Wannacry decryptors available now

Wannacry decryptors available now

WannaCrypt Ransomware attack was one of the largest attacks to cyber world. Although it has stopped now, but the damage incurred to computers is still there. We posted solutions about how to get your PC safe here, which has helped a lot of users. Now, to reverse engineer the process, many security researchers are trying to develop decryptors so that files can be recovered of millions of users.
French security researchers have been successful somewhat as they have developed a decryptor. It cannot be actually called as a decryptor, as it calculates the key required to decrypt the files from the memory itself(No brute force).Adrien Guinet says that this tool works for all OSes except Windows 10. However there is a catch-you must not have restarted your PC after the files have been decrypted as the tool finds the key from the memory itself.
There are currently 2 tools available to decrypt the files, WannaKey and WanaKiwi. Both use similar techniques to decrypt the files.
WannaKey WannaCrypt WannaCry Ransomware Decryptor

You can download wannakiwi from here.
You can use this tool on Windows XP as well as Windows 7. Read more about this here.

[FIX] Windows fails to load in PC

Many times we have a great running PC but suddenly something bad happens like Power goes off and the system files used to load Windows get corrupted. When you again try to use the computer either of the two things happen:
  1. Continuous loop of Boot Screen of Windows.
  2. You get a message that Windows did not start correctly.

CASE-1 You cannot get to the desktop.

Many times due to faulty drivers or program your PC might hang on boot screen, or you get a blank screen. In any of such cases where you cannot go to the desktop, you need to directly restart your PC three times(or do a direct shutdown 3 times). This makes your PC go into recovery mode. Now you can use diagnostics in case 2 given to correct your issue.

Case #2 provides you some options to diagnose your PC by going to advanced options, which we would discuss here in this article.

CASE 2- Windows did not start correctly

In this case, first of all a restart can help, as written in the image, but there are fairly less chances. If that doesn't help, proceed to next options available.

Method 1: Run a startup repair

  • Click on troubleshoot on the right and it should open up plenty of options. You need to select Automatic repair and then Proceed.
  • The system would reboot and then your PC would be diagnosed.
  • Enter your Username and Password if prompted. Click on next.\
  • If it is successful, Windows would automatically reboot to desktop. If it doesn't we need to try other options.

Method 2- Running a Disk check 

Sometimes a faulty disk with errors can also lead to corruption of the OS. You can then proceed to disk check and see if that helps. Steps are the following:
  • Navigate to the troubleshoot section and Select Command Prompt on right.
  • Enter your username and password if prompted. This opens a new Admin Command Prompt Window. Enter the following command to run the disk check:
  • chkdsk /r
  • It might take hours to finish, depending on the level of corruption.
  • If it is successful, your system would boot to the desktop on next reboot. 

Method 3- If the PC shows BCD/MBR is corrupt

  • If method 2 and 1 did not help and the PC says you need to fix BCD/ MBR as shown here, then this step is exclusively for you. Other users can also try this in case, it fixes the things. Master boot record and Boot configuration file stores the data about the OS location.
  • Navigate to the same troubleshoot Section and select Command Prompt- Present on the right. It opens a new command Prompt Window.
  • Now enter the following commands one by one to fix the Master boot record:
Restart and you should be good to go. If it doesn't help. You can try repeating the same steps with entering the following command instead of the above 4:
 bcdboot C:/Windows
Substitute C: with the drive where Windows is installed.

Method 4: System Image recovery

If you regularly do backups and have a system Image saved in your hard drive, then this might come handy to you.  A system Image is an exact copy of the OS running on your system. The downsides are-It would restore your files and settings to what it was when the Image was created, but a beautiful method if you want your PC up and Running.
  • On the same troubleshooting section, click on System Image recovery.
  • Now Windows would scan your PC for target operating system. Select the respective Windows

    Image result for system image recovery Windows 10
  • Windows would then restore your system Image.

