Windows 10/Server extreme security flaw

An extremely bad security flaw in Microsoft Windows has just been reported and patched. Here’s more information from the NSA:

https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples where validation of trust may be impacted include:

o HTTPS connections
o Signed files and emails
o Signed executable code launched as user-mode processes

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.

Information from the Department of Homeland Security:

Emergency Directive 20-02
Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday

Information from US-CERT:

Alert (AA20-014A)
Critical Vulnerabilities in Microsoft Windows Operating Systems

Brian Krebs had sounded early alerts:

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Update, Jan. 14, 9:20 a.m. ET: The NSA’s Neuberger said in a media call this morning that the agency did indeed report this vulnerability to Microsoft, and that this was the first time Microsoft will have credited NSA for reporting a security flaw. Neuberger said NSA researchers discovered the bug in their own research, and that Microsoft’s advisory later today will state that Microsoft has seen no active exploitation of it yet.

According to the NSA, the problem exists in Windows 10 and Windows Server 2016. Asked why the NSA was focusing on this particular vulnerability, Neuberger said the concern was that it “makes trust vulnerable.” The agency declined to say when it discovered the flaw, and that it would wait until Microsoft releases a patch for it later today before discussing further details of the vulnerability.

Update, 1:47 p.m. ET: Microsoft has released updates for this flaw (CVE-2020-0601). Their advisory is here.

Discussions

Backup notes talk about TIme Machine issues and macOS process priorities, Time Capsule hard drive compatibility, ChronoSync, etc.

MacInTouch Community discussions also include the following topics (among others):

Amadeus Pro

Amadeus Pro is an excellent, multi-track audio editing, recording and processing program from Martin Hairer (HairerSoft). Features include denoising and repair functions, CD burning, conversion and broad support of many formats (including Mp3, MPEG-4 AAC, AIFF, WAVE, WMA, CAF, FLAC, Ogg Vorbis, etc.), analysis tools (including sonograms, spectrum displays and waveform statistics), “smart editing” (for smooth cut/paste), iTunes support, batch operations, and a full array of audio effects and processors, supporting both Audio Unit and VST audio plug-ins, plus built-in effects (multiband graphic equalizers, volume normalization, fade in/out, echo, speed and pitch change, etc.), scheduled recordings and more,

Amadeus Pro 2.7 is priced at $59.99 for OS X 10.8 and up. An Amadeus Lite version at $24.99 has fewer features. (Older versions are also available for download, supporting Mac OS X 10.4 and up.)

Amadeus’s latest release brings more macOS 10.15 compatibility, plus features and fixes:

Full support of macOS Catalina security features
Performance improvements
Advanced preference allowing to lower resolution for increased display speed
Uses latest versions of Ogg Vorbis and Ogg Opus libraries
Added Brown noise generator
Support for AIFF files of up to 4GB in size
Bug fixes

SilentKnight, LockRattler, SysHist

SilentKnight is a Mac app from Howard Oakley (The Eclectic Light Co.) that fills a big gap in Apple’s Mac software, checking and displaying the status of Apple’s silent security updates — MRT, Gatekeeper, XProtect, TCC, the KEXT blocker, EFI firmware and System Integrity Protection (SIP) status.

LockRattler is an earlier app from the same developer with a less streamlined, more manual interface that may be preferable in certain cases, for example, if you don’t want to update all back-level versions of these Apple security components at once. Another related app, SystHist, offers a list of these security updates and versions that have been installed over time.

SilentKnight, LockRattler and SystHist are free downloads for OS X 10.11 and later.

To check your Mac, simply open [SilentKnight]. It then runs a series of automatic checks:
• whether your EFI firmware is current, against a list which I maintain for each model;
• settings of key security systems such as System Integrity Protection (SIP);
• security data files for MRT, Gatekeeper, XProtect, TCC, and the KEXT blocker, testing whether they are up to date;
• whether there are any security updates available from Apple.
If the answer to the last is that there are updates available, it provides a single button which will download and install them immediately.

… SilentKnight isn’t intended as a complete replacement for LockRattler, which offers similar coverage but without automatic comparison against expected results. LockRattler remains the preferred option when you need more flexibility, perhaps running deliberately with older EFI firmware, or only wanting to download and install certain named updates.

