Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing Microsoft is trying to shut the door on a couple of routes cybercriminals have used to attack users and networks. The enterprise IT giant's policy of blocking Visual Basic for Applications (VBA) macros in downloaded Office documents by default has been activated once again after a brief pause to address feedback from users who …
If not that's a yes please and also, with a side of natively supported MFA for local accounts.
Bringing the behavior into parity the local login policy without addressing the others is a band-aid not a fix. Currently most users can't tell if they are being brute forced, and the default windows logs are a 90s era horror.That said locking the users (active) account, possibly from a different domain connected computer, without notice, is a very classic M$ power move. Funny that their email system will notify IT if there are too many break-in attempts on one of our domains email addresses, but not on their domain accounts by default.
Instead we have to set up our own log collectors, and very carefully screen them, as no two versions of windows will seemingly log password attempt/succeed/fail in a consistent or traceable manner, or by default.
(The policy was to block these particular macros by default in Access, Excel, PowerPoint, Visio, and Word, though after a few months of – at times, negative – feedback from users, Microsoft put a temporary halt on the initiative. Complaints ranged from critiques about how the blocking was implemented to the negative impact it had on some users' systems.)
So a few users had a moan because it made their life more difficult so MS back tracked on improved security for the masses? Those complaining will probably be the first ones to get compromised because they just click on Yes/Accept/OK to every dialog box and pop up.
And lets be honest although im a LibreOffice user, those people who want macros in their docs won't switch away from MS Office no matter what Microsoft does with it, so they should just go ahead and make the security changes and be damned with the moaners who are complaining.
I've made a living from Office macros in the past (I was using them as recently as last week) and I do welcome this change.
The number of people who just run things without thinking and then go "oh I thought it was all right to just click yes to all seventeen prompts to open 'ranzomware.pdf.jpg.png.exe.exe.exe' lol" just beggars belief...
That macros in Office documents cause security issues should be no surprise to anyone. These issues arise because the model is fundamentally broken -- the data and the program logic should have been made separate from the outset. That is: The macros should not have been stored in the same file as the data, but should have been made separate entities.
That way it would have been possible to send the data (only) of an Office document by EMail (or any other way) in a file that would have been readable by Office on another machine, but only as a read-only document as the logic required for recalculation would have been absent. If you wanted the recipient to be able to alter the data you would have to ensure that the recipient also had access to the macro 'program' (which, in a corporate environment, would have been pre-installed by IT services, who would have checked what it did and protected it from subsequent alteration).
Unfortunately, back in the day when Microsoft were pushing software to perform all these 'clever' tasks they had no concept whatever of security, and so lumbered us with a broken document/program model that has troubled us all ever since.
"...the Remote Desktop Protocol (RDP), a feature of Microsoft Windows that allows somebody to use it remotely... It's a front door to your computer that can be opened from the Internet by anyone with the right password."
You'd need to be on the same local network or have port forwarding set up. Not so much of an issue for home users. RDP bruteforcing could be a thing with malware hopping between machines on corporate networks, though even here, the tendency is to use an MS or company user ID for RDP. Isn't there already 2FA for that?
I had a customer set up remote access for me. I heaved when they said “hey to get in, RDP to this public IP address and use your username and password”
The box was sitting in the breeze with a public IP. This was given to me by a supposed IT guy. Who knows what else was happening to this poor box sitting on the internet with a public IP and no firewall. Let alone what would happen when this “trusted” box got compromised and the baddies could hop off from it.
So there you go. It happens.
In case you couldn’t rest in bed tonight and wanted to know the outcome, I asked the customer to remove this box and I never even logged into it.
When I first got cable internet, NTL supplied a modem with ethernet socket. To get it up and running I ran an ethernet cable directly to our PC. All working fine until I realised this was inconvenient. Bought a WiFi router shortly afterwards
Sometimes I wonder: Was that PC sitting directly on the internet? As an aside, I called NTL once on a technical matter, mentioned the router and they said it was against policy for more than one computer to share the connection!
Was the PC Directly on the internet?
Depends. Short version, if the PC did the PPP authentication (PPPoE), and the modem was a bridge then yes. If the modem itself was authenticating, and was routed and doing NAT then no.
“Policy” has little to do with function. Although the scnenario you describe is probably a bridged modem forwarding PPP to the PC, which generally means one device can use the bridge.
Edit: I was a few gins in when I wrote this so I’ll review it tomorrow morning.
The original little blue boxes were just modems, no NAT. So yes, you needed a firewall on your Windows 98 machine to prevent it being mightily rogered.
Which you could not download until you'd connected to the internet....
(signed up to cable internet when it was still Mercury Communications)
A few years ago my other half (who works in a private eucation establishment) had to access the main work system for said establishment from home. The way their IT deparement did that was to give her a CD with a saved rdp connection which pointed to their public IP and had the saved (domain) administrator password. She was most amused at the ranting that ensued when I saw how they'd done it....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