Method 5- Resetting your PC

This is the last resort. With a reset, all of your Installed applications are lost, but you get an option to save your files if you want. If a system image from the OEM exists-called a recovery partition, then it also gives you an option to restore it. It would make your PC load to default factory settings.
  • Navigate to Troubleshooting section, again.
  • Select Reset. Now you are prompted with 2 or 3 options as here:
  • If you select keep my files, your files would be kept. You might also get the third option-restore to factory settings-which isn't applicable on the PC.
  • If you select remove my files as well, you are asked the following:
  • After selecting the desired options, you are presented with a confirmation, something like this- This indicates what you have chosen. 
  • Click on Reset and the resetting should begin.

Method 7- Clean Install

A clean Install is the best method when nothing helps. Just boot from a Windows 10 media and run the setup. Format the drive for best results and you are good to go! We would discuss it later in detail.

That's it. Please give feedback if any. 
Windows 10 build 16199 releases to fast ring Insiders

Windows 10 build 16199 releases to fast ring Insiders

After releasing Redstone 2 aka creators update to public, the focus now shifts to the builds from next Insider branch, widely called Redstone 3. Now, Microsoft has released 7th redstone 3 build 16199 to public yesterday.There are a few new features in this build, but there are fixes and improvements.

What's new

  • Improvements to My People app
    • See emoji from your pinned contacts on the taskbar
    • Notification Badging: Number of unread messages are shown for a pinned person
    • People-first Sharing
  • Improved Game Settings
  • New System health option in Settings>System>About.
  • Tips and Videos in Settings are introduced to get more help.
  • Improvements to Storage sense: Files older than 30 days in downloads folder would automatically be deleted
  • Incoming call notifications if you use Cortana on Android phone as well.

Fixes and Improvements

  • Windows Defender Application Guard (WDAG) will now work as expected on touch-enabled PCs.
  • [DEVELOPERS] The XAML designer in Visual Studio 2017 hits an error causing a squiggle error under ThemeResource references to XAML’s generic.xaml resources. Please update to the latest version of Visual Studio 2017 Preview (Version 15.3 – 26510.00) or later. If Visual Studio 2017 Preview is already installed, users can update by starting the Visual Studio Installer, and clicking the Update button. You can confirm you have the right build of Visual Studio Preview by going to Help > About to confirm you are on Version 15.3 (26510.0-Preview) or later.
  • Fixed an issue resulting in many Win32 apps not launching if certain 3rd party antivirus programs were active prior to upgrading.
  • Updated Windows Defender Security Center so as to no longer flag disabled drivers as issues. Also adjusted the health scan logic so that using maximum brightness when connected to AC power will not flag a warning. Appreciate all who shared feedback on the subject.
  • As a result of low usage, Note quick action is removed.
  • Updated migration logic so that going forward from this build the state of rotation lock will be preserved across upgrades.
  • [Fixed]An issue resulting in color profiles being ignored after launching certain fullscreen games.
  • To help you quickly find the option you’re looking for, updated the context menus for apps and tiles in Start to now include icons for more actions, including Share, Uninstall, and Rate.

Known Issues

  • Some Insiders have reported seeing this error “Some updates were cancelled. We’ll keep trying in case new updates become available” in Windows Update. See this forum post for more details.
  • Surface 3 devices fail to update to new builds if a SD memory card is inserted. The updated drivers for the Surface 3 that fix this issue have not yet been published to Windows Update.
  • Outlook 2016 may hang on launch due to an issue where the spam filter gets stuck reading the Outlook Data File and the UI waits indefinitely for it to return. We’re investigating.
  • We are investigating reports that Microsoft Edge fails to open PDFs with “Couldn’t open PDF. Something is keeping this PDF from opening” error.
  • You will be unable to type in your password to log in to any UWP apps such as Netflix, Twitter, Facebook, Instagram or Messenger apps. If you are already logged in to your apps, you should be ok updating to this build but don’t log out.
  • Games such as Civilization VI may fail to launch on this build.
  • Windows Mixed Reality won’t work on this build. If you are a developing testing and developing for Windows Mixed Reality, you will want to avoid this build. If you update this build and need Windows Mixed Reality, you will need to roll-back to Build 16193.
  • VIM is broken for Windows Subsystem for Linux (WSL) users – we’re investigating.
  • The choice command fails when run in a Command Prompt script.
Read more here:

This update would be available via Windows update as always.

