Category Archives: Tech Tips

Sophos UTM Up2Date 9.505 Released

Today Sophos have released Sophos UTM 9.505. The release will be rolled out in phases. In phase 1 you can download the update package from via the FTP server, in phase 2 Sophos will spread it via the Up2Date servers.

Up2Date Information

News

  • Security Release

Remarks

  • System will be rebooted
  • Connected APs will perform firmware upgrade
  • Connected REDs will perform firmware upgrade

Bugfixes

  • NUTM-8984 [RED] WPA2 KRACK vulnerability fixes for RED15w
  • NUTM-8789 [Wireless] WPA2 KRACK vulnerability fixes


 

Overview Of Sophos Email Appliance Version 4.2.2

The rollout of the Sophos Email Appliance version 4.2.2 has started, this marks first phase in the goal of a single anti-spam engine for all Sophos email solutions. Sophos Email Appliance version 4.2.2 incorporates the latest Sophos Anti-Spam engine as well as improvements to Sophos Delay Queue scanning to improve protection against snowshoe spam.

Full release notes available here

Remarks:

  • The release will be staged with the completion of all upgrades expected to take between 2-3 weeks
  • User experience and any custom settings will be unaffected by the change
  • Systems will not require a reboot following the appliance update
  • As well as improvements to Anti-Spam techniques, this release will also include a change to the Email Appliance update process (HTTPS as opposed to HTTP). To ensure the update functionality of the Sophos Email Appliance, please configure your network to allow access on the new ports highlighted below in red:
Port Function Service Protocol Connection
80, 443 Software downloads HTTP, HTTPS TCP [Required] Outbound from appliance to internet

If you are using a third party web proxy with HTTPS scanning enabled, please exempt the following Sophos URLs from HTTPS scanning. This will prevent any errors when updating the Sophos Email Appliance:

https://sea-dynamic.sophosupd.com
https://sea-dynamic.sophosupd.net
https://swa-dynamic.sophosupd.com
https://swa-dynamic.sophosupd.net

The official Sophos article is available here: https://community.sophos.com/kb/en-us/127433

Sophos UTM Up2Date 9.504 Released

Sophos has today [17th October 2017] released UTM 9.504. The release will be rolled out in phases. In phase 1 you can download the update package from the FTP server, in phase 2 it will spread it via the Up2Date servers.

Up2Date Information

News

  • Security Release

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade

Bugfixes

  • NUTM-8851 [Basesystem] System doesn’t boot if Posgtresql database cannot start
  • NUTM-7240 [RED] RED 50 loosing ARP entries of internal machines
  • NUTM-8782 [RED] RED10, RED15, RED50: Update OpenSSL and TCPdump to most current version
  • NUTM-8858 [RED] DNSMasq vulnerabilities





Power On Issues On Sophos SG310 Appliance

Issue :

Power on issues on Sophos SG310 appliance

Resolution :

Sophos are using ATX Power Supplies in their appliances, which have a power switch to turn it on or off.

In case you do a shut-down using the LCD-Panel, WebAdmin or on the console, the system goes down and halts.

The Power Supply Unit still gets power, and provides low power to different components on the main board. This means that the system doesn’t completely power off.

On a standard desktop computer for example, this is used to turn it on using the push button from the front panel.

To turn the appliance on again, you have to switch off the power supply unit and wait roughly 10 seconds before you can power it on again.

This is to protect components like capacitors or inductors, which have to discharge from delivering low voltage to the Motherboard.




Image result for Sophos SG310

Windows 10 Update KB4041676 [10th October 2017]

This update applies to Windows 10 Version 1703

October 10, 2017—KB4041676 (OS Build 15063.674)

This update should apply via Windows Update – If it does not, or you need to install this manually here is the direct download link.

