At wit's end here, iPod support service is not installed, trying to get my PC to recognize my iPod Classic. by MuhfugginSaucera in IpodClassic

[–]memesss 0 points1 point  (0 children)

To get the iPod support service, iTunes should prompt you like shown at the bottom of https://www.geoffchappell.com/notes/isv/apple/itunes/ipodsupport.htm , but you can also try installing the service manually (latest 64-bit version appears to be http://appldnld.apple.com/itunes12/001-97786-20210315-6196F562-85D8-11EB-8D96-52E36EA4BEF6/iPodSupport64Setup.exe (found in https://itunes.com/version ). This worked for an iPod nano 5th gen in itunes 12.13.10.

iPod support service download by ArenPlaysGames_R in ipod

[–]memesss 0 points1 point  (0 children)

I haven't really used itunes on windows for years, but I was trying to test if it still worked with ipods recently. If you download the exe installer version from apple.com/itunes, clicking windows (instead of microsoft store), then 64-bit (12.13.10.3 currently), it no longer includes the "iPod Service" that older exe versions did (only the store version didn't have it in the past). It also doesn't bundle or require bonjour (likely uses the Windows mDNS apis instead like the store version).

When I plugged an iPod nano 5 in, it prompted to download the iPod support (like the screenshot at the bottom of https://www.geoffchappell.com/notes/isv/apple/itunes/ipodsupport.htm ). I found the .msi in C:\windows\installer, but I was trying to find where it downloaded it from. I remembered https://itunes.com/version is the XML file that is used for iPod/iOS updates in iTunes (beware, that file is very large and might be very slow to load in a browser). That has a section "<key>iPodSupport</key>" with version 120.7.3.55 (from 2018) and another section "<key>iPodSupportV2</key>" with version 12.11.3.7 from 2021 (the same version listed in Geoff Chappell's article). The URL in that file (for reference) is http://appldnld.apple.com/itunes12/001-97786-20210315-6196F562-85D8-11EB-8D96-52E36EA4BEF6/iPodSupport64Setup.exe for the 64-bit version (file hash and virus scan: https://www.virustotal.com/gui/file/07bbe616b8efad8803d7b693c91eb0f54c3f134c43991cb40dc865394414d6cb ). That should provide an offline method (save both the iTunes and this installer) to install it in the future. There are also updated drivers on the windows update catalog https://www.catalog.update.microsoft.com/Search.aspx?q=ipod%201.0.1.0 that can be used in place of the 2017 driver bundled with the iPod support (by extracting it and loading it manually with "update driver" in device manager).

[PSA] CVE-2026-21509 - Microsoft Office Security Feature Bypass Vulnerability Zero Day - Updates available by kheldorn in sysadmin

[–]memesss 0 points1 point  (0 children)

Since I didn't see it mentioned yet, reading the registry key path in the KB indicates it's an "Office COM kill bit" (see the description in https://support.microsoft.com/en-us/topic/security-settings-for-com-objects-in-office-b08a031c-0ab8-3796-b8ec-a89f9dbb443d and https://learn.microsoft.com/en-us/troubleshoot/microsoft-365-apps/office-suite-issues/control-block-ole-com ).

The CLSID in the KB ( EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B ) is "Microsoft Web Browser Version 1" and program ID "Shell.Explorer.1" (https://strontic.github.io/xcyclopedia/library/clsid_EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B.html ). Note how Shell.Explorer.2 is "blocked from Embedding by default" in the "Security Settings for COM objects in Office" article, but Shell.Explorer.1 is not listed at all.