Microsoft patches Windows 8 and Windows XP to prevent from Wannacry Ransomware, Here is how to check if you are safe

Microsoft patches Windows 8 and Windows XP to prevent from Wannacry Ransomware, Here is how to check if you are safe

From the last few days the cyber world is infected by wannacry Ransom ware, which derailed many systems across the world. Although the ransom infection is stopped now, but it concerns many people that if they are safe from it. Because of a large number of users running un-patched OS, this became widespread.
Here are some must know facts about Wannacry Ransom:
  • It crippled up many systems throughout the world for example NHS in Britain. But no more infections as it has been patched(might be temporary)
  • Microsoft released patches in March for its OSes which are still supported to fix the vulnerability.
Microsoft seeing the extent of the damage, surprisingly patched its products which are no longer supported as well like Windows 8 and Windows XP. If the vunerability in your system is fixed, then you are safe. Microsoft has also updated Windows defender with latest definitions. Here is an OS by OS guide that what you need to do:

Windows 10 v1703

Windows 10 v1703 is already patched by MS017-010 vunerability. No need to do anything.

Windows 10 v1607

For Windows 10 v1607. The update that jumps build number to 14393.953 patches the vunerability. As said, it was released in March. If you are 14393.953 or higher and with latest definitions of defender then you are safe.

Windows 10 v1511

For Windows 10 v1511. The update that jumps build number to 10586.839 patches the vunerability. As said, it was released in March. If you are 10586.839 or higher and with latest definitions of defender you are safe.

Windows 10 v1507

For Windows 10 v1507. 10240.17139 patches the vulnerability.

Windows 8.1 

If any of the following patches are installed in Control Panel>Windows update>See installed updates, you are safe.
  • 2017-05 Security Monthly Quality Rollup for Windows 8.1 (KB4019215)
  • April, 2017 Preview of Monthly Quality Rollup for Windows 8.1 (KB4015553)
  • April, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4015550)
  • March, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4012216)
  • March, 2017 Security Only Quality Update for Windows 7 (KB4012213)

If any of these is not installed, download the appropriate package 32-bit or 64-bit.

Windows 7

If any of the following patches are installed in Control Panel>Windows update>See installed updates, you are safe.
  • 2017-05 Security Monthly Quality Rollup for Windows 7 (KB4019264)
  • April, 2017 Preview of Monthly Quality Rollup for Windows 7 (KB4015552)
  • April, 2017 Security Monthly Quality Rollup for Windows 7 (KB4015549)
  • March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215)
  • March, 2017 Security Only Quality Update for Windows 7 (KB4012212)
If not, download the package accordingly 32-bit or 64-bit and you are safe.

Windows Vista

Windows Vista requires Security Update KB4012598 to be installed. See the control panel>Installed updates for the same.

Windows 8 and Windows XP

Microsoft seeing the extent of the attacks, also patched their no longer supported products. The links of the patches are given at the bottom of the article( Further links) here
Though the vulnerability has already been fixed, it is a good practice not to open any suspicious emails. Emails containing attachments are the most general sources of Ransomware.

You can read more information about MS17-010 bulletin here in this article as well.

Thanks to woody for the links
Microsoft Build Conference- Day 2 highlights

Microsoft Build Conference- Day 2 highlights

Microsoft is holding its annual conference Build from May 10 to May 12. While Day 1 had a focus on Cloud, Day 2 was very big as far as Windows is concerned. Microsoft made a lot of announcements and we present here highlights of it:

Fluent Design Language

Microsoft on Build 2 showed what is the future of Windows. Terry Meyerson, in the context of this announced development of Windows using new design Language called Fluent. You can read more about it here.
Fluent is starting to come from RS2 and would come more in future versions of OS like RS3, RS4 etc.

Itunes is coming to Windows store

Microsoft recently announced Windows 10 S, the version of Operating system which runs apps from Windows store only. Itunes is neccessary for file transfers between Iphone and Computers- so apple IPhone users would not be able to use Windows 10 S. Microsoft understood this and has made an important announcement that Itunes is coming to Windows store. This is a major breakthrough as far as Apple lovers are concerned.

