change only.
– Originally posted: May 9, 2017 
– CVE Severity Rating: Critical
– Version: 2.1

Alors Express Files ou pas…. à vos WSUS/SCCM….Patchez!

PierrE

Publié dans 2008R2, 2012R2, 2016, Audit, Deployment, Ransomeware, Security, System Center, Windows 7, Windows 8, Windows 8.1, Windows10, WS 2012, WS2015TP, WSUS | Laisser un commentaire

Update 1705 (TP) de SCCM disponible…


News from Yvette, encore ne fois….et cette fois ci j’avais raté l’information Smile

Hello everyone! We are happy to let you know that update 1705 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This month’s new preview features include:

Configuration Manager Console

  • High DPI console support – With this release, issues with how the Configuration Manager console scales and displays different parts of the UI when viewed on high DPI devices (like a Surface Book) should be fixed.

Application Lifecycle and Content

  • Removing Network Access Account (NAA) requirement for Client Peer Cache – In this release, we are removing the NAA requirement, so that peer cache source computers no longer use the NAA to authenticate download requests from peers.

Clients and User Discovery

  • Azure Active Directory (AD) Onboarding – Create a connection between Configuration Manager and Azure AD. Install and register Configuration Manager clients with Azure AD identity. Enable Configuration Manager on-premises services like Management Point or cloud services like Cloud Management Gateway to have the capability to authenticate with devices and user identities in Azure Active Directory. By using Azure AD, devices will not need client authentication certificates for HTTPS.
  • Azure Active Directory (AD) User Discovery – Now you can enable user object discovery from Azure AD.

Software Updates and Compliance

  • Configure and deploy Windows Defender Application Guard policies – You can now create and deploy Windows Defender Application Guard policies to Windows 10 clients that help protect your users by opening untrusted web sites in a secure container.
  • Improved end user experience for Office Updates – Improvements have been made to the end user experience for Office updates which includes improved toast notifications, business bar notifications, and an enhanced countdown experience.

Core Infrastructure

  • Configuration Manager Update Reset Tool – We are adding a new tool to reset and restart in-console updates when they have problems downloading or replicating.
  • SQL Always On asynchronous-commit mode replica support – Configuration Manager now supports SQL Always On secondary replicas that run under asynchronous-commit mode for disaster recovery scenarios.
  • Operations Management Suite (OMS) added to Azure Services Wizard – You can now use Azure Services Wizard to connect Configuration Manager to Log Analytics in OMS to sync device collection data.

Update 1705 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1703 baseline version of Configuration Manager Technical Preview Branch available on TechNet Evaluation Center.

We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use Connect. If there’s a new feature or enhancement you want us to consider for future updates, please use the Configuration Manager UserVoice site.

Thanks,

The System Center Configuration Manager team

Configuration Manager Resources:

Documentation for System Center Configuration Manager Technical Previews

Try the System Center Configuration Manager Technical Preview Branch

Documentation for System Center Configuration Manager

System Center Configuration Manager Forums

System Center Configuration Manager Support

Download the Configuration Manager Support Center

Afficher l’article…

Bonne mise à jour!

Pierre@Thessaloniki!

Publié dans Uncategorized | Laisser un commentaire

[English] HP Conexant Keylogger! Urgent!


Some HP laptops are vulnerable due to a now known bug that has an enormous security fail:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360

In simple words, Conexant the sound driver in the machines, keeps track of all the keystrokes in a text file named: MicTray.log

keyloggerhp

This file contains all the keystrokes that the user typed… It only takes to transcribe the key code to read it. You can find the codes that matches the keys here:

https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx

Example:

sample_conexant

and:

clip_image005

Here, the affected laptops:

  • § HP EliteBook 820 G3 Notebook PC
  • § HP EliteBook 828 G3 Notebook PC
  • § HP EliteBook 840 G3 Notebook PC
  • § HP EliteBook 848 G3 Notebook PC
  • § HP EliteBook 850 G3 Notebook PC
  • § HP ProBook 640 G2 Notebook PC
  • § HP ProBook 650 G2 Notebook PC
  • § HP ProBook 645 G2 Notebook PC
  • § HP ProBook 655 G2 Notebook PC
  • § HP ProBook 450 G3 Notebook PC
  • § HP ProBook 430 G3 Notebook PC
  • § HP ProBook 440 G3 Notebook PC
  • § HP ProBook 446 G3 Notebook PC
  • § HP ProBook 470 G3 Notebook PC
  • § HP ProBook 455 G3 Notebook PC
  • § HP EliteBook 725 G3 Notebook PC
  • § HP EliteBook 745 G3 Notebook PC
  • § HP EliteBook 755 G3 Notebook PC
  • § HP EliteBook 1030 G1 Notebook PC
  • § HP ZBook 15u G3 Mobile Workstation
  • § HP Elite x2 1012 G1 Tablet
  • § HP Elite x2 1012 G1 with Travel Keyboard
  • § HP Elite x2 1012 G1 Advanced Keyboard
  • § HP EliteBook Folio 1040 G3 Notebook PC
  • § HP ZBook 17 G3 Mobile Workstation
  • § HP ZBook 15 G3 Mobile Workstation
  • § HP ZBook Studio G3 Mobile Workstation
  • § HP EliteBook Folio G1 Notebook PC

All this to say that taking advantage of this bug is as easy as it is dangerous.

HP has put at disposal a new hotfix: SP80323.exe

If your laptop appears in this list, please urgently update it!

Another way of doing it is deleting the executable, the log and all kind of automatic launch to prevent from this fail. To do so, delete MicTray.exe or MicTray64.exe, MicTray.xml or MicTray64.xml (both can be found under System32), delete the log in the Public repertoire and restart the machine!

This link will show you a PowerShell script cleaning the system!

https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1

Have a blast with this patch,

Security first!

@RioJoubert

Publié dans ENGLISH, Security | Laisser un commentaire