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addressed issue where some UWP and Centennial apps show a gray icon and display the error message “This app can’t open” on launch.
  • Addressed reliability issue that causes the AppReadiness service to stop working.
  • Addressed issue where applications that use the Silverlight map stack stop working.
  • Addressed issue where VSync prevents devices from entering Panel Self Refresh mode, which can lead to reduced battery life.
  • Addressed issue where user customizations (like pinned tiles) made to an enforced partial Start layout are lost when upgrading to Windows 10 1703.
  • Addressed issue where the Universal CRT caused the linker (link.exe) to stop working for large projects.
  • Addressed issue that prevents Windows Error Reporting from saving error reports in a temporary folder that is recreated with incorrect permissions. Instead, the temporary folder is inadvertently deleted.
  • Addressed issue where the MSMQ performance counter (MSMQ Queue) may not populate queue instances when the server hosts a clustered MSMQ role.
  • Addressed issue with the token broker where it was leaking a token that caused sessions to remain allocated after logoff.
  • Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This caused users to see the PIN prompt multiple times in a short time period; normally, the PIN prompt only displays once.
  • Addressed issue where using the Cipher.exe /u tool to update Data Recovery Agent (DRA) encryption keys fails unless user certification encryption already exists on the machine.
  • Addressed issue where using AppLocker to block a Modern app fails. This issue occurs only with Modern apps that come pre-installed with Windows.
  • Addressed issue with form submissions in Internet Explorer.
  • Addressed issue with the rendering of a graphics element in Internet Explorer.
  • Addressed issue that prevents an element from receiving focus in Internet Explorer.
  • Addressed issue with the docking and undocking of Internet Explorer windows.
  • Addressed issue caused by a pop-up window in Internet Explorer.
  • Addressed issue where a Vendor API deleted data unexpectedly.
  • Addressed issue where using the Robocopy utility to copy a SharePoint document library, which is mounted as a drive letter, fails to copy files. However, in this scenario, Robocopy will copy folders successfully.
  • Addressed issue where MDM USB restrictions did not disable the USB port as expected.
  • Addressed issue where creating an iSCSI session on a new OS installation may result in the “Initiator instance does not exist” error when attempting to connect to a target.
  • Addressed issue where connecting to RDS applications published using Azure App Proxy fails. The error message is, “Your computer can’t connect to the Remote Desktop Gateway server. Contact your network administrator for assistance”. The error can occur when the RDP cookie size limit is exceeded. This update increased the size of the RDP cookie limit.
  • Addressed issue where USBHUB.SYS randomly causes memory corruption that results in random system crashes that are extremely difficult to diagnose.
  • Addressed issue that affects the download of some games from the Windows Store during the pre-order phase. Download fails with the error code 0x80070005, and the device attempts to restart the download from the beginning.
  • Addressed issue where the ServerSecurityDescriptor registry value does not migrate when you upgrade to Windows 10 1703. As a result, users might not be able to add a printer using the Citrix Print Manager service. Additionally, they might not be able to print to a client redirected printer, a Citrix universal print driver, or a network printer driver using the Citrix universal print driver.
  • Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Microsoft Edge, Windows Authentication, Windows TPM, Device Guard, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft Scripting Engine, Windows Server, Windows Subsystem for Linux, Microsoft JET Database Engine, and the Windows SMB Server.

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.




Known issues in this update

Symptom
Installing KB4034674 may change Czech and Arabic languages to English for Microsoft Edge and other applications.
Workaround
Microsoft is working on a resolution and will provide an update in an upcoming release.
Symptom
Systems with support enabled for USB Type-C Connector System Software Interface (UCSI) may experience a blue screen or stop responding with a black screen when a system shutdown is initiated.

Workaround

If available, disable UCSI in the computer system’s BIOS. This will also disable UCSI features in the Windows operating system.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Symptom

Microsoft is aware of a publishing issue with the October 10th, 2017 monthly security update for Windows 10 version 1703 (KB4041676) for WSUS\SCCM managed devices where Windows devices may fail to boot after installing this update

Workaround

Customers that download updates directly from Windows Update (Home and consumer devices) or Windows Update for Business are not impacted.

We have corrected this publishing issue. For users who encountered issues please refer to the following article:

Windows devices may fail to boot after installing October 10 version of KB 4041676 or 4041691 that contained a publishing issue

The cumulative security updates have been validated. We recommend all customers take these cumulative security updates.




COMM ERROR On Brother Fax Machine (Send or Receive)

This means that your Brother fax machine experienced a communications error when sending or receiving a FAX. This is generally caused by either interference on the line, phone line connection or another device on the line.

Try resending the documents and see if the message no longer appears.

If the message still appears, there may be a problem with the way the Brother machine is connected or you may have a bad telephone line. Disconnect any other equipment on the telephone line, i.e. answering machine, modem, extra telephones, switching devices, adapters, etc. Make sure the telephone line is connected directly from the jack (socket) on the Brother machine labeled “Line” to the telephone wall jack (socket).

Try resending again. If the transmission is successful, the problem was created by the connection of the Brother machine and the other devices on the line. Reconnect the other pieces of equipment one at a time to see which is causing the problem. If the error continues to appear on the report, try connecting the Brother machine to a different telephone line or have the line checked by the telephone company.




Related Brother model numbers :