Ubunbutu is coming to Store

 Microsoft announced that Ubuntu is coming to Store and that Suse and Fedora are coming to the WSL. Terry Myerson displayed on stage that with Ubuntu in the Windows Store, Microsoft will simplify and make it easier for all developers to use a command line utilities and have the proper tools to run and develop Windows and Linux apps side by side in a virtual environment. Microsoft wants Windows to be the most productive development environment. 

Microsoft announces Windows 10 Fall creators update to be released in September this year

Microsoft is currently holding Build conference these days, and it was the second day was reserved to discuss the future of Windows. Terry Myreson, chief of Windows OS and devices group announced the next major update to Windows 10, called Windows 10 Fall Creators update. This update is code named Redstone 3, as we discussed many times here.

Many new features are teased by Microsoft in the presentation given yesterday, and let us have a look here:

New Design Language-Fluent

We have discussed many times about Project NEON like here. NEON is a new design language, that aims consistency across applications in Windows, by bringing similar fonts, increasing transparency etc. Microsoft has renamed NEON to Fluent Language(NEON was obviously the code name). The new design language focuses on animations and blur (known as “Acrylic”) which makes the UI look very elegant and clean. 
Fluent is just started with RS3, aka fall Creators update and it would evolve with future Windows 10 development.

One Drive Placeholders- File on demand

One of the best feature of Windows 8 was One Drive Placeholders, which allowed the users to access the files stored in Onedrive offline, without downloading the whole drive. This feature was removed with Windows 10, as in Windows 10 it required whole of the drive to be downloaded first. This is tedious task when you have a slow connection and large amounts of files are stored in Onedrive.
Now Microsoft with Fall Creators update is getting back Placeholders, where you can make changes to your files offline and then later commit those. You would also have the option to download the files if necessary. File on demand- as the name suggests does the same.

Timeline of your apps

This might be a quite handy feature for some people. Windows 10 would now keep up your history of apps you opened in the past. You can see the past apps you run and with some mouse clicks you can easily open that app that you want to. For example, I did listen to music last week and then now by timeline I can open the same app very easily.

Pick up where you left off

Windows 10, thanks to Cortana is also introducing a new feature in the Fall Creators update to sync your work in between all devices. For example, you worked on a PPT on device 1 and saved it Now you can start working on same PPT on device 2-where you left it on device 1. This is available across all Windows 10, Android and iOS devices.Here is what the demo showed look like:

A new way of Story telling 

Another creative app in Windows 10 Fall creators update would be introduced- which takes up your photos and videos to make it into a story. This would be integrated in the photos app. The technology used is Microsoft Graph, which makes photos and videos to a story. This feature is live on Build 16193 released Yesterday.

More features are expected along with these in the Fall Creators update.

[MS Build Day 1] Windows now powers 500 million computers, Windows to be major focus on day 2

[MS Build Day 1] Windows now powers 500 million computers, Windows to be major focus on day 2

Microsoft is currently holding its annual developer conference called Build 2017. The developer conference is a major event for Microsoft as they showcast what is in the cards for the next whole year. It is a two day conference, and the first day focused on Cloud and Enterprises which makes Microsoft a lot of Money.

500 Million devices use Windows 10

Satya Nadella was on the stage so there were some major announcements. First of all Windows 10 now powers 500 million PCs in the world, which was 400 last year. Seeing Windows 10 as a paid OS, it is a very nice progression.

Cortana being used by 140 million people

Cortana is also used by 140 million people, so integrating it into the apps was asked to the developers by Microsoft.

Nearly 1000 apps converted to UWP from Win32 by desktop bridge

During a Build 2017 session, Microsoft’s John Sheehan revealed that over 1,000 desktop apps had been converted to the new UWP app format and/or added to the Windows Store since the launch of the same.

Microsoft’s Desktop Bridge is a feature for developers to convert their Desktop (Win32) apps for sale in Windows 10’s Windows Store to get more functionality.

Build day 2

MS Build 2017's today focus would be more on Windows-Microsoft would be showing what is in the future of Redstone 3 to be released later this year. First keynote of Day 2 would be for Windows. The giant's focus would be project NEON, which brings transparency back to the OS. New Edge features would also be shown.