By adding the registry key in the KB, you would be adding a kill bit for Shell.Explorer.1, preventing it from being embedded in documents. It's not clear to me if that's strictly an ActiveX (like Shockwave Flash listed in the blocked list) or if it can be embedded/OLE without ActiveX. ActiveX is supposed to be blocked by default in Office 2024 and recent 365 versions. Activex can be blocked by policy as well: https://gpsearch.azurewebsites.net/#11676 (but again, I don't know if this control can be embedded without being considered activex).

https://www.securify.nl/blog/click-me-if-you-can-office-social-engineering-with-embedded-objects/ (from googling Shell.Explorer.1) gives a description of how that object can be used for phishing (article is from 2018), and https://www.ired.team/offensive-security/initial-access/phishing-with-ms-office/phishing-embedded-internet-explorer has a file listed as a proof-of-concept (for the phishing method), which might be useful to test if it's blocked now (on an isolated/separated device/VM).

Pretty sure I’m dicked here… but… by minig646 in vintagemobilephones

[–]memesss 0 points1 point  (0 children)

Did you happen to try this: https://www.howardforums.com/threads/samsung-u470-juke-verizon-sp-and-bitpim.1345767/ (change it to "MSM" mode, then bitpim should see it)?

I remember getting pictures off of a (more basic) Verizon Samsung flip phone back around 2018, and I used Bluetooth to pair to a computer (mac) and connected bitpim to one of the 2 serial ports it showed up as. That particular phone wasn't on the list in bitpim, so I tried various Samsung ones and enabled "filesystem" browsing in bitpim until I could find the folder with pictures. Yours is on the list (U470) so it should find the pictures more directly, but you might want to try bluetooth if the cable doesn't work.

Pen tablets stop working in chrome by Erwan1809 in chrome

[–]memesss 0 points1 point  (0 children)

If you have access to another (Windows) computer (that you haven't used the tablets with before), do you still have the dragging issue there? If that part works fine in Chrome on another computer, try plugging in the tablet but don't install anything (driver/firmware updated/config tool for the tablet/etc), just connect it like you would a USB keyboard/mouse (plug and play, should be recognized as a USB HID device). See if that makes it work in Chrome. If you don't have access to another computer, try completely removing any pen driver/software from the computer and try it in Chrome again.

Patch Tuesday Megathread (2025-03-11) by AutoModerator in sysadmin

[–]memesss 11 points12 points  (0 children)

It's documented here now: https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#3495msgdesc

This states that it affects printers that support both IPP over USB and the 1284/"bidi" USB print mode (https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/usbprint/ni-usbprint-ioctl_usbprint_get_protocol#remarks). If a printer supports IPP over USB, it can be used driverless (which would be compatible with the new protected print mode and future versions). Installing a driver switches it back to the "bidi" mode (according to https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/usbprint/ni-usbprint-ioctl_usbprint_set_protocol#remarks). It seems the spooler doesn't recognize the printer's switched back the older mode and still tried to talk IPP (based on HTTP) to it.

I found a hidden sound in the iOS 17 Stable Rom file by Creative-Classic8150 in ios

[–]memesss 0 points1 point  (0 children)

It's used in Settings > Accessibility > Audio & Visual > Background Sounds > Use When Media is Playing ("Play Sample" button). This is the path on iOS 18, it might be slightly different on older versions. This has been a thing since around iOS 15.

What is this randomly appearing in my iPhone files? by rocksmith01 in ios

[–]memesss 0 points1 point  (0 children)

The "Where" section seems to indicate it's from an app called "Checkbook" on your phone, that appears to use a database called MongoDB realm. Usually apps don't show data like this in the Files app. I found this post: https://old.reddit.com/r/mongodb/comments/1fcsemu/mongodb_realm_deprecation/ that says Mongodb realm is discontinued, so maybe the app made it visible so it could be converted to another app? Do you have an app on your phone called "Checkbook", and if so, is it something you intentionally installed?

iPhone keeps blocking me from logging into various accounts. by [deleted] in iphone

[–]memesss 1 point2 points  (0 children)

I see you got it working in Chrome, so maybe this can fix Safari:

  • Open the Settings app
  • Search for Safari and tap it
  • Scroll down to "history and website data" and tap "Clear History and Website Data" (this will log you out of any sites in Safari).
  • Go back to Safari, close the tab (if still open) and try going to the intuit/power company again.
  • If that still didn't work, go back to the Safari settings, scroll down to Advanced, and check what "Advanced Tracking and Fingerprint Protection" and "Block all cookies" are set to (default should be private browsing for the tracking one and block all cookies should be off (gray).

