Tag Archives: Windows 10

Secure Your DNS Traffic with the outside world

DoH in Microsoft Windows OS

Until this moment Microsoft Windows OS doesn’t support DNS over HTTPS, The feature will most likely be implemented in future builds but no body knows when is that however, You can still take a peak into the feature which is in preview mode/

No alt text provided for this image

Benefit of using DoH on an OS level

The benefit of using DoH on an Operating System level would provide more certainty that your DNS queries leave your computer without being read by any other party even if that is your ISP.

A simple DNS nslookup query using Wireshark on your computer would show you how serious this topic is. After installing Wireshark you’ll be able to see that all of your dns queries are in clear text and can be read by anyone until it gets to the destination website/server.

Demonstration of DNS lookup without DoH

After installing Wireshark, I fire up Powershell or CMD and try to nslookup google.com and it’ll show what I just queried for.

No alt text provided for this image

So how to make sure that your DNS queries don’t leave your computer in clear text format? and since Microsoft OS is not DoH ready yet what can you do?

In my case, I am already using encrypted DNS on firewall level as I have Pfsense acting as a router and it already supports DoH but still not pretty satisfied :).

DNSCrypt as a solution

Since the foundation of DoH I have been looking for a solution that would work on Microsoft Windows OS and luckily someone already created this great project called Simple DNSCrypt which not just enables the encryption of DNS queries on your OS but also enables this to work as a service.

No alt text provided for this image

Installing DNSCrypt would create a Windows based Service which would start automatically when your OS boots and logs into Windows.

The service is called DNSCrypt Client Proxy

Add alt textNo alt text provided for this image

DNSCrypt has a simple interface, You can pick up the DNS Server where to forward queries to and it works with proof.

Right after the installation of this tiny app, launch it as an administrator and configure it as in the below screenshot. You can choose to install the service or not.

Add alt textNo alt text provided for this image

Right after you enable it (By clicking on your Network Card box) that will start protecting your DNS queries. Let’s go ahead with a little demo

I am going to start Wireshark after enabling DnsCrypt and do a google dns lookup , As you can see below on wireshark it’s not returning any dns queries.

No alt text provided for this image

When you install Simple DNSCrypt it changes your Preferred DNS configuration to localhost so that all queries is passed through the app in DNS over HTTPS which doesn’t allow even Wireshark to see it as DNS.

So that makes it pretty secure and not even your firewall will see it.

If you have any question please don’t hesitate to ask me

Official DNScrypt website https://simplednscrypt.org/

Support the project founder https://github.com/bitbeans/SimpleDnsCrypt

Microsoft Windows 10 security updates KB4532695 and KB4528760 causes TPM driver to fail and results in windows 10 BSOD

Update: For the solution scroll to the end of the page.

Windows 10 Update :

Yesterday and today Microsoft released KB4532695 and KB4528760 causes TPM 2.0 driver to stop functioning and causes BSOD with error “Memory Management” Issue.

clip_image001

image

Windows Hello Face Authentication

In the first KB Microsoft says they have improved the accuracy of Windows Hello Face authentication however this would cause your PIN to be reset, TPM driver stop functioning and BitLocker to change in Pause state.

Check KB Article here

clip_image001[4]

image

The BSOD will generate an event ID 1001 stating the bugcheck code and saves a dump. ( I haven’t analyzed that yet).

clip_image001[6]

After Uninstalling the updates it was a no go but at least the Memory Management BSOD stopped..

Interesting thing is that not just TPM stopped, now even Virtual Box says no Virtualization Capabilities supported on my Device which I had over 20 VMs on it and was working fine also before these updates.

The TPM is indeed firmware as it’s fixed on the board..

In the event viewer related to Device Manager (Trusted Platform Module 2.0) I see couple of errors sourced from Kernel-PnP and UserPnp

KernelPnp error

Device ACPI\MSFT0101\1 had a problem starting.

Driver Name: tpm.inf
Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Service: TPM
Lower Filters:
Upper Filters:
Problem: 0xA
Problem Status: 0xC0000001

—-

Device ACPI\MSFT0101\1 was configured.

Driver Name: tpm.inf
Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Driver Date: 06/21/2006
Driver Version: 10.0.18362.267
Driver Provider: Microsoft
Driver Section: Tpm2BaseInstall
Driver Rank: 0xFF0002
Matching Device Id: *MSFT0101
Outranked Drivers: tpm.inf:ACPI\MSFT0101:00FF0001
Device Updated: true
Parent Device: ACPI_HAL\PNP0C08\0

—-

UserPnp (Informational event) happens after Kernel-Pnp fail

Driver Management concluded the process to install driver tpm.inf_amd64_aaaa339206cb706e for Device Instance ID ACPI\MSFT0101\1 with the following status: 0x0.

Solution:

After two days of struggling I managed to find the solution.

Disable Device Guard from Group Policy and PowerShell.

  • To disable from PowerShell you’ll need to download the Device Guard and Credential Guard hardware readiness tool which contains a script that would disable/enable Device Guard.
  • Use the following cmdlet .\DG_Readiness_Tool_v3.6.ps1 -Disable after extracting the the DG readiness tools from the link below

https://www.microsoft.com/en-us/download/details.aspx?id=53337

  • From Run type gpedit.msc and launch Group Policy then navigate to Computer Configuration > Administrative Templates > System > Device Guard and set “Turn On Virtualization Based Security” To Not Configured.

Once this is done, Restart your Computer and Press F3 to disable Device Gaurd twice. When restarting the Computer will restart again and you’ll see that your TPM is back to normal.

Warning for millions of Windows 10 users

The “Windows List” website, which follows the news of the famous operating system “Windows 10“, issued a warning to the users of the Operating system after it monitored a new security update for the operating system, which is “KB4528760” causing serious problems, noting that the problem “appears to be widespread now.”

Related image

In its interpretation of the sequence of events, the site says that this update initially fails to install on the device, issuing “a number of general error messages” that do not provide any indication of the cause of the problem, then the problem escalates as the next time you restart the computer it fails to boot .

“The recent update KB4528760 for Windows 1909 (the Windows build version number) appears to cause problems with some computers and prevents them from Starting up, causing the oxcooooooe error code. The number of devices affected by this problem has increased after installing this update,” says a user on the official Microsoft Community Forum. .

Image result for windows 10 error code oxcooooooe

Some users attribute the problem to Microsoft’s Connect app, which the company has terminated. Although it is not the only scenario of the cause of the problem, the users who installed the app or had it installed and then uninstalled it, have been particularly severely affected. It is only Windows Vista that completely re-installs the Windows 10 operating system.

What increases the importance of the warning issued by “Windows Light” is precisely that Microsoft is not yet aware of this problem. Indeed, until the moment the company states on the support page of the latest update that it is “currently not aware of any problems with this update.”

This is a recurring series of slow responses in recent years, as Windows 10 users have experienced problems caused by system updates, and this is disappointing because it encourages users to continue to download the update that might harm their computers

The good thing here is that Microsoft is working on substantive modifications to improve the updates of “Windows 10”, but the bad thing is that the process of testing the modifications in its entirety is fundamentally flawed, according to the site mentioned