[May Patch Tuesday] New Cumulative updates shipped for Windows 10

[May Patch Tuesday] New Cumulative updates shipped for Windows 10

It is Patch Tuesday of May and Microsoft is back with the updates. Microsoft has already retired the original version of Windows 10 i.e. 1507 Yesterday but other products are still getting updates. We discuss them in detail:

Version 1703- Creators update

Microsoft has released KB4016871 for its latest OS version called Creators update. The build number jumps to 15063.296 from 250. Here is the change-log:
  • Addressed issue with Surface Hub devices waking from sleep approximately every four minutes after the first two hours.
  • Addressed issue where autochk.exe can randomly skip drive checks and not fix corruptions, which may lead to data loss.
  • Addressed an issue where Microsoft Edge users in networking environments that do not fully support the TCP Fast Open standard may have problems connecting to some websites. Users can re-enable TCP Fast Open in about:flags.
  • Addressed issues with Arc Touch mouse Bluetooth connectivity.
  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.
From this month, 2 updates would be shipped in a month and as discussed here, it also contains the previous months fixes.
There are no known issues with the update. You can see this article for more information.

Version 1607

For Anniversary update to Windows 10, Microsoft has released KB4019472 which jumps the build number to 14393.1198. Here are the fixes:
  • Addressed issue where the PC Settings pages do not display the correct options after the installation of KB3213986 and a language pack.
  • Addressed issue where fonts appear differently based on whether an app uses Graphics Device Interface (GDI) or GDI Plus.
  • Addressed issue where applications that use msado15.dll stop working after installing security update KB4015550.
  • Addressed issue that causes a device to become unresponsive when users try to enable end-user-defined characters (EUDCs).
  • Addressed issue that causes a device to crash every time a user logs off from a remote session using a Virtual Desktop Agent (VDA).
  • Addressed issue where changing the scaling setting of the display prevents DPI-aware tools (Notepad, MS Paint, etc.) from accepting input or drawing correctly when using the Japanese IME.
  • Addressed issue that causes Windows Explorer’s CPU usage to be at 20% when an executable file is hosted on a file share and its Offline attribute is set.
  • Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports incompatible with third-party Security Information and Event Management software.
  • Addressed issue where the BitLocker Drive Encryption wizard shows the "Choose which encryption mode to use" page even when the BitLocker GPO is enabled.
  • Addressed issue where AppLocker fails to block binaries with revoked certificates.
  • Addressed issue where a virtual machine (VM) loses network connectivity if the VM does not send Address Resolution Protocol packets for five minutes and the VM is connected to a wireless NIC.
  • Addressed issue that causes the loss of a VPN connection when using a computer with an integrated WAN card (cellular card).
  • Addressed issue where multipath I/O did not properly restore service after the check condition "Illegal request, LUN not available (sense codes 05/25/00)" occurs.
  • Addressed issue where a Stop 0x27 error occurs after a user provides the domain username and password.
  • Addressed issue where users can create folders on a USB flash drive when "Deny write access" is set for Removable Storage Access.
  • Addressed an issue where crash dump generation hangs at 0% on a system with over 750 GB of physical memory and Hyper-V enabled.
  • Addressed an issue with a paging file space leak that leads Windows to a crash, blue screen, or data loss.
  • Addressed issue that prevents access to a website when Automatic Rebind of Renewed Certificate and Directory Service Mapper are enabled.
  • Addressed a crash in Services.exe with the error code “0xc0000374 - A heap has been corrupted,” and requires a system restart.
  • Addressed issue where Windows Defender anti-virus definitions, which are regulated by the network, prevent other updates (LCU, drivers) from being downloaded.
  • Addressed issue where Internet Explorer 11 does not save JavaScript files when exporting to an MHT file.
  • Addressed issue that prevents Internet Explorer 11 from following redirects when the Include-Referer-Token-Binding-ID header is set to “true.”
  • Addressed issue that causes users to get logged out from a Web-application intermittently.
  • Updated Internet Explorer 11’s New Tab Page with an integrated newsfeed.
  • Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See Advisory 4010323 for more information.
  • Addressed additional issues with the Windows Shell, enterprise security, Datacenter Networking, storage networking, Internet Information Services, Active Directory, clustering, Windows Server, the client platform, and Internet Explorer.
  • Security updates to Windows COM, Windows SMB Server, Windows server, Internet Explorer, and Microsoft Edge.
There are no known issues with this update. More information is available here.