FAX-1360, FAX-1820C, FAX-1840C, FAX-2480C, FAX-2820, FAX-2840, FAX-2850, FAX-2920, FAX-2950, FAX-717, FAX-727, FAX-737MC, FAX-8360P, MFC-210C, MFC-215C, MFC-230C, MFC-235C, MFC-240C, MFC-250C, MFC-255CW, MFC-257CW, MFC-260C, MFC-265C, MFC-290C, MFC-295CN, MFC-3100C, MFC-3220C, MFC-3240C, MFC-3360C, MFC-3420C, MFC-3820CN, MFC-410CN, MFC-425CN, MFC-440CN, MFC-465CN, MFC-4800, MFC-490CW, MFC-5100C, MFC-5200C, MFC-5440CN, MFC-5460CN, MFC-5490CN, MFC-5840CN, MFC-5860CN, MFC-5890CN, MFC-620CN, MFC-640CW, MFC-6490CW, MFC-665CW, MFC-685CW, MFC-6890CDW, MFC-7220, MFC-7225N, MFC-7240, MFC-7290, MFC-7320, MFC-7340, MFC-7360, MFC-7360N, MFC-7362N, MFC-7420, MFC-7440N, MFC-7450, MFC-7460DN, MFC-7470D, MFC-7820N, MFC-7840N, MFC-7840W, MFC-7860DN, MFC-7860DW, MFC-790CW, MFC-795CW, MFC-8220, MFC-8370DN, MFC-8380DN, MFC-8440, MFC-8460N, MFC-8480DN, MFC-8510DN, MFC-8820D, MFC-8840D, MFC-8840DN, MFC-885CW, MFC-8860DN, MFC-8880DN, MFC-8890DW, MFC-8910DW, MFC-8950DW, MFC-9120CN, MFC-9125CN, MFC-9180, MFC-9320CW, MFC-9325CW, MFC-9420CN, MFC-9440CN, MFC-9450CDN, MFC-9460CDN, MFC-9660, MFC-9840CDW, MFC-9880, MFC-990CW, MFC-9970CDW, MFC-J220, MFC-J2310, MFC-J2510, MFC-J265W, MFC-J410, MFC-J415W, MFC-J430W, MFC-J432W, MFC-J4410DW, MFC-J4510DW, MFC-J4710DW, MFC-J5910DW, MFC-J615W, MFC-J625DW, MFC-J6510DW, MFC-J6710DW, MFC-J6910DW, MFC-J825DW

Image result for brother fax machine




Sophos UTM SUM 4.306 Released

Sophos have released SUM version 4.306 to the Up2Date servers. This is a full GA release, meaning that this update will be offered to all SUM devices automatically.

Please note the system will be rebooted following this update.

You can download the full SUM ISO from here.  Or install this from the SUM portal.

Bugfixes

  • NSU-245 [accd] SUM  is accepting weak ciphers on port 4433 which fails PCI compliance scan
  • NSU-253 [basesystemBIND Vulnerability for CVE-2017-3136, CVE-2017-3137 and CVE2017-3138




Sophos UTM HTTP Proxy Does Not Work On Version 9.5

There is a known issue where Httpproxy with AD-SSO authentication in transparent mode doesn’t work with IE and Chrome after upgrading to Sophos UTM 9.5. Sophos are aware of this.

Resolution:

Upgrade to Sophos UTM 9.5 MR2 (9.502) which has been released and fixed this issue. Then, if possible update to the latest current version.

A domain re-join is necessary for making AD-SSO to work if you update to 9.502 and the appliance was rebooted between 9.501 and 9.502 update:

The re-join can be done following these steps:

    1. In the WebAdmin, browse to Definition & Users > Authentication Services > Single Sign-On.
    2. Type the username with incorrect password in the Active Directory Single-Sign-On (SSO) fields.
    3. Click Apply.
    4. Wait for error message in WebAdmin (Joining the domain failed).
      1. On a domain controller, manually delete the UTM’s computer account from AD; sync changes will ALL domain controllers.
    5. Type the username with correct password in the Active Directory Single-Sign-On (SSO) fields.
    6. Wait for error message in WebAdmin (Active Directory SSO saved successfully).

If the appliance has been rebooted between 9.501 installation and 9.502 upgrade, then re-joining will fix Kerberos authentication and ad-sync.

If the appliance has not been rebooted between 9.501 installation and 9.502 upgrade, then re-joining will fix ad-sync. Kerberos authentication would correctly work without re-joining.

The reason for this is that the machine password (that was changed via net ads changetrustpw) is lost during mdw restart.



Cisco 6921 and 6961 IP Phone Line Text Label Not Working

We have found that the line text label can not be displayed on the Cisco 6921 or 6961 IP phone.

According to the user manual it should display the line text label if the phone is idle:

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/6921_6941_6961/8_5/english/user_guide/phone.html#wp1009166

Under “Line details and other phone information” it say’s “During a call, displays details for the active line. If not on a call, displays line text label and other information such as placed calls, speed dials, and phone menu listings.

Issue:

Cisco TAC SR have said there is an error in the documentation, not in the phone. The display is apparently too limited to display the line text label so this is not possible.   Cisco Bug CSCtd52504

Symptom:
CUCM Admin page shows Linetextlabel setting for line of 6921/6961.
6921 and 6961 don’t support Linetextlabel setting, so CUCM needs to remove this field.

Conditions:
CUCM: 7.1.3.10000-11
6921/6961: 8.5.3

Workaround:
Ignore linetextlabel field

Further Problem Description:
Only 6941 in 6900 series supports linetext label.

Image result for Cisco 6921