Saturday, October 12, 2013

Microsoft Silverlight update repeatedly fails to install with error 0x80070643

The Problem
My wife made me aware that she always had one update to install while shutting down her computer. Being an IT guy by day, it took me a little before I got around to troubleshooting the issue. Anyways a quick glance in the "System" Event Logs revealed that a security update for Microsoft Silverlight seemed to be the issue.

Now my wife doesn't use Silverlight very much and I may have been able to get away with simply uninstalling it. I wanted to figure out the issue though and with that in mind continued on in my troubleshooting.

 It was update KB2890788 and was failing with error 0x80070643. This problem had started on September 8th with the update KB2847559 transitioning to the other update on the 10th.

Up to this point my wife had done the install on update option, so I thought I would try manually installing the update via the Windows Update control panel applet. Selecting only it and pressing install led to a "Preparing to install.." status for quite some time. In the "Application" event logs I was getting informational events from "Windows Error Reporting" basically telling me the update wasn't installing.

Never got an error on the Windows Update section, so I closed  it.

The Solution
I then manually downloaded the latest version of Silverlight from Microsoft's site. I then installed it and it upon completion it told me it was successful. You can see in the picture below the install log in the background as well as the successful completion message.

Upon completing the install I had it check for updates again and the update it had been failing on no longer appeared in the list.

So it appears that the install of Silverlight became corrupt and the update was unable to apply. A fresh install corrected the issue.

Friday, July 19, 2013

CIP 007 R2 Ports and Services - Part 1 (Basic Port Enumeration)

Disclaimer: The information I provide is that of my own and does not reflect on the organizations I work for. The information I share should not be the only thing you rely upon for compliance and is provided as-is.

One of the areas of great concern for individuals involved with NERC CIP is CIP standard 007. It is the standard under which most of the work for compliance is done to secure assets. CIP 007 is also the most violated standard. A big offender is standard R2, Ports and Services. It is also a difficult one to comply with since there a large amount of services and ports per asset.

This topic will be broken into multiple posts due to the amount of information that can be shared. Ports and services will also be broken into different posts. I will begin by discussing some areas of overlap.

CIP 007 R2 states, "An entity will disable all unused ports and services not required for normal or emergency operation." The requirement for this standard is interesting. Let's discuss what this means in relation to ports first.

This relates to logical network ports like TCP port 25, which is most often used by SMTP. Ports, as related to compliance and security, considers only listening devices. For those new to network ports this means the network ports that are open and waiting for a connection from other devices or potentially from another process on that computer. NERC CIP does not currently have standards for physical ports on an asset. This does not mean physical ports should not be tracked. As part of its overall security standpoint a company should track and control the physical ports on their devices. Additionally this approach may serve the side benefit of ensuring information is collected when these ports do fall under a compliance standard of one type or another. A person or entity may decide that they want to define what a port and listening port is. As of the time I wrote this post, there was not yet a definition by NERC of either of these, but be sure to check that as new information surfaces daily.

There are multiple ways to collect information about a devices ports. Many devices are capable of listing the ports via their management face through a program or internal function. On a windows and linux based box, a person can run the netstat via the command line. Below is just a small sample of the output that may be seen from running "netstat -abno" windows based box.
This method is going to usually be the most accurate way to collect ports from a device that supports it.

Another way to collect ports from a device is to use a port scanning tool such as NMAP, Angry IP Scanner, etc. This software works by manually checking ports on the device to see if they are open. Usually the tool is run from a remote device. Remember to verify the full TCP and UDP port ranges 0-65535. Scanning only TCP is not sufficient.

Port scanners are usually the only method to collect ports from devices that do not have an internal method to collect ports information. An example of such a device may be a PLC. The output of an NMAP scan using the Zenmap GUI is shown below:
The benefits of using a port scanning tool is that a person can enumerate ports from devices that are incapable of enumerating ports natively. Additionally, all data is usually stored in one location. Some device vendors, like Allen Bradley, will provide software to scan their devices for open ports. In most cases a person or entity should use what their vendor requires.
There are some negatives to using a Port scanning tool.
  • Port Scanning isn't always consistent, so a port may be missed. Try multiple scans to catch all listening ports on a device.
  • If there are devices such as a firewall, in between the device conducting the scans and the device being scanned, reliable port data may not be retrieved.
  • Some devices do not handle being scanned well. They may lock up, slow down, or function in methods that are not acceptable.
    • This may mean that a person or entity would want to have an identical device in a non production network that can be re-configured in an identical manner. This device than can be scanned to collect port information.
    • Possibly scanning the devices while not in production also may be necessary.
With all of that in mind I would recommend that when companies purchase new devices they ensure that they are capable of natively enumerating port data. There are many network switches, firewalls, control devices that can do this.
There will always be devices that cannot do this so make sure that the person or entity can reliably enumerate the ports of these devices via a Port Scan. Additionally some malicious software can hide listening ports from native commands such as netstat, so an occasional port scan may be useful for comparison purposes.
In the next NERC CIP related post I will share additional port enumeration information as well as methods to "disable" the ports and start to cover services.