Version 1511

For Build 10586, Microsoft has released KB4019473 that jumps the build number to 10586.916. Here is what is fixed:
  • Addressed issue that causes the OS to become unresponsive when migrating users from a cloud-based solution to an on-premise desktop running Microsoft Virtual Desktop Infrastructure.
  • Addressed issue with high CPU and RAM usage when accessing .mp4 files larger than 60 GB using Windows Explorer.
  • Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports incompatible with third-party Security Information and Event Management software.
  • Addressed an issue related to establishing a secure connection to a server using the TLS protocol. The application may hang when the server certificate specifies a secure URL (HTTPS) for the Certificate Revocation List (CRL) or for the Authority Information Access (AIA) values within the certificate.
  • Addressed issue where applications that use msado15.dll stop working after installing after installing security update KB4015550.
  • Addressed issue where the BitLocker Drive Encryption wizard shows the "Choose which encryption mode to use" page even when the BitLocker GPO is enabled.
  • Addressed an issue where changing your password while not directly connected to the enterprise network, such as with a VPN, will cause your private keys to become inaccessible. Symptoms vary including the inability to encrypt/decrypt or sign documents.
  • Updated Internet Explorer 11’s New Tab Page with an integrated newsfeed.
  • Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See Advisory 4010323 for more information.
  • Addressed additional issues with enterprise security, Internet Explorer, and Microsoft Edge.
  • Security updates to Microsoft Edge, Microsoft Scripting Engine, Windows COM, Microsoft Graphics Component, .NET Framework, Windows kernel, Windows SMB Server, Windows Server, and Internet Explorer.

 Again, no known issues. Head to here for more information.

Also see: Install updates via Microsoft update catalog
Servicing updates for Windows 10 version 1507 ends

Servicing updates for Windows 10 version 1507 ends

Windows 10, initially released in 2015 has got 3 major feature upgrades till now released in November 2015, August 2016 and the latest one last April 2017. For those who do not know, a feature upgrade is a major update to Windows that brings new features and updates to Windows. Microsoft treats these feature upgrades as a service pack to Windows-which have a definitive life cycle.
The first version of Windows 10 released in 2015, according to Microsoft's policy should have not got updates from March onwards this year, but Microsoft had decided to extend the servicing updates till May 9 as we told here.
Now it is May 9 today, and Microsoft has ended servicing updates for Windows 10 v1507 except for Windows 10 Enterprise LTSB, This means from today, no patches would be shipped to the same. Though 1507 would continue to work but it would be vunerable to Security risks. Microsoft recommends upgrading to newer versions like 1607 or preferably 1703 as soon as possible.

Project Neon expands, many major Windows apps updated

After releasing Creators update to public last month, Microsoft is now developing redstone 3. Microsoft has released 5 builds till date from Redstone 3 lab, but as Creators is just released there are no big features released yet.
For those who don't know, Redstone 3 would use NEON as a design language and the project is being called NEON. NEON is a design language that gives a complete overhaul to the UWP apps, bringing blurry background, more animations and more integration of the elements with the application UI. Here is an example of Mail and Calender app designed using NEON:

Microsoft would be revealing more about NEON in build conference scheduled on 10th of this month, but before that Microsoft is rolling out apps using the same design language for Redstone 3 apps. First of all, Microsoft updated Photos app a few days ago, then the people's app which is introduced in Redstone 3. Here are some of the screenshots(thanks to onmsft):

Now Microsoft in one go has updated many apps like Calculator, Microsoft Camera, Voice Recorder and paint 3D. These also have got a major overhaul as NEON design language is used to develop them. The version number of the apps is the following:
Windows Calculator:10.1705.1221.0
Windows Camera:2017.308.90
Voice Recorder: 10.1705.1221.0
Paint 3D: 2.1704.26037.0
More is expected in the coming Windows 10 builds, where Start and other design elements would also be getting an overhaul. More to come on 10th of May.