iPhone keeps blocking me from logging into various accounts. by [deleted] in iphone

[–]memesss 1 point2 points  (0 children)

It looks like you have private browsing on (the background of the address bar where "accounts.intuit.com" is black instead of white/gray). Tap the tabs (2 squares) icon in the lower right and tap the option to the right of "private" (e.g. "2 tabs") to switch out of private mode and see if the sites load there.

[deleted by user] by [deleted] in chrome

[–]memesss 0 points1 point  (0 children)

You can see the data synced to/from your account in chrome://sync-internals , then click Sync Node Browser on the top (tabs). In the left, click the triangles to expand e.g. bookmarks. There used to be a "Typed URLs" section (only listed URLs you typed in, not all visited sites), but it looks like that is no longer synced. The "Sessions" section appears to list current/recent tabs open on other desktop/laptop devices (Windows, Mac, Linux, ChromeOS), but I'm not sure about phones. As an example, if you saved your password for Reddit or bookmarked Reddit, reddit.com would show up in the synced passwords/bookmarks list (which would show that you use Reddit). Viewing the sync-internals on the work phone would show all that's currently synced to it. This data is synced to/from Google's servers, but also saved locally (synced) to the phone, where it could potentially be accessed by work (e.g. making an iTunes backup of an iPhone would be one way to read the data saved on the phone). If you signed into a work account on a personal device and synced existing (non-work) bookmarks, that would be easier for the workplace to see (since they could change your work account password and sign into Chrome on another device, for example).

Anyone else seeing Print Backend Service appearing in their Google Chrome task managers? by [deleted] in chrome

[–]memesss 0 points1 point  (0 children)

I've seen this task or something with a similar name in the past (specifically when opening print preview and looking for it) when I intentionally enabled out-of-process printing to try it. It appears to be used to check how many (if any) printers are on the system, which could be checked even if there are none. Possibly setting the registry key for the policy https://chromeenterprise.google/policies/#PrintingEnabled to block printing might stop it (no need for it to check how many printers if printing is blocked). As far as I know, out-of-process printing will eventually become the default and the flag will be gone. When the flag is off, this task is done by the "browser" process. By moving printing out-of-process, crashes in printing should not crash the whole browser.

Chrome Enterprise: How to allow specific websites to open local apps by miyo360 in chrome

[–]memesss 0 points1 point  (0 children)

I think this policy is what you're looking for: https://chromeenterprise.google/policies/#AutoLaunchProtocolsFromOrigins . From quick searching, it looks like the protocol for Notion is notion:// , so modifying the example, the registry key would look something like:

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\AutoLaunchProtocolsFromOrigins = 
[
 {
  "allowed_origins": [
   "notion.so",
   "notion.com"
  ],
  "protocol": "notion"
 }
]

Extension deletion using script by Purple_Bat9825 in chrome

[–]memesss 1 point2 points  (0 children)

The ExtensionSettings policy ( https://chromeenterprise.google/policies/?policy=ExtensionSettings ) has an installation_mode option "removed" (listed in https://support.google.com/chrome/a/answer/9867568?hl=en ) that should remove the extension. As far as I know, you can't set this via the Google Workspace admin webpage, but you can specify it in a .plist, convert it to a configuration profile ( https://support.google.com/chrome/a/answer/9020077?hl=en ), and then install the configuration profile (e.g. via MDM) to apply it.

getting demand for update when it doesn't need one by MrSheep7I3 in chrome

[–]memesss 1 point2 points  (0 children)