… SystHist is a clean and simple app which tells you all the OS X/macOS system and security updates which have been installed on that Mac. Now probes deep into protected territory to find even silent silent updates, and gives details of all the files updated.

SilentKnight 1.6 takes Apple’s abandonment of macOS 10.12 into consideration.

T2M2 (The Time Machine Mechanic)

T2M2 (The Time Machine Mechanic) is a Mac utility app from Howard Oakley (The Eclectic Light Co.) that helps check on the integrity of Apple’s Time Machine backup system, analyzing your Mac’s system logs to check for anomalies and errors and reporting on backup volumes, file counts, space usage, deletions, scheduling, errors, intervals, deep scans, compaction, and more. The app includes detailed built-in help and a “Back up Now” button.

T2M2 1.12 is a free download for macOS 10.12 and later.

Much of the time, Time Machine backups work fine. Every hour or so, your Mac automatically makes a new backup, and when you need to retrieve something from those backups, it’s there, ready for you. But Time Machine can and does go wrong, and often does not warn you that it has stopped making backups regularly, has stopped working altogether, or that errors have occurred. You may only discover this when you go to use your backup; it is then too late. The Time Machine Mechanic, T2M2 for short, is an easy-to-use tool which checks that your backups are being made correctly. It tells you details such as how much has been backed up, and when. It reports any errors which have occurred, and keeps you fully informed about what has been going on with Time Machine.

Macs Fan Control

Macs Fan Control is a free app from CrystalIdea Software Inc. for better control over Mac cooling fans, letting you set individual fans to a constant speed or control them in relation to a specific temperature sensor, from built-in Apple sensors to third-party hard drive and SSD SMART data. You can set minimum and maximum thresholds, display thermal sensor data, display a temperature and fan speed in the Mac menubar, and even use it with Windows running in Boot Camp.

Macs Fan Control 1.5.4 is a free download for macOS 10.12 and up with earlier versions available for Mac OS X 10.6 to OS X 10.11. A $14.95 “Pro” version brings custom fan presets, plus “priority customer support and confidence in future updates and improvements.” The latest release now works in Windows 10 also on modern computers that have the T2 security chip.

Discussions

MacInTouch Community discussions include the following topics (among others):

  • Apple Card – statement conversion hack (csv.wtf)
  • Apple security – Checkra1n/Ra1nUSB jailbreak; iCloud AI image scanning; FBI, end-to-end encryption
  • Backup – Time Machine failures (and ChronoSync contention)
  • Input devices – Logitech Triathlon vs. Microsoft Precision Mouse
  • Internet services – Verizon false advertising
  • iPhone SE – extended support in California
  • macOS Catalina – Apple update broke Canon camera connection
  • Quicken – APFS conflict with “lexicographical order”
  • SSDs – Samsung’s ultrafast PCIe 4.0 SSD previewed
  • Tax software – security/privacy and software archiving problems

Apple Smart Battery Case defect

Apple has acknowledged defects in one of its iPhone accessories.

Smart Battery Case Replacement Program for iPhone XS, iPhone XS Max, and iPhone XR
Apple has determined that some Smart Battery Cases made for iPhone XS, iPhone XS Max, and iPhone XR may experience charging issues. An affected Smart Battery Case may exhibit one or more of the following behaviors:

  • Battery case will not charge or charges intermittently when plugged into power
  • Battery case does not charge the iPhone or charges it intermittently

Affected units were manufactured between January 2019 and October 2019. This is not a safety issue and Apple or an Apple Authorized Service Provider will replace eligible battery cases, free of charge. … The program covers affected Smart Battery Case for 2 years after the first retail sale of the unit.

Ubiquiti AmpliFi

AmpliFi is a set of Wi-Fi mesh networking products from Ubiquiti Networks Inc. that can replace Apple’s abandoned AirPort products with better-than-Apple design and details. Features include an elegant iOS app for management, stylish design, streamlined setup, and a high-performance mesh architecture that integrates a base router with peripheral “MeshPoint” extenders to effectively cover a greater area than a single router can alone with maximum performance and reliability.

AmpliFi Alien is a brand-new router featuring Wi-Fi 6 technology with 2.4/5 GHz Wi-Fi 6 and 5 GHz Wi-Fi 5 radios, promising double the coverage and far greater capacity vs. the company’s previous model. Other features include a Gigabit Ethernet WAN port and switch for four LAN ports, a 274×1268 color touchscreen with haptics, internal power supply, a “high-performance custom antenna array” and “MU-MIMO and OFDMA for communication across twelve Wi-Fi 6 spatial streams”, plus easy setup and management via iOS or Android apps. Multiple AmpliFi Alien devices can be combined in a mesh for added range and capacity.

