How to Fix Windows 10’s New Critical Security Flaw (March 2020)

Windows 10 has a new security flaw, and it’s already being exploited in the wild. You could be infected with malware just from downloading a file, as File Explorer will automatically open the file and preview it. Windows 7 has the same problem. 

What You Need to Know

Microsoft announced this security hole on March 23, 2020. Microsoft says it is “aware of limited targeted attacks” that use flaws in the Adobe Type Manager Library. “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” according to Microsoft’s security advisory.

The flaw affects all versions of Windows in active use: Windows 10, Windows 8.1, Windows 8, Windows 7, and various versions of Windows Server. (Of course, if you’re using Windows 7 and aren’t paying for extended security updates, you won’t get a security patch.)

Microsoft is working on a fix and expects it to be available on the next Patch Tuesday - that is, April 14, 2020.

Until then, they explain how to use a workaround that will protect your PCs from the security flaw.

How to Protect Your PC

To work around the flaw, all you have to do is disable the Preview and Details panes in File Explorer (or Windows Explorer on older versions of Windows.) Windows won’t automatically display previews of OTF font files, which will protect you.

You could still be attacked if you open a malicious file. However, simply viewing the file in File Explorer won’t be a risk.

To do this, open File Explorer and click the “View” tab at the top of the window.

Ensure both the “Preview pane” and “Details pane” options in the Panes section are disabled. Click them to toggle them on and off.

preview 1

Next, click the “Options” icon at the right side of the ribbon bar. If a menu appears, click “Change folder and search options.”

 

preview 2 

Click the “View” tab. In the “Advanced Settings” box, enable the “Always show icons, never thumbnails” option.

You’re done. Click the “OK” button to save your changes. Close all open File Explorer windows (or reboot your computer) to ensure your change takes effect.

 

preview 3


On Windows 7, you’ll have to change these same options. They’re in a slightly different place in Windows Explorer.

First, click Organize > Layout and use the options in the menu to disable the Details pane and Preview pane.

Second, click Organize > Folder and search options in Windows Explorer to open the options window. Enable the “Always show icons, never thumbnails” option in the same place.

 

preview 4

 

This change will only be necessary until Microsoft issues a security update that fixes the problem. After the company does, you can re-enable previews. (However, on Windows 7 without security updates, you’ll probably want to leave it disabled permanently.)

Netwise 25.03.20

Albox City Council chooses Cambium Networks for its wireless traffic management network, IP public address and public WiFi

Albox town hall, has become one of the first Smartcity Municipalities in Spain. The project, based on the deployment of a Wireless Municipal Network , developed by Next Communications with Cambium Networks technology, allows improving mobility in certain areas of the municipality, thanks to a network of cameras and an IP public address system, in addition to offering access Free WiFi to neighbours.

The video surveillance system allows a more efficient control of vehicle traffic and optimum compliance with regulations. The network of cameras captures images of the traffic lanes and license plates of the vehicles that transit them, creating a registry to detect, in real time or at a specific moment, traffic infractions and road safety.

The Wireless Municipal Network connects with the Security Control Center, located at the Local Police Headquarters and includes IP Public Address services, which allow interaction with citizens in each area and make announcements of interest. It also offers free WiFi access to residents, which places the Municipality of Albox, as one of the first to join the European initiative WiFi4EU, whose goal is that, by 2020, all public spaces in the EU offer free Internet access.


Advice: Please remember that free WiFi accessable by anyone means that anyone could access your device. Do not use these systems to log into websites that need your password or to transmit sensitive information. Since it is a public and free network, the Town Council recommends not exchanging data that could put the citizen's privacy at risk, such as bank account numbers, credit cards or personal photographs.

Netwise 28.03.19

LibreOffice and OpenOffice security risk found.

oovslibreLibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. A similar flaw in Apache OpenOffice remains unfixed.

A Remote Code Execution (RCE) vulnerability was discovered in LibreOffice on Windows and Linux, and users are now recommended to update to the latest versions, as patches have already been issued.

While the vulnerability has already been resolved in LibreOffice, it looks like other Office productivity suites are affected as well, including OpenOffice.
OpenOffice is still unpatched right now, with no ETA as to when a fix could be shipped.

The security researcher confirms that OpenOffice 4.1.6 is the one vulnerable to attacks and the parent company acknowledged the issue, only that no known release date is available just yet.

Users are thus recommended to update to the latest version of LibreOffice as soon as possible, while those using OpenOffice should try to stay away from documents coming from untrusted sources as much as possible.

According to sources, OpenOffice users can mitigate the risk by removing or renaming the pythonscript.py file in the installation folder.

Netwise 09.02.19

defenderWindows 10 Defender Anti-Malware Update Problems

Microsoft warns that Windows 10 may not start on some computers after installing the latest monthly updates of the Windows Defender antimalware platform.

Affected resources

Computers with Windows 10 operating systems (Enterprise, Pro and Home) or Windows Server 2016.

Solution

According to Microsoft, it is working on a solution to the problem that will be published in a future update.

If your computer has been affected, follow the recommendations they offer from the Microsoft support center. If you have questions, go to a technical support service you trust to help you solve the problem.

However, remember that antimalware products must always be active and updated to be effective and protect you from viruses and fraud.

Technical Details

It is a bug that would affect those computers that have the Secure Boot function (version 4.18.1901.7) active in the BIOS. Additionally, this update could generate problems due to a change in the location of the update file path, which would cause many downloads to be blocked when the AppLocker, application execution control program and files are enabled.

Netwise 02.02.19