Microsoft is excited to release Windows 10 Insider Preview Build 16251 for PC to Windows Insiders in the Fast ring! The same build will be available for Insiders who opted in to Skip Ahead. We are also releasing Windows 10 Mobile Insider Preview Build 15235 to Insiders in the Fast ring. We won’t have a new Windows Server Insider Preview build for Windows Insiders this week.
What’s New in Build 16251 For PC
Windows lets you link your phone and PC
You may remember at Build Microsoft talked about PCs and phones working better together. With Build 16251, they are introducing the first set of features that enable “linking” your phone to your PC. This build’s scenario is focused on cross-device web-browsing. Today, we’re asking for you Windows Insiders to help us test this experience out using your Android phones. Support for iPhone is coming very soon, stay tuned.
To get started, after installing today’s new build on your PC, go to Settings > Phone and link your phone. Having you link your phone ensures that your sessions from your phone are continued only on to the PC that you’ve chosen. After adding your phone to be linked, you will receive an SMS from us directing you to install a test application called “Microsoft Apps” for Android that completes the link between your phone and PC and enables one of our first cross device browsing scenarios.
After you’ve linked your phone, just go to your phone and start browsing the web. When you are at a website you want to view on your PC, simply invoke the native share experience on your phone and share the website to the “Continue on PC” option. You might need to click the “…” or more to add this test app to your share menu.
Once invoked, it will first ask you to sign in with your Microsoft Account. It is important you use the same account you are using on your PC. Next it will ask you if you want to “Continue now” or “Continue later”. If you choose “Continue now”, the website will magically open on the linked PC. If you choose to “Continue later”, the website will show up under Action Center for you to get to later when you’re ready. Try it out and let us to know of any issues you run into!
read the full announcement here > https://blogs.windows.com/windowsexperience/2017/07/26/announcing-windows-10-insider-preview-build-16251-pc-build-15235-mobile/
The return of EternalBlue
On June 27th 2017, another RansomWare attack took hold targeting the same eternal blue (SMBv1) vulnerabilities as WannaCry before it. This attack however doesn't reach out to the internet like WannaCry did, it's an internal network attack.
However, this attack seems to have deliberately targeted businesses in Ukraine, and as the email address used for encryption keys was disabled almost immediately, there's no point in anyone paying ransom if their files are encrypted as they'd never get a reply (with the decryption info).
Patch Patch Patch
If you haven't done it already (and if you have not, why not especially after WannaCry), head over to this Technet link and apply the patches, do it.
Stopping the damage
That said, a security researcher found a way of stopping the ransomware from encrypting machines affected by placing a read-only file called Perfc in the Windows directory, eg:
The presence of that file will be enough to stop the contents of the hard disc from being encrypted by this malware, however the reason this malware spread in the first place is down to vulnerabilities (unpatched) in the operating system. Those vulnerabilities include two from the leaked NSA exploits, so if you've patched your operating systems against those known vulnerabilities you should be safe.
Protection against this new ransomware attack
Microsoft have advised the following to keep you protected against this (and similar) RansomWare attacks:
"We recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. Until you can apply the patch, we also recommend two possible workarounds to reduce the attack surface:
Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and as recommended previously
Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445
As the threat targets ports 139 and 445, you customers can block any traffic on those ports to prevent propagation either into or out of machines in the network. You can also disable remote WMI and file sharing. These may have large impacts on the capability of your network, but may be suggested for a very short time period while you assess the impact and apply definition updates.
Windows Defender Antivirus detects this threat as Ransom:Win32/Petya as of the 126.96.36.199 update. Windows Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats.
For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running.
Monitor networks with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities. Download this playbook to see how you can leverage Windows Defender ATP to detect, investigate, and mitigate ransomware in networks: Windows Defender Advanced Threat Protection – Ransomware response playbook."
Microsoft issued a “highly unusual” patch for Windows XP last month to help prevent the spread of the massive WannaCry malware. At least 75,000 computers in 99 countries were affected by the malware which encrypts a computer and demands a $300 ransom before unlocking it. Microsoft stopped supporting Windows XP in April 2014, but the software giant is now taking the unprecedented move of including it in the company’s Patch Tuesday round of security updates today.
“In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” says Adrienne Hall, general manager of crisis management at Microsoft. “To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.”
read the story @ TheVerge
Ransomware has been around for a few years now but up until yesterday, it wasn't that well known about. This latest RansomWare called WannaCry has changed that for ever.
Ransomware encrypted data on at least 75,000 systems in 99 countries on Friday. Payments were demanded for access to be restored. European countries, including Russia, were among the worst hit.
Companies around Europe were hit and investigations are underway to see who was responsible. This was such a big attack that Microsoft released patches for unsupported operating systems (such as Windows XP) to allow those businesses still running them, a chance to protect themselves.
In addition to making patches available, Microsoft has published guidance to explain what is necessary in protecting yourself against this Ransomware and any others based on the same vulnerabilities (SMBv1). These vulnerabilities were patched by Microsoft in March of this year, but of course there were no patches (at that time) for unsupported operating systems such as Windows XP.
Download Patches for unsupported Operating Systems
To patch your unsupported operating systems, get over to this url and download the available patches.
WannaCry has multiple vectors, but you should remove one vector, SMBv1. Do as follows
1. Block 445 inbound
2. Install MS17-010
3. Remove SMB1
The USMT release for Windows 10 version 1704 will have full support for migration to Office 2016.
Also the tool seems to have been thoroughly worked through in this release.
There is aditions to AppV and also look into Johan Arwidmarks walkthrough of the new ADK.
You can download the Windows ADK 10 Insider Preview v15021 on the below link - log in with your insider account (create one if need be):
Windows Insider Preview Downloads https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewADK