New Microsoft Graph APIs released today in public preview allow developers and IT professionals to manage Windows 10 updates and expedite Windows 10 security updates in enterprise environments.
Microsoft Graph is an API platform that helps developers create apps capable of accessing Microsoft 365, Windows 10, and Enterprise Mobility + Security data.
Access to deployment service update management capabilities
“By connecting deployment service capabilities with Microsoft Graph, app developers can easily build rich update management tools and extend these experiences with contextual user data (such as leveraging a user’s calendar data when scheduling an update),” Microsoft Principal Program Manager David Mebane explained.
The deployment service Mebane refers to is the Windows Update for Business deployment service, a cloud service announced by Microsoft in March and providing control over the approval, scheduling, monitoring, and safeguarding of Windows Update controls.
With its release, Microsoft has expanded Windows Update device management features available to IT pros, making it possible to:• Schedule update deployments to begin on a specific date (ex: deploy 20H2 to these devices on March 14, 2021) • Stage deployments over a period of days or weeks using rich expressions (ex: deploy 20H2 to 500 devices per day, beginning on March 14, 2021) • Bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise • Ensure coverage of hardware and software in your organization through deployments that are tailored to your unique device population through automatic piloting • Leverage Microsoft ML to automatically identify and pause deployments to devices that are likely to be impacted by a safeguard hold • Manage driver and firmware updates just like feature updates and quality updates
The Microsoft Graph API released today in public preview further extend these fine-grained controls, allowing customers to interact with the deployment service via apps that can help them:• Approve and schedule specific feature updates to be delivered from Windows Update on a specific date – including skipping or not taking feature updates. • Stage deployments over a period of days or weeks using rich expressions (ex: deploy 20H2 to 500 devices per day, beginning on May 11, 2021) • Bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization. • Deliver safer update results by leveraging automatic pilots for any deployment.
Deployment service interaction via Microsoft Graph Explorer (Microsoft)
Available starting today
Customers with supported Windows or Microsoft 365 subscriptions can access the deployment services through the new APIs starting today.
To start using the new Microsoft Graph APIs today, you need one of the following subscriptions:
Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
Windows Virtual Desktop Access E3 or E5
Microsoft 365 Business Premium
Devices compatible with the deployment service must be Azure AD joined or Hybrid AD joined, and run Pro, Enterprise, Education, or Pro Education editions of Windows 10, version 1709 or later.
Further information on enrolling devices for management, managing feature updates, and expediting security updates is available here.
Microsoft says that Windows devices need to be online for at least eight hours to get the latest updates and have them correctly installed after they’re released through Windows Update.
The amount of time devices running Windows are powered on and connected to Windows Update is tracked by Microsoft as ‘Update Connectivity.’
This measurement correlates the systems’ lack of enough connected time with why they’re not up to date while also making it easier to understand why some devices are unlikely to get recently released updates successfully.
According to David Guyer, a Microsoft Program Manager for Windows Updates in MEM, Windows devices need at least 8 hours online to get the latest updates and successfully install them.
“One of the most impactful things we explored was how much time a device needs to be powered on and connected to Windows Update to be able to successfully install quality and feature updates,” said Guyer.
“What we found is that devices that don’t meet a certain amount of connected time are very unlikely to successfully update. Specifically, data shows that devices need a minimum of two continuous connected hours, and six total connected hours after an update is released to reliably update.
“This allows for a successful download and background installations that are able to restart or resume once a device is active and connected.”
You can track devices with insufficient Update Connectivity via Microsoft Intune by navigating to Devices > Monitor and selecting either the Feature update failures or the Windows Expedited update failures report.
Insufficient Update Connectivity alerts can also be found via the Summary report in Intune by going to Reports > Windows updates > Reports > Windows Expedited update report.
Microsoft Intune Update Connectivity alerts (Microsoft)
When looking at Windows 10 devices that are not fully updated and not meeting minimum connectivity requirements, Microsoft saw that:
Approximately 50% of devices not on a serviced build of Windows 10 do not meet the minimum Update Connectivity measurement.
Approximately 25% of Windows 10 devices on a serviced build but have security updates that are more than 60 days out of date have less than the minimum Update Connectivity.
“When troubleshooting update issues, we have found it is best to select devices that have sufficient Update Connectivity,” Guyer added.
“If a device has insufficient Update Connectivity, then investigating other update issues is complicated because the low Update Connectivity can create new issues that go away once there’s enough connectivity.”
In related news, Microsoft began testing a smarter delivery method for Windows update improvements dubbed ‘Update Stack Package,’ which would deliver improvements to the update experience outside of major OS updates before monthly or feature Windows updates.
The company also redesigned cumulative updates in Windows 11 to allow security and quality updates to install faster as they are approximately 40% smaller than their Windows 10 counterparts.
Last year, Redmond released new APIs for managing Windows Update that enable devs and IT professionals to expedite Windows 10 security updates in enterprise environments.
If you start a program and receive an error stating that the program you are trying to run needs the Microsoft Visual C++ 2015 Runtime, you can use this tutorial to install the package so that your program works again.
When developers create a Windows program using Microsoft Visual Studio 2015, there are specific dynamic link libraries (DLLs) that their programs are linked to work correctly.
These DLLs are distributed through the Microsoft Visual C++ 2015 Runtime, and if the package is not installed, users will encounter errors stating that DLLs are missing or you need to install the runtime.
As an example, the video game Valorant released an update today that did not include the Microsoft Visual C++ 2015 Runtime, causing the game not to work after the update was installed.
When users launch Valorant, they are instead greeted with the following error.
Missing Microsoft Visual C++ 2015 Runtime error
“The following component(s) are required to run this program: Microsoft Visual C++ 2015 Runtime”
The good news is that it is really easy to fix this problem by downloading and install the runtime from Microsoft’s website.
To install the Microsoft Visual C++ 2015 Runtime, please follow these steps:
You will be brought to a page where it asks you to select whether you want to download the 32-bit or 64-bit version of Windows. Select the version you need and click the Next button. If you are unsure what version you need, you can use this tutorial to determine what you need.
BleepingComputer suggests that you download and install both the x86 AND x64 versions of the runtime to not run into issues in the future.
The files will now be download to your computer. Once downloaded, double-click on the downloaded vc_redist.x64.exe file.
The Microsoft Visual C++-2015 Redistributable screen will be displayed and ask you to agree to the license terms and conditions. Put a checkmark in the “I agree” box and then click on the Install button.Microsoft Visual C++-2015 Redistributable
If Windows prompts you to allow the program to make changes or continue, click on the Yes or Allow button.
When done, the program will display a message stating that it was successfully installed.Redistributable Installed
Now perform the same steps to install the vc_redist.x86.exe runtime.
You can now close the installer.
If you already had the Visual C++ 2015 Runtime installed, you can run the above redistributables and perform a repair.
Perform a Repair
You can now try to run the program that previously gave the missing runtime error, and it should work again.
By default, the Windows 10 Start menu will open up in a size that accommodates all of the pinned items. For those who wish to use a larger Start screen, making the Start menu open in a full-screen mode is possible.
When the full-screen mode is enabled, the Start screen will overlay the entire desktop and provide a more generous amount of space to pin applications, and your live tiles will be larger.
If you wish to enable the Start full-screen mode, please follow these steps:
Click on the Start menu and then click on the Settings cog ( ) to open the Windows 10 Settings.
When the Settings open, click on Personalization and then Start.
In the Start settings, look for a setting named ‘Use Start full screen‘ and click on the toggle to enable the feature, as shown below.Enable Start full screen
You can now close the Start settings screen.
Now that you have enabled Start full screen mode, when you click on the Start button, the Start menu will be shown in full screen and overlay the entire desktop.
Start full screen
When using Start in full screen mode, you can close the Start menu at any time by pressing the Escape key on your keyboard or by clicking on another program or screen.
To disable Start full screen mode, just follow these steps again, but this time disable the ‘Use Start full screen’ setting.
One of the Windows 10 Start Menu features is a built-in Bing search when a local search fails to find anything. Whether it be due to privacy reasons, bugs, or just personal dislike, this article will explain how to disable Bing search in the Start Menu.
When you perform a search in the Windows 10 Start Menu, Windows will first look for local search results such as settings, files, or programs and display any that are found.
If there are no local results, Windows will then perform a Bing search for the search keyword and list the results in the Start Menu as shown below.
Blank search results in Start Menu
When logged into a Microsoft Account, these searches will be uploaded to Microsoft, who will then list them in your account’s Privacy Dashboard. This is a privacy concern for fear that Microsoft is using this data to track your browsing habits.
There have also been bugs in the Bing search component in the past that have caused the Windows 10 Start menu to appear completely blank. If you do not utilize the Bing search feature, disabling it could prevent those bugs in the future.
Below we have outlined two methods that can be used to disable Bing search in the Windows 10 Start Menu.
How to disable Bing search in the Windows 10 Start Menu
Unfortunately, for those who want to disable Bing search in the Start Menu, Microsoft does not provide an easy method.
Instead, Windows users need to modify the Registry so that it is using the following Registry values.
For those who feel comfortable modifying the Registry, we have instructions on setting the proper values using the Registry Editor.
For those who are not comfortable with Registry modifications, please see method two that contains an easy to use premade Registry file that makes the settings for you.
METHOD 1: DISABLE BING SEARCH RESULTS VIA THE GROUP POLICY EDITOR
Windows 10 Pro comes with the Group Policy editor, which you can use to disable Bing search in the Start Menu.
To disable Bing Search, follow these steps:
Search in the Start Menu for ‘gpedit.msc‘ and select it when the result appears.
When the Group Policy Editor opens, navigate to the following path: User Configuration\Administrative Templates\Windows Components\File Explorer
Under the File Explorer section, you will see a policy called ‘Turn off display of recent search entries in the File Explorer search box’ as shown below. Double-click on the policy to open it.
To disable Bing search, set this policy to ‘Enabled.’
When done, click on the Apply and then OK button to save the policy.
You can now close the Group Policy Editor and restart Windows Explorer or restart your computer.
Once restarted, Bing searches will no longer appear in the Start Menu.
METHOD 2: USE THE REGISTRY EDITOR TO DISABLE BING INTEGRATION
If you are using Windows 10 Home and are comfortable using the Windows Registry, you can disable Bing’s integration in Windows Search using the Registry editor.
First, open the Windows Registry Editor by pressing the Windows key + the R key at the same time. This will open the Run: dialog and then type regedit and press the OK button.Starting Registry Editor
Windows will display a UAC prompt asking if you wish to allow the Registry Editor to make changes to the system. Press the Yes button to continue.
Navigate to the HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer key. If the key does not exist, create the necessary folders until you are in the Explorer key.
Right-click on Explorer and select New and then DWORD (32-bit) Value, as shown below.New DWORD value
You will be prompted to enter the name of the new value. Type DisableSearchBoxSuggestions and press Enter on the keyboard. A new value will be created that should automatically be set to 0. Now double-click on BingSearchEnabled and set the value to 1 and then press the OK button.
When done, you should have the BingSearchEnabled value created and set to 1.
Once restarted, Bing search will no longer work in the Windows 10 Start Menu.
Bing Search disabled
Enable Bing integration again
To enable Bing integration again, simply disable the group policy or edit the Registry and delete the DisableSearchBoxSuggestions value under the HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer Registry key.
Once again, restart the Explorer process or the computer, and Bing integration will work again.
Update 10/5/20: Added updated instructions on how to disable Bing search.
Windows Safe Mode is a way of booting up your Windows operating system in order to run administrative and diagnostic tasks on your installation. When you boot into Safe Mode the operating system only loads the bare minimum of software that is required for the operating system to work. This mode of operating is designed to let you troubleshoot and run diagnostics on your computer. Windows Safe Mode loads a basic video drivers so your programs may look different than normal.
For Win98/ME, XP, Vista and Windows 7 there are two methods of booting into Safe Mode, while 95 and 2000 only have one. We will describe these methods below:
F8 – By pressing the F8 key right when Windows starts, usually right after you hear your computer beep when you reboot it, you will be brought to a menu where you can choose to boot into safe mode. If it does not work on the first try, reboot and try again as you have to be quick when you press it. I have found that during boot up right after the computer shows you all the equipment , memory, etc installed on your computer, if you start lightly tapping the F8 key you will usually be able to get to the desired menu.
System Configuration Utility – You can use the System Configuration Utility, or MSCONFIG, found in Windows 98, ME, XP, Windows Vista, and Windows 7 to make Windows boot into Safe Mode on the next reboot. We will go into specific details in the sections below. Please note, that you should not force your computer to boot into Safe Mode using the System Configuration Utility if you suspect you are infected with malware as the malware may corrupt keys required to boot into Safe Mode. You can read more about this here.
Windows 95
Windows 95 can only boot into Safe Mode using the F8 method as it does not have a System Configuration Utility.
Using the F8 Method:
Restart your computer.
When the machine first starts it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. When it is finished with that it will say “Starting Windows 95”. Immediately after seeing “Starting Windows 95” press the F8 key.
You will now be presented with a menu. Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
Do whatever tasks you require and when you are done reboot to boot back into normal mode.
Windows 98/ME
NOTE: Windows ME may look slightly different than what is shown in the images below. You should still have no problem following along.
Using the F8 Method:
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a menu.
When you have the menu on the screen. Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
Do whatever tasks you require and when you are done reboot to boot back into normal mode.
Using the System Configuration Tool Method:
Step 1: Close all programs so that you have nothing open and are at the desktop.
Step 2: Click on the Start button then click on Run.
Step 3: In the Run field type msconfig as shown in the image below.
Figure 1. Starting Msconfig
Step 4: Press the OK button and the System Configuration Utility will start up. You will then see a screen similar to Figure 2 below.
Figure 2. SCU Startup Screen
Step 5: You should now press the Advanced button designated by the red box in the figure above and you will see a screen similar to figure 3 below.
Figure 3. Advanced Options
Step 6: Place a check mark in the checkbox labeled “Enable Startup Menu” designated by the red box in Figure 3 above. Then press the OK button and then the OK button again. Windows 98/ME will now prompt if you would like to reboot as shown in Figure 4 below.
Figure 4. Confirm Reboot
Step 7: Press the Yes button and your computer will restart into Safe Mode.
Step 8: When the computer boots up perform what diagnostic or troubleshooting tasks you require.
Step 9. When you are finished with these tasks, complete steps 1-7 again, but in Step 6 this time uncheck the checkbox labeled “Enable Startup Menu”.
Step 10: Reboot the computer back into normal mode.
Windows 2000
Windows 2000 can only boot into Safe Mode using the F8 method as it does not have a System Configuration Utility.
Using the F8 Method:
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. When that is completed it will start loading Windows.
When you see the screen that has a black and white bar at the bottom stating “Starting Windows”, tap the F8 key repeatedly until you get to the Windows 2000 Advanced Options Menu
At this menu use the arrow keys to select the Safe Mode option, which is usually the first in the list.
Press the enter key.
Your computer will continue booting, but now will boot into Safe Mode.
Do whatever tasks you require and when you are done reboot to boot back into normal mode.
Windows XP
Using the F8 Method:
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
Do whatever tasks you require and when you are done reboot to boot back into normal mode.
Using the System Configuration Tool Method:
Note: If you are having trouble entering Safe Mode via the F8 method, you should not use this method to force it to startup into safe mode. For reasons why, you should read this.
Step 1: Close all programs so that you have nothing open and are at the desktop.
Step 2: Click on the Start button then click on Run.
Step 3: In the Run field type msconfig as shown in the image below.
Figure 4. Starting Msconfig
Step 4: Press the OK button and the System Configuration Utility will start up. You will then see a screen similar to Figure 5 below.
Figure 5. Starting the System Configuration Utility
Step 5: Click on the tab labeled “BOOT.INI” which is designated by the red box in Figure 5 above. You will then be presented with a screen similar to Figure 6 below.
Figure 6. BOOT.INI Tab
Step 6: Put a check mark in the checkbox labeled “/SAFEBOOT” designated by the red box in Figure 6 above. Then press the OK button. After pressing the button you will be presented with a confirmation box as shown in Figure 7 below.
Figure 7. Confirm Reboot
Step 7: Press the Restart button and let the computer reboot. It will now boot up into Safe Mode.
Step 8: When the computer boots up do what diagnostic or troubleshooting tasks that you need to do.
Step 9. When are finished with your tasks, complete steps 1-7 again, but in Step 6 this time uncheck the checkbox labeled “/SAFEBOOT”. Then click on the General tab and set it for Normal startup.
Step 10: Reboot the computer back into normal mode.
Windows Vista
Using the F8 Method:
Restart your computer.
When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows Vista Advanced Boot Options.
Select the Safe Mode option using the arrow keys.
Then press the enter key on your keyboard to boot into Vista Safe Mode.
When Windows starts you will be at a typical logon screen. Logon to your computer and Vista will enter Safe mode.
Do whatever tasks you require, and when you are done, reboot to go back into normal mode.
Using the System Configuration Tool Method:
Note: If you are having trouble entering Safe Mode via the F8 method, you should not use this method to force it to startup into safe mode. For reasons why, you should read this.
Close any running programs and open Windows so you are back at the desktop.
Click on the Start () button.
In the Start Menu Search Box () type msconfig and press enter on your keyboard.
The System Configuration utility will open and you will see a screen similar to the one below.
Figure 8. Vista System Configuration Utility
Click on the Boot tab.
You will now be at the Boot options screen as shown below.
Figure 9. Vista Boot tab in the System Configuration utility
Put a check mark in the checkbox labeled Safe boot
Press the Apply button and then press the OK button.
You will now be presented with a prompt stating that you need to reboot the computer to apply the change.
Figure 10. Restart Prompt
Click on the Restart button to reboot your computer.
Your computer will now restart directly into Safe Mode. When you get to the Vista logon screen, log on to the computer and perform any necessary tasks.
When done with your tasks, from within Safe Mode, start msconfig.
When the program is open, and you are on the General tab, select the option labeled Normal Startup.
Then press the Apply button and then the OK button.
When the programs prompts you to reboot, allow it to do so, and you will boot back into Windows Vista in normal mode.
Windows 7
Using the F8 Method:
Restart your computer.
When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options screen as shown in the image below.
Figure 11. Windows 7 Advanced Boot Options screen
Using the arrow keys, select the Safe Mode option you want.
Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.
When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.
Do whatever tasks you require, and when you are done, reboot to go back into normal mode.
Using the System Configuration Tool Method:
Note: If you are having trouble entering Safe Mode via the F8 method, you should not use this method to force it to startup into safe mode. For reasons why, you should read this.
Close any running programs and open Windows so you are back at the desktop.
Click on the Start () button.
In the Start Menu Search Box type msconfig as shown in Figure 12 below.
Figure 12. Windows 7 Search box
Then press enter on your keyboard.
The System Configuration utility will open and you will see a screen similar to the one below.
Figure 13. Windows 7 System Configuration Utility
Click on the Boot tab.
You will now be at the Boot screen as shown below.
Figure 14. Windows 7 Boot tab in the System Configuration utility
Put a check mark in the checkbox labeled Safe boot
Press the Apply button and then press the OK button.
You will now be presented with a prompt stating that you need to reboot the computer to apply the change.
Figure 15. Restart Prompt
Click on the Restart button to reboot your computer.
Your computer will now restart directly into Safe Mode. When you get to the Windows 7 logon screen, log on to the computer and perform any necessary tasks.
When done with your tasks, from within Safe Mode, start msconfig.
When the program is open, and you are on the General tab, select the option labeled Normal Startup.
Then press the Apply button and then the OK button.
When the programs prompts you to reboot, allow it to do so, and you will boot back into Windows 7 in normal mode.
From the Windows Start screen, type Advanced startup and when the search results appear, click on the Settings category and then click on the Advanced startup options search option.
When the Settings screen opens, scroll down and click on the Restart now button under the Advanced Startup category and your computer will restart.
When the Advance startup menu appears, click on the Troubleshoot option.
Then click on the Advanced Options button.
Finally click on the Startup Settings option and then click on the Restart button. Your computer will now restart again.
When you get to the Startup Settings screen, press the number for the Safe Mode option you wish to use.
Do whatever tasks you require, and when you are done, reboot to go back into normal mode.
Using the System Configuration Tool Method:
Note: If you are having trouble entering Safe Mode via the Advanced Startup menu, you should not use this method to force it to startup into safe mode. For reasons why, you should read this.
Go to the Windows Start screen and type msconfig. When the msconfig search results appears, click on it.
The System Configuration utility will open and you will see a screen similar to the one below.
Click on the Boot tab.
You will now be at the Boot screen as shown below.
Put a check mark in the checkbox labeled Safe boot
Press the Apply button and then press the OK button.
You will now be presented with a prompt stating that you need to reboot the computer to apply the change.
Click on the Restart button to reboot your computer.
Your computer will now restart directly into Safe Mode. When you get to the Windows 8 logon screen, log on to the computer and perform any necessary tasks.
When done with your tasks, from within Safe Mode, go back to the Start screen by pressing the Tab key on your keyboard. Then start msconfig again by typing msconfig and then clicking on its search result.
When the program is open, and you are on the General tab, select the option labeled Normal Startup.
Then press the Apply button and then the OK button.
When the programs prompts you to reboot, allow it to do so, and you will boot back into Windows 8 in normal mode.
Press the Ctrl+Alt+Delete keys a the same time to enter the Windows security screen.
While holding down the Shift key, click on the Power button () and then click on Restart.
When Windows 10 restarts, you will be at the Choose an Option screen as shown below. At this screen, click on the Troubleshoot button to access the Troubleshoot options.
At the Troubleshoot screen, click on the Advanced Options button to open the advanced options screen.
At the Advanced Options screen, click on the Startup Settings option. This will open the Startup Settings screen.
At the Startup Settings screen, click on the Restart button. Windows will now restart.
After restarting you will be shown a Startup Settings screen. At this screen you should press the number 5 key on your keyboard to enter Safe Mode with Networking.
Your computer will now reboot. Once rebooted, you will be at a login prompt. Login to access Safe mode with Networking.
Problems that can occur by forcing Safe Mode using the System Configuration Utility
It is possible to make your computer continuously boot up into safe mode using the System Configuration utility as described above. The program does this by changing your boot.ini file, the settings file that configures your computer’s boot sequence, and adding the /safeboot argument to your operating systems startup line. An example of this can be seen below.
Original
[operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=”Microsoft Windows XP Professional” /FASTDETECT /NOEXECUTE=OPTIN
After using MsConfig.exe
[operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=”Microsoft Windows XP Professional” /FASTDETECT /NOEXECUTE=OPTIN /safeboot:minimal
When you are done using safe mode, you would then run the System Configuration utility again and uncheck the /Safeboot option, thus removing the /safeboot argument from the boot.ini file, and allowing your computer to boot up normally.
On a computer that is operating properly this is normally not a problem. Unfortunately, though, a new trick that some of the more recent malware are using is to delete certain Windows Registry keys so that your computer can not properly boot into safe mode. It is in these situations that using the System Configuration utility to boot into safe mode can cause the computer to become inoperable for many users.
This is because once you set the computer to boot into Safe Mode using /Safeboot, it will continuously attempt to start Safe Mode until the /safeboot argument is removed from the boot.ini. Since the malware is not allowing us to actually boot into safe mode, you have no way of getting to a point where you can run the System Configuration utility again to uncheck the /Safeboot option. Thus, you are stuck with a computer constantly attempting to get into safe mode and not being able to do so.
If a situation like this has happened to you it is possible to fix this problem by renaming your boot.ini file. The first step would be to use a boot disk to start your computer. If your computer does not have a floppy disk, then you can typically boot off the Windows CD that came with your computer in order to access the Windows Recovery Console. More information about the Windows Recovery Console can be found here. Once booted to a command prompt, you would simply rename your C:\Boot.ini file to another name like C:\Boot.ini.bak. The command to rename the file at the command prompt is:
ren C:\Boot.ini Boot.ini.bak
Once the file is renamed, you can then remove the boot disk and reboot your computer to get back to normal mode. When booting up after the rename, do not be surprised if you see an error stating that you do not have a valid Boot.ini file. When you get back to normal Windows mode, you can then rename C:\Boot.ini.bak to C:\Boot.ini and run Msconfig again to remove the /safeboot flag.
Conclusion
It is not uncommon when people are helping you troubleshoot your computer that they tell you to enter Safe Mode. With this tutorial you should now know how to enter Safe Mode when it is required.
If you have any questions please feel free to post them in our tech support forums.
Microsoft .NET Framework 4.7.2 is a highly compatible, in-place update to .NET Framework 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1.
The offline package can be used in situations in which the web installer cannot be used because of a lack of Internet connectivity. This package is larger than the web installer and does not include the language packs. We recommend that you use the web installer instead of the offline installer for optimal efficiency and bandwidth requirements.
When you install this package, the following packages or updates are installed per your operating system:
In Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1, .NET Framework 4.7.2 is listed as an installed product under the Programs and Features item in Control Panel.
In Windows Server 2012, Update for Microsoft Windows (KB4054542) is listed under the Installed Updates item in Control Panel.
In Windows 8.1 or Windows Server 2012 R2, Update for Microsoft Windows (KB4054566) is displayed under the Installed Updates item in Control Panel.
In Windows 10 Anniversary Update (version 1607), Windows 10 Creators Update (version 1703) and Windows Server 2016, Update for Microsoft Windows (KB4054590) is listed under the Installed Updates item in Control Panel.
In Windows 10 Fall Creators Update (version 1709), Update for Microsoft Windows (KB4073120) is listed under the Installed Updates item in Control Panel.
Microsoft .NET Framework 4.7.2 is available on Windows Update and on Windows Server Update Service (WSUS). It will be offered as a recommended update on Windows Update.
Note The package installer (NDP472-KB4054530-x86-x64-AllOS-ENU.exe) was updated on July 10, 2018. If you downloaded the installer before July 10, 2018, we recommend that you download the latest version (4.7.3081.0) of the installer to get the additional fixes included in the update.
Download information
The following files are available for download from the Microsoft Download Center:
For all Windows operating systems except Windows RT 8.1:
The following issues are fixed for .NET Framework 4.7.2.
SQL Server (SQL)
Fixes an issue in which the .NET Framework API SqlConnection.ConnectionString property is used to set a null or empty connection string. In this situation, a Null Reference Exception (NRE) occurs when you use the API together with .NET Framework 4.7.2. [611802, System.Data.dll, Bug]
Fixes an issue in which you connect to Azure SQL DB and MultipleActiveResultSets=true is used in the connection string together with System.Data.SqlClient.SqlConnection. In this situation, the async query operations cause a bad TDS protocol request stream to be sent from the client. This causes the Async Query APIs to fail. [620109, System.Data.dll , Bug]
Windows Presentation Framework (WPF)
Adds an AppContext switch that opts out of some work that was done during AppDomain or process shutdown. This issue can reduce (but not eliminate) the possibility of a crash in applications that make unwarranted assumptions about the timing of the finalizer thread. [593963, WindowsBase.dll, Bug]
Fixes a crash in WPF that occurs when you multiple characters are replaced by a single character (in a different language than the original text) by using IMEPad. [605996, PresentationFramework.dll, Bug]
Combo box grouped items now report children correctly through UIAutomation. [605922, PresentationFramework.dll, Bug]
More information
This version of .NET Framework runs side-by-side with .NET Framework 3.5 SP1 and earlier versions. However, it performs an in-place update for .NET Framework 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1.
Known issues
Applications that rely on .NET Framework to initialize a COM component and that run with restricted permissions may fail to start or run correctly, and return “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors.
For more information about the various command-line options that are supported by this update, see the “Command-Line options” section in .NET Framework Deployment Guide for Developers.
Restart requirement
You may have to restart the computer after you install this update. We recommend that you exit all applications that are using .NET Framework before you install this update.
Supported operating systems
Microsoft .NET Framework 4.7.2 (Offline Installer) supports the following operating systems:
Windows Server 2016 (version 1709)
Windows 10 Anniversary Update (version 1607) (x86 and x64)
Windows 10 Creators Update (version 1703) (x86 and x64)
Windows 10 Fall Creators Update (version 1709) (x86 and x64)
On December 9, 2021, a new critical 0-day vulnerability impacting multiple versions of the popular Apache Log4j 2 logging library was publicly disclosed that, if exploited, could result in Remote Code Execution (RCE) by logging a certain string on affected installations.
On December 14, 2021, information about a related vulnerability CVE-2021-45046 was released that recommended that users upgrade to at least version 2.16.0+ of Log4j 2.
Based on our analysis, the rules and protections listed below for CVE-2021-44228 are also effective against CVE-2021-45046.
On December 28th, yet another RCE (CVE-2021-44832) was discovered and disclosed. Although not as critical as the initial vulnerabilities (CVSS 6.6), it is still recommended that administrators do their due diligence to update to the latest version available (2.17.1).
Background
Log4j is an open-open source, Java-based logging utility that is widely deployed and used across a variety of enterprise applications, including many cloud services that utilize Apache web servers.
The vulnerability (assigned as CVE-2021-44228) is a Java Naming and Directory InterfaceTM (JNDI) injection vulnerability in the affected versions of Log4j listed above. It can be triggered when a system using an affected version of Log4j 2 includes untrusted data in the logged message – which if this data includes a crafted malicious payload, a JNDI lookup is made to a malicious server. Depending on the information sent back (response) a malicious Java object may be loaded, which could eventually lead to RCE. In addition, attackers who can control log messages or their parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
The challenge with this vulnerability is widespread use of this particular logging utility in many enterprise and cloud applications. JDNI lookups support multiple protocols, but based on analysis so far, exploitability depends on the Java versions and configurations. From a practical standpoint, just because a server has implemented an affected version of Log4j 2, it does not automatically mean it is vulnerable depending on its configuration.
Trend Micro Research is continuing to analyze this vulnerability and its exploits and will update this article as more information becomes available. A comprehensive blog with more background information can be found here .DETAILS
Protection Against Exploitation
First and foremost, it is always highly recommended that users apply the vendor’s patches when they become available.
A new version of Log4j 2 has been released which reportedly resolves the issue: Version 2.17.1 is now availableand is the suggested update. Users with affected installations should consider updating this library at the earliest possible time.
Note: due to additional waves of new exploits, the previous manual mitigation steps published have proven not to be sufficient and have been removed.
Trend Micro Protection and Investigation
In addition to the vendor patch(s) that should be applied, Trend Micro has released some supplementary rules, filters and detection protection that may help provide additional protection and detection of malicious components associated with this attack servers that have not already been compromised or against further attempted attacks.
Trend Micro Log4j Vulnerability ScannerTrend Micro Research has created a quick web-based scanning tool that can help users and administrators identify server applications that may be affected but the Log4Shell vulnerability.The tool can be found at: https://log4j-tester.trendmicro.com/ and a demo video can be found at: https://youtu.be/7uix6nDoLBs.
Trend Micro Log4Shell Vulnerability Assessment ToolTrend Micro also has created a free assessment tool that can quickly identify endpoints and server applications that may have Log4j using the power of Trend Micro Vision One.This quick and easy self-serve security assessment tool leverages complimentary access to the Trend Micro Vision One threat defense platform, so you can identify endpoints and server applications that may be affected by Log4Shell. The assessment instantly provides a detailed view of your attack surface and shares next steps to mitigate risks.
Please note, if you are already a Trend Micro Vision One customer, you do not need to complete the form. Simply log into your console and you will be provided instructions to complete the assessment of your exposure.
Trend Micro Vision One™
Trend Micro Vision One customers benefit from XDR detection capabilities of the underlying products such as Apex One. In addition, depending on their data collection time range, Trend Micro Vision One customers may be able to sweep for IOCs retrospectively to identify if there was potential activity in this range to help in investigation.
Vision One Threat Intelligence Sweeping
Indicators for exploits associated with this vulnerability are now included in the Threat Intelligence Sweeping function of Trend Micro Vision One. Customers who have this enabled will now have the presence of the IOCs related to these threats added to their daily telemetry scans.
The first sweep, “Vulnerable version of log4j….” is slightly different than the others in that instead of specific IOCs, it is looking for specific instances of log4j libraries on systems which can help a customer narrow down or give additional insights on potentially vulnerable systems.
The results of the intelligence scans will populate in the WorkBench section of Vision One (as well as the sweep history of each unfolded threat intelligence report).
Please note that customers may also manually initiate a scan at any time by clicking the 3 dots at the right of a rule and selecting the “Start Sweeping” option.
Vision One Search Queries for Deep Security Deep Packet Inspection
Customers who have Trend Micro Cloud One – Workload Security or Deep Security may utilize the following search query to identify hosts and then additional queries can be made with a narrowed timeframe on those hosts as additional information is learned about exploits.
eventName:DEEP_PACKET_INSPECTION_EVENT AND (ruleId:1008610 OR ruleId:1011242 OR ruleId:1005177) AND ("${" AND ("lower:" OR "upper:" OR "sys:" OR "env:" OR "java:" OR "jndi:"))
Trend Micro Cloud One™ – Conformity
Trend Micro Cloud One – Conformity allows gives customers central visibility and real-time monitoring of their cloud infrastructure by enabling administrators to auto-check against nearly 1000 cloud service configuration best practices across 90+ services and avoid cloud service misconfigurations.
The following rules are available to all Trend Micro Cloud One – Conformity customers that may help provide more insight to customers looking to isolate affected machines (more information can be found here for rule configuration):
Lambda-001 : identifies all Lambdas that are running Java which may be vulnerable.
Unrestricted Security Group Egress (EC2-033) : identifies security groups that may be associated with, for example, an EC2 that may be compromised and then has the ability to communicated externally.
Preventative Rules, Filters & Detection
A demo video of how Trend Micro Cloud One can help with this vulnerability can be found at: https://youtu.be/CorEsXv3Trc.
Trend Micro Cloud One – Workload Security and Deep Security IPS Rules
Rule 1008610 – Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
Rule 1008610 is a SMART rule that can be manually assigned to assist in protection/detection against suspicious activity that may be associated with this threat. This is not a comprehensive replacement for the vendor’s patch.
Please also note that rule 1008610 is shipped in DETECT, and must be manually changed to PREVENT if the administrator wishes to apply this. Also, please be aware that due to the nature of this rule, there may be False Positives in certain environments, so environment-specific testing is recommended.
Rule 1011249 – Apache Log4j Denial of Service Vulnerability (protects against CVE-2021-45105)
Trend Micro Cloud One – Workload Security and Deep Security Log Inspection
Rule 4643: POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT – HTTP (REQUEST) – Variant 2
Trend Micro Cloud One – Network Security and TippingPoint Recommended Actions
Filter 40627 : HTTP: JNDI Injection in HTTP Header or URI
This was released in Digital Vaccine #9621 and has replaced CSW C1000001 that was previously released.
Trend Micro recommends customers enable this filter in a block and notify posture for optimal coverage. Starting with Digital Vaccines released on 12/21/2021, it will be enabled by default. Since it may not be enabled in your environment, Trend Micro strongly recommends you confirm the filter is enabled in your policy.
What other controls can be used to disrupt the attack?
This attack is successful when the exploit is used to initiate a transfer of a malicious attack payload. In addition to the filter above, these techniques can help disrupt that chain:
Geolocation filtering can be used to reduce possible attack vectors. Geolocation filtering can block inbound and outbound connections to any specified country, which may limit the ability for attackers to exploit the environment. In cases where a business only operates in certain regions of the globe, proactively blocking other countries may be advisable.
For TippingPoint IPS, TPS, and vTPS products Trend Micro also recommends enabling DNS and URL reputation as a proactive means of securing an environment from this vulnerability. Leveraging Trend Micro’s rapidly evolving threat intelligence, TippingPoint appliances can help disrupt the chain of attack destined to known malicious hosts.
Additionally, Reputation filtering can be leveraged to block Anonymous proxies that are commonly used in exploit attempts. Any inbound or outbound connections to/from an anonymous proxy or anonymizer service can be blocked by configuring a reputation filter with “Reputation DV Exploit Type” set to “Tor Exit” to a Block action.
For Cloud One – Network Security Anonymous proxies are also an independent, configurable “region” that can be selected as part of Geolocation filtering. This will block any inbound or outbound connection to/from an anonymous proxy or anonymizer service, which can be commonly used as part of exploit attempts.
Domain filtering can also be used to limit the attack vectors and disrupt the attack chain used to exploit this vulnerability. In this case, any outbound connection over TCP is dropped unless the domain being accessed is on a permit list. If the attacker’s domain, e.g. http://attacker.com, is not on the permit list, then it would be blocked by default, regardless of IPS filter policy.
Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring and WRS) for Endpoint, Servers, Mail & Gateway (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.)
Web Reputation (WRS): Trend Micro has added over 1700 URLs (and growing) to its WRS database to block that are linked to malicious reporting and communication vectors associated with observed exploits against this vulnerability.
Ransomware Detection – there have been observations about a major ransomware campaign (Khonsari) being utilized in attacks and Trend Micro detects components related to this as Ransom.MSIL.KHONSARI.YXBLN.
VSAPI (Pattern) Detections: the following detections have been released in the latest OPR for malicious code associated with exploits –
Trojan.Linux.MIRAI.SEMR
HS_MIRAI.SMF
HS_MIRAI.SME
Trojan.SH.CVE20207961.SM
Backdoor.Linux.MIRAI.SEMR
Trojan.SH.MIRAI.MKF
Coinminer.Linux.KINSING.D
Trojan.FRS.VSNTLB21
Trojan.SH.MALXMR.UWELI
Backdoor.SH.KIRABASH.YXBLL
Backdoor.Linux.MIRAI.SMMR1
Coinminer.SH.MALXMR.UWEKG
Coinminer.Linux.MALXMR.SMDSL64
Backdoor.Linux.GAFGYT.SMMR3
Coinminer.Win64.MALXMR.TIAOODGY
Rootkit.Linux.PROCHID.B
ELF_SETAG.SM
Backdoor.Linux.TSUNAMI.AMZ
Coinminer.PS1.MALXMR.PFAIQ
Trojan.SH.TSUNAMI.A
Trojan.PS1.METERPRETER.E
Coinminer.Linux.MALXRMR.PUWENN
Trend Micro Cloud One – Application Security
Trend Micro Cloud One – Application Security can monitor a running application and stop unexpected shell commands from executing. The product’s RCE configuration can be adjusted to help protect against certain exploits associated with this vulnerability using the following steps:
Log into Trend Micro Cloud One and navigate to Application Security.
Select “Group;s Policy” in the left-hand menu and find your application’s Group.
Enable “Remote Command Execution” if not already enabled.
Click the hamburger icon for “Configure Policy” and then click the ” < INSERT RULE > ” icon.
Input (?s).*in the “Enter a pattern to match” field and hit “Submit” and “Save Changes.”
Double-check that “Mitigate” is selected in your “Remote Command Execution” line item.
Trend Micro Cloud One – Open Source Security by Snyk
Trend Micro Cloud One – Open Source Security by Snyk can identify vulnerable versions of the log4j library across all organization source code repositories with very little integration effort. Once installed, it can also monitor progress on updating to non-vulnerable versions.
Trend Micro is continuing to actively research the potential exploits and behavior around this vulnerability and is actively looking for malicious code that may be associated with any exploit attempts against the vulnerability and will be adding additional detection and/or protection as they become available.
–
Impact on Trend Micro Products
Trend Micro is currently doing a product/service-wide assessment to see if any products or services may be affected by this vulnerability. Products will be added to the lists below as they are validated.
Products Confirmed Not Affected (Including SaaS Solutions that have been patched):
5G Mobile Network Security
Not Affected
ActiveUpdate
Not Affected
Apex Central (including as a Service)
Not Affected
Apex One (all versions including SaaS, Mac, and Edge Relay))
A keylogger, which is also known as a keystroke logger or a keyboard capturer, is a piece of software or hardware developed to monitor and record everything you type on a keyboard. In this article, we dive into everything you need to know about them and teach you how to protect yourself from them!
Is a keystroke logger a virus?
It depends. Keyloggers were designed for legitimate purposes. They were originally used for computer troubleshooting, employee activity monitoring, and as a way to discover how users interact with programs so their user experience could be enhanced. However, they’ve since been used by hackers and criminals as a tool for stealing sensitive data such as usernames, passwords, bank account information, and other confidential information.
Generally, a keylogger is insidiously installed alongside an otherwise legitimate program. As a result, users are almost always unaware that their keystrokes a being monitored. Oftentimes, when a user’s computer is infected with a keylogger trojan, the malicious software will keep track of their keystrokes and save the information to their computer’s local drive. Later the hacker will retrieve the stored data. For this reason, keyloggers pose a serious threat to computer security and data privacy.
Keyloggers are separated into the following categories, based on how they work:
API-based
These keyloggers Application programming interfaces (APIs) allow software to communicate with hardware. API-based keyloggers intercept every keyboard input sent to the program you’re typing into.. This type of keylogger registers keystroke events as if it was a normal aspect of the application instead of malware. Each time a user presses or releases a key it is recorded.
Form grabbing-based
Form grabbing-based keyloggers log web form submissions by recording the inputted data when they are submitted. When a user submits a completed form, usually by clicking a button or pressing enter, their data is recorded even before it is passed over the Internet.
Kernel-based
These keyloggers work their way into a system’s core, allowing them access to admin-level permissions. These loggers have unrestricted access to everything entered into a computer system.
Javascript-based
A malicious script tag is injected into a targeted web page and it listens for keyboard events. Scripts can be injected using a variety of methods, including cross-site scripting, man-in-the-browser, and man-in-the-middle attacks, or when a website’s security is compromised.
How do keyloggers get on computers?
Most of the time, they infect computers with outdated antivirus software and ones without any antivirus software at all.
There are several scenarios that you need to be aware of:
Keyloggers can be installed through web page scripts. Hackers utilize web browser vulnerabilities and embed malicious code on a webpage that silently executes the installation or data hijacking.
Phishing. Keyloggers can be installed after users click on a nefarious link or open a malicious attachment in a phishing email.
Social engineering. Some criminals use psychological manipulation to fool unsuspecting people into installing a keylogger by invoking urgency, fear, or anxiety in them.
Unidentified software downloaded from the internet. Sometimes cracked software or applications from unidentified developers will secretly install a keylogger on a computer system.
How to detect a keylogger on my computer?
At this point, you might be interested in learning how you can detect a keylogger on your computer. The truth is, keyloggers are not easy to detect without the help of security software. Running a virus scan is necessary to detect them.
Trend Micro Housecall is an online security scanner that detects and removes viruses, worms, spyware, and other malicious threats such as keyloggers for free.
How to prevent keystroke logging malware?
Keyloggers are dangerous. Preventing them from ever being installed on your computer is a top priority. It is necessary to be proactive in protecting your computer to ensure that your data doesn’t get stolen.
Here are several tips to follow:
Carefully inspect user agreements for software before agreeing to them. There should always be a section covering how your data is used.
Install a trusted antivirus app such as TrendMicro Maximum Security. Always keep your antivirus on and regularly run scheduled scans of your device.
Make sure your security software is up to date.
Make sure your operating system is up to date and all the security patches are installed.
Avoid visiting suspicious websites and don’t click on any unusual links or e-mail attachments from unknown senders.
Only download and install software from trusted developers and sources.
As part of a recent decommission / security audit, we needed to remove an old WINS server. For desktop client this is fairly easy as they are all assigned through DHCP so it was just a case of removing WINS from the DHCP scope options.
For the hundreds of servers it is set manually, which to remove one by one would take a long time and be pretty boring for the person tasked with it. So I decided the simplest option would be to use PowerShell.
First I wanted to check if servers had WINS enabled so I could reduce the amount of server I would need to run the disable script against.
I am going to use Get-WmiObject and the Win32_NetworkAdapterConfiguration class as this is the simplest way I found to do this in PowerShell.
We will use a text file with a list of server names and a variable called $WINSServer that will be used to filter only network interfaces that have WINS set.
Below is the script to check for WINS and output to PowerShell windows I am just getting all adapters that have WINSPriamryServer value set to the IP in the $WINSServer variable and then selecting the objects to be outputted.
If you wanted to export to a csv or text file just add a | after the WINSPrimaryServer at the end of the script and do either Out-file or Export-csv and the path to export too.
Below is the link to the script location on Github it called Check-Wins.ps1
Microsoft Visual C++-2015 Redistributable
Redistributable Installed
) to open the Windows 10 Settings.
Enable Start full screen
Starting Registry Editor
New DWORD value
) button.
) type msconfig and press enter on your keyboard.
) button.
) and then click on Restart.
To remove the WINS IP and set NetBios option, we will use the set method in the WMI class.
Once the script has run WINS should be removed and NetBios over Tcpip should be disabled this can be checked under the advanced properties on the NIC.