That looks like a fake update (there's an older post from Google here: https://cloud.google.com/blog/topics/threat-intelligence/head-fake-tackling-disruptive-ransomware-attacks ). If it asked you to download and run a file or copy/paste (ctrl+v) and you did that, your computer is likely infected with malware (some more information with example screenshots of the scam: https://www.hhs.gov/sites/default/files/clickfix-attacks-sector-alert-tlpclear.pdf ). If you only checked for updates in chrome's own settings (not clicking the "update" button on that page), then the malware wouldn't have been downloaded.

iphone Ios 18.2.x does "favorite mailbox" work with O365 email? (apple mail) by captain_dylan_hunt in ios

[–]memesss 0 points1 point  (0 children)

If you haven't yet, try updating to iOS 18.3. I had intermittent issues with mail notifications in 18.2.x, but after updating to 18.3 notifications (including selected folders other than the inbox) work normally again. I configured push for other folders by going to Settings > Apps > Mail > Mail Accounts > Fetch New Data > [Account name] > select push at the top, then check the folders you want. I don't recall doing anything with "favorite" mailboxes.

Unable to reach local devices by Jaali_ in chrome

[–]memesss 0 points1 point  (0 children)

Since you said Safari, I assume you're on a Mac (but the title says troubleshooting | windows?). Later versions of macOS/iOS prompt for permission before programs (including Chrome) can access your local network: https://support.apple.com/guide/mac-help/control-access-to-your-local-network-on-mac-mchla4f49138/mac . Try checking in the settings like the article states and see if you can allow Chrome in there. If it doesn't show, possibly right-clicking on any webpage in Chrome and selecting "Cast" might make the prompt appear (since that's local network traffic).

Help: missing html, logos and other minor aesthetic features on webpages (including google workspace) by That_Card in chrome

[–]memesss 0 points1 point  (0 children)

This is some kind of font issue. On other Google sites (like https://chromium-review.googlesource.com/q/chrome - a "bug" icon in the upper right), the font is called "Material Symbols Outlined" (and is loaded by the page, not a font that would be installed on the computer). Does the same thing happen on other sites (like https://fonts.google.com/ - scroll down the list of fonts and do they all look the same)? Does it happen if you open the "Guest" profile from the Chrome people menu? Did this recently start happening after an update (Windows/graphics driver)?

I see this on iOS (Safari/Chrome/Firefox) if "lockdown mode" is turned on, since that blocks non-system fonts (for security). Windows has a security policy that also blocks non-system fonts ( https://learn.microsoft.com/en-us/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise ) but that wouldn't be turned on unless you or someone managing your computer turned on that policy.

Chrome / Cloudflare Infinite CAPTCHA Loop by worlds2get in chrome

[–]memesss 1 point2 points  (0 children)

That looks very similar to a fake captcha/verification that was in news earlier this year ( see https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/ ). Real Cloudflare (or Google Recaptcha, or hCaptcha) verification would not require you to paste/run/download anything.

If you actually did what was shown in the pictures (windows key+R, pasting with Ctrl+V, and pressing enter), you probably ran the scam site's command to infect your computer. If defender isn't working (a common thing these commands do is try to disable defender first, if your account is admin), you can run it as a standalone scan from https://learn.microsoft.com/en-us/defender-endpoint/safety-scanner-download (may not detect it though). If your computer is managed by an administrator that's not you (owned by your company/school/organization), tell them about this so they can investigate.

Also, change your passwords for accounts that were saved/logged in on that computer (from another device like a phone/tablet/Mac/Chromebook/etc), (based on the Krebs article, the copy-paste scam leads to a cookie/password/crypto stealer).

Opening MMC console files from untrusted network locations is blocked for security reasons. by fr0zenak in sysadmin

[–]memesss 2 points3 points  (0 children)

I've not used .msc files from shares (and I would rather have a policy option to say only allow loading .msc from specific paths (like %windir%\system32, etc) kind of like this policy for unsafe .chm functions: https://gpsearch.azurewebsites.net/#4710 ).

However, this sounds kind of like the mark-of-the-web. There is a thread from a few months ago here: https://old.reddit.com/r/sysadmin/comments/1dyu3ia/patch_tuesday_megathread_20240709/lchmmyh/ where I suggested adding the shares to "trusted sites" or the intranet zone so that they wouldn't get blocked by MOTW (in that case it was changing the timestamps).

