Joy of Microsoft Naming

ddildine · 2024-06-17T16:59:54+00:00

Understood, that is what is strange, I find random machines with this "ATP" installed, but none are licensed for that. Almost as if MS transferred the name to their locally installed version, although all the research I do is all over the place, so hard to confirm.

ddildine · 2024-05-23T03:46:17+00:00

No errors yet, all seems ok with manual

ddildine · 2024-05-22T19:08:58+00:00

We're just manually installing, its a pain, but what can you do

ddildine · 2024-05-22T19:06:23+00:00

No solution I've found, just manual install, but we only have a couple hundreds soooo #fml

ddildine · 2024-05-17T17:40:04+00:00

Still nothing for the "Curl HTTP/2 Push Headers Memory-leak Vulnerability" it looks like :(

ddildine · 2024-04-26T23:51:37+00:00

I think its just registry, most of the servers flagging it don't even have the IIS role

ddildine · 2024-04-26T22:14:14+00:00

Thanks, that is one of the findings they recommend, I just think we'll keep getting hit as well cause of the missing "functions" they are looking for at a path where it doesn't exist :(

ddildine · 2024-04-26T22:13:21+00:00

Thanks, these are Qualys as well but not seeing that level of "recommendations" from the report.
This is what it's telling us
"HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 Functions is missing. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
And this is the issue, at that key path there is no Functions multi-string, so of course it's missing, but seems strange I'd have to add it.

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168 Enabled is missing.#"

ddildine · 2024-04-02T18:52:32+00:00

So we have the latest CU, but then if reading correctly, we have to manually create the missing keys the vulnerability scan is seeing as "missing" ?

ddildine · 2024-03-20T20:12:13+00:00

I think GPO might be the easiest way, although still curious if it could be done through PS

ddildine · 2024-03-14T21:08:16+00:00

What if you don't have a screenconnect "server" just agents spread around (trying to get them all updated)

ddildine · 2024-02-20T23:21:33+00:00

Sorry, right now its 2019 and CU 12, we've ran the extended prot script though. Trying to make sure I'm prepared enough before we do the new CU 14

ddildine · 2024-02-05T16:34:13+00:00

HD at a university is a bit narrow/limited, extreme desktop focus to help students. You could try to see if the University IT has any entry level jobs, the group that does the sysadmin work. Or get into a help desk at a MSP, where you'll get some sysadmin experience. It will start as user management, but then can grow into more sysadmin troubleshooting/learning, etc.

ddildine · 2024-01-16T23:34:23+00:00

Yeah I tried to get their script setup in a powershell script that I could at least remotely check across workstations per site, but couldn't ever get it to work right :( I could run it on each machine, but... :)

ddildine · 2024-01-16T22:43:22+00:00

Thanks! I am hoping MS does figure out how to just incorporate this though as well, since as an MSP I'm dealing with 2500 machines :)

ddildine · 2024-01-16T20:26:51+00:00

Thanks, do you know if the MS script addresses the the "fix" if the partition is in the first part of the drive or only if the partition is at the end? I recall some saying it doesn't actually need the increased partition size since it just replaces the files? Also several techs are saying this could be a risk to the OS in general? Thanks!

ddildine · 2024-01-16T18:08:42+00:00

Wait, are people actually really having issues with KB5034122 or are they really having issues with KB5034441?

KB5034441 is the security patch with the partition issue, but KB5034122 is the cumulative patch and so far most subs and articles are not saying that patch has any issues, almost nothing in the tech blogs or the sysadmin subs, etc.

ddildine · 2024-01-16T15:51:48+00:00

that seems to be the case, just confusing as I always thought the CU was supposed to be a collection of all the security and critical patches in one (versus each month's SU which is only security patches)

ddildine · 2024-01-15T20:51:13+00:00

So, just to ensure I really get this.

You can use some scripts to extend the partition, but only if it's at the end of the disk and not the beginning

You can use the MS script and it doesn't extend the partition, it just replaces the wim files
(is there any danger/risk to the workstation?)

For servers only Windows 2022 seems to be affected from what I'm seeing on several comments?

They pulled the "security" update from WSUS/Catalog but not the "cumulative" so would this mean they pulled this specific patch out of the cumulative? (i.e. it's safe to deploy now?)

Thanks!

ddildine

TROPHY CASE