AmpliFi HD, an earlier model, includes a base router with four Gigabit Ethernet ports and a Gigabit WAN Ethernet port, plus two MeshPoint devices that plug into 3-prong A/C jacks with an adjustable magnetic mount attaching an antenna unit with signal strength/status metering (but no Ethernet port). Alternatively, you can purchase the router alone, or multiple routers that you combine wirelessly or via Ethernet “back-haul.” (See AmpliFi documentation for many more details.)

AmpliFi Instant is a compact, lower-priced package with just one Ethernet LAN port (plus the WAN port) on the main router, while an Ethernet port has been added to its AirPort Express-like MeshPoint extender.

AmpliFi Alien is priced at $379, or at $699 in a bundle with an AmpliFi Alien MashPoint.

AmpliFi HD [Amazon] is list-priced at $340 for the router with two MeshPoint extenders.

AmpliFi Instant [Amazon] is priced at $179 for the base router and a single MeshPoint extender.

AmpliFi WiFi 1.12.4 is a free wireless system management app for iOS 9 and later (and it’s also available for Android).

AmpliFi Teleport 1.1.0 is a free app for iOS 12 and later that lets you make a remote secure connection to your home network (like a VPN) with a Google, Facebook, or Ubiquiti login account.

Ubiquiti WiFiman 0.7.1 is a free app for iOS 10 and up that can scan your local network for device and port details, as well as doing a network speed test.

Sabrent Rocket NVMe 4.0

Rocket Nvme PCIe 4.0 [Amazon link] is an NVMe M.2 SSD from Sabrent that uses the new PCIe 4.0 standard for ultra-high performance, promising read/write speeds up to 5000/4400 MB/s with computer motherboards that support PCIe 4.0.

Note: In order to take advantage of these speeds, a PCIe Gen4 motherboard is REQUIRED. Otherwise it will be at pcie gen 3 speed at max of 3500MB/s. When installing any NVMe PCIe 4.0 SSD directly onto a PCIe Gen4 Motherboard a Heatsink is required to dissipate the heat generated by the drives extreme speed levels to avoid thermal throttling and maximize performance.

The Sabrent 1TB Rocket Nvme PCIe 4.0 M.2 2280 Internal SSD is backward compatible with PCIe 3.0. Using a Gen 3 PCIe motherboard will enable the user to reach speeds of up to 3400 MB/s (read) and 3000 MB/s (write).

Other features include SMART and Trim support, upgradable firmware, power management support (“APST / ASPM / L1.2”), and support for ONFi 2.3, ONFi 3.0, ONFi 3.2 and ONFi 4.0 interfaces.

Rocket Nvme PCIe 4.0 is sold via resellers in 500GB, 1TB and 2TB capacities ($119.98 to $369.99 when checked at Amazon).

Sabrent Rocket Nano

Sabrent Rocket Nano [Amazon] is a compact SSD storage device that connects via 10Gbps USB-C and promises speeds up to 1,000 MB/s. Other features include upgradable firmware, Trim support, and an aluminum alloy shell, along with USB-C and USB 3 Type-A connecting cables.

Sabrent Rocket Nano is sold by resellers in 512MB, 1TB and 2TB capacities ($109.99, $159.99 and $289.99 when checked at Amazon).

USB 3.1 Aluminum Enclosure for M.2 NVMe SSD ($45.99 when checked) omits the SSD in a kit that lets you add an M.2 NVMe SSD of your choosing.

CPUSetter

CPUSetter is a little Mac utility from Bryan Christianson that lets you set the number of active physical and logical CPU cores, as well as disabling hyperthreading on certain CPUs (e.g. quad-core i7), for various purposes, such as security issues, bug workarounds, power reduction, software license requirements, and pure experimentation.

Other features include built-in help, plus controls over process priority and limiting, as well as some very useful real-time displays of system/resource details — processes, priorities, and resource usage for CPU, GPU, RAM, disk, network, etc.

CPUSetter 1.5.0 is donationware for OS X 10.10 and up. The latest release adds a power usage graph and fixes a memory leak.