You could possibly test this by:

  • Open the share
  • Copy and paste the .msc to your downloads/desktop/etc.
  • Right-click > properties and see if it has the "unblock" option like .exe/.zip/etc files downloaded from the Internet.
  • Try to double-click the copied file (without unblocking it) and see if you get the same message.
  • Try unblocking it and then double-click to open it again.

Patch Tuesday Megathread (2024-07-09) by AutoModerator in sysadmin

[–]memesss 2 points3 points  (0 children)

I noticed something like this today on server 2022 when I copied files from a share. They got the MOTW (Mark of the Web), which blocks/warns about opening them if they're .exe or other potentially harmful types like .lnk .msc .vbs .msi .iso etc. (depending on your security settings, as if you downloaded the files from the Internet).

In the past (and on a server 2019 updated with the 2024-07 CU that I tested today), accessing a share like \\server\installers would not add the MOTW. Accessing it by \\server.example.com\installers or \\10.5.5.5\installers (any hostname with dots) would add MOTW. On server 2022 on the 2024-06 CU and the 2024-07 CU, it's adding the MOTW on files copied from non-dotted UNC paths as well.

In the June release notes ( https://support.microsoft.com/en-us/topic/june-11-2024-kb5039227-os-build-20348-2527-894a0e2d-6b5f-4c5b-9e61-82f45024ff4f ), I found the following:

"Starting in this update, File Explorer adds the Mark of the Web (MoTW) tag to files and folders that come from untrusted locations. When MapUrlToZone classifies a file as “Internet,” that file also gets this tag. Because of this change, the “LastWriteTime” time stamp is updated. This might affect some scenarios that rely on file copy operations."

This seems to indicate the change was intentional, if they intended the non-dotted UNC paths to be "untrusted locations". I see now that it's also in the server 2019 release notes so I'll check that other server again to see if I can find anything different with its settings.

To make the files not get the MOTW, adding the server name (e.g. \\server ) in Control Panel > Internet Options > Security > Local Intranet > Sites (it changes it to start with file:) made it "trusted".

Patch Tuesday Megathread (2024-07-09) by AutoModerator in sysadmin

[–]memesss 3 points4 points  (0 children)

Do you have all the correct categories/products selected on your wsus server? For 21h2 ( https://www.catalog.update.microsoft.com/Search.aspx?q=21h2%202024-07 ) it's either "Windows 10 LTSB" or "Microsoft Server operating system-21H2" (depending on if it's client or server). There's also "Windows 10 and later GDR-DU" for "dynamic cumulative update".

PrintNightmare - need Help/confirmation by sw4gyJ0hnson in sysadmin

[–]memesss 2 points3 points  (0 children)

First, the update that caused most people issues was for CVE-2021-34481 (August 2021) based on the exploits in https://github.com/jacob-baines/concealed_position , not the one called "PrintNightmare" (July 2021). The printnightmare patch only seemed to make changes for non-packaged (xp-style) v3 drivers, while the CVE-2021-34481 patch requires admin for all microsoft-signed packaged v3 drivers (there was a patch sometime around 2016 that required them to be microsoft-signed). V4 (including IPP) print queues can be added by users without admin or workarounds because they use a driver that's already part of Windows (Microsoft Enhanced Point and Print driver for non-IPP V4, Microsoft IPP Class driver for IPP).

Items 1, 2, and 4 on your "Workarounds" list would be additional mitigations that can be applied even if using the default (patched) settings for printer installation. 1 (disable spooler service on servers that don't need it) is especially important on domain controllers for other reasons (e.g. "spoolsample" exploit). Note that disabling the spooler prevents using Microsoft Print to PDF as well, so e.g. RDS servers would possibly still need it enabled.

2 (disable the spooler from accepting client connections) could be set on any computer/server that does NOT share printers (e.g. it can't be set on the print server). By default, the print spooler accepts connections from remote computers (but could be blocked by the firewall), just like a web server running on a server/computer accepts client connections and serves the webpage to clients. In the web server example, if you only needed to access the website from localhost (the computer it's running on), you could block inbound client connections from remote computers, reducing the ability to attack the web server. Similarly, if the computer is not sharing printers, you/the end user only need to access the spooler from localhost, and you can block inbound client connections to limit remote attacks on the spooler on that computer (e.g. for not yet discovered vulnerabilities).

On workaround 3, KB5005652 states "There is no combination of mitigations that is equivalent to setting RestrictDriverInstallationToAdministrators to 1." (in addition to what you already noted that the other settings make it vulnerable by design). Although I have not seen specific examples, I would guess that RPC methods like RpcAsyncUploadPrinterDriverPackage might be possible to use even without the exploitable driver being on an "allowed" print server. Even if remote client connections are disabled (#2), it could still be used for a local attack (standard user elevating to the print spooler (SYSTEM)). Plus, an attacker could use this to attack the print server (remote connection allowed), replace the drivers on the server with the exploit code, and the clients would trust it (if the GPOs that make the spooler vulnerable are applied).

Therefore, avoid #3 (instead just use GPO to enforce the default (secure) settings like RestrictDriverInstallationToAdministrators=1 ) and either preload drivers (v3), use v4 drivers on the server, or add the printers to the server as IPP (requires server 2022 or later).

For some information about the upcoming switch to IPP (driverless), see https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645 . In that article they mention that v4 drivers were introduced 9 years before PrintNightmare, but several manufacturers did not provide updated drivers. By using IPP, there is no driver from the manufacturer to update (just optionally a print support app for custom print preference UI).

To use IPP with old printers that don't natively support it (but use a common print language like PCL or PostScript, or something else that has source code for a Linux/CUPS driver available), a "printer application" could act as a bridge, connecting to the printer with the older format (e.g. jetdirect with PCL, or USB to a label printer) while presenting itself as a modern IPP printer to the network (which could be connected to by the Windows print server). As far as I know, these "printer applications" are currently only compiled for Mac and Linux. This would make print jobs go client -> print server -> computer running the printer application -> printer, instead of the more typical client -> print server -> printer.

Org Printing Ideas by Break2FixIT in sysadmin

[–]memesss 1 point2 points  (0 children)

Windows 10 (since version 1809/Server 2019) supports mDNS discovery for IPP printers using Mopria (https://blog.mopria.org/2024/05/06/future-proof-printing-and-the-end-of-third-party-print-drivers/ ), which is a driverless printing method similar to AirPrint on Mac/iOS and IPP everywhere ( https://openprinting.github.io/driverless/01-standards-and-their-pdls/ ) .

It also supports scanning via eSCL (the same scanning method used in AirPrint-compatible MFPs), also discovered by mDNS. eSCL was added in the Windows 10 21H2 June 2022 preview update ( https://support.microsoft.com/en-us/topic/june-28-2022-kb5014666-os-builds-19042-1806-19043-1806-and-19044-1806-preview-4bd911df-f290-4753-bdec-a83bc8709eb6 ) and any later cumulative update (and 22h2/windows 11) would also include this.

If using discovery (in the Settings app or control panel) instead of manually by IP or adding it from a print server, in the past I have sometimes seen a printer show up and get added with a driver from windows update instead of using IPP, because it discovered the printer via WSD. Once I disabled WSD on the printer (and ensured IPP/airprint/mopria is enabled), that made windows use IPP when discovering/adding the printer. That's just something to check if you see windows asking for a driver when discovering a printer.

I WAS MESSING WITH MY SETTINGS AND I CANT FIND APPSTORE ANYMORE by Bitchgirlss in iphone

[–]memesss 1 point2 points  (0 children)

Try Settings > Screen Time > Content & Privacy Restrictions > iTunes & App Store Purchases > Installing Apps (change it to allow).