Friday, June 7, 2013

Into to NERC CIP into my Blog

NERC CIP two acronyms  when placed together that strike fear into the heart of any that have been given the responsibility to abide by its requirements. NERC, North American Energy Reliability Corporation, is the entity that is in charge of developing and enforcing the standards used to ensure reliability of the North American bulk power systems. 

There are many standards that are under NERC's umbrella but if you are here reading this it is because you desire to know more about CIP. CIP, Critical Infrastructure Protection,  is the standards that relate specifically to the protection of the electrical control systems. CIP is the combination of standards that are also a bit of a touchy topic for many due to the feel by some that NERC is not doing enough to protect the electrical grid. To any who have had to abide by the full set of NERC CIP standards this is hard to believe since it requires a lot of work. I will not be debating the standards, although I feel that they are forcing many entities to make steps towards security, which is a good thing.

NERC CIP has been my life for the last year.  As with the rest of my blog the intent of this new period will be to share things I have learned to hopefully help all everyone else trying to accomplish their work. Before we get started  there are two tips I want to share.

1st - Compliance is not security and some things it requires will not make sense, but if it is required you must do it.

2nd - If you don't have evidence of something you did, you didn't do it. This is important to remember. A small portion of what you will do will be work, the other large portion of it will be collecting evidence and documenting your work.

This is the first post of many. One area I will be focusing on is the infamous CIP-007. I will still be doing my posts of troubleshooting and such, but NERC CIP is a big part of  my life now. So on to it.
For some good reading:

Saturday, February 16, 2013

Problems sending Messages via Voice with Windows Phone 8

So I started having issues after moving to Windows Phone 8 sending texts via voice. I would press and hold down the Windows key to get it to accept my command.
After doing this I would state my command of "Text (Person's Name)" and if I said it without food in my mouth it would recognize the command and show the next dialog box.
It would then bring up the next screen giving me the option to "say your message"
After stating my message whatever it was, in this case it was "Purple people eater" then it would show me this screen.
Now if I continue to do everything by voice as well as sending then everything works, but their are instances where I manually want to add some additional text that it is having a hard time recognizing. To do this pressing on the pencil in the middle, aka "Edit", allows you to do just that and brings up the next screen. I can then add what I want and then press the "Send" button.
 The problem is that I then get an error shortly after sending it.

If you have a sharp eye then you noticed in the last two pictures it is actually showing two recipients. Now I never added the second recipient. When you press "Edit" it for some reason adds just the last name of your recipient. This last name does not have any number associated so it errors out although for some reason it thinks it has an email address of the last name as shown below:
This can be re-created as many times as you want. I am using Windows Phone 8 running on a Nokia Lumia 920 running the portico the latest update through ATT. Now enough with the problem.

So I started thinking it was odd that it was just the last name. I remember there was a way to change how contacts were displayed in the "people" hub. So if you go under "Settings" and then "Applications." Clicking on "people" brings up the people settings.
Now changing the "Sort list by" either to "First name" or "Last name" results in the same behavior. So I decided to change the "Display names by" setting from "Last, First" to "First Last."
Upon testing the same procedure show above, clicking on "Edit" shows the following message screen.
As you can see above there is only one name now. Sending this message does not result in any error being displayed later.
So if you are facing the follow behavior you can either change your "Display names by" to "First Last" or you can delete the last name of your contact out of the "To:" field each time. Either way I hope this gets fixed in a future patch.
Sorry for the large number of images, just wanted to properly document this bug.


Friday, January 11, 2013

Communication Error when Printing PDFs from Windows 8 Reader

The Problem
I recently installed Windows 8 and did an upgrade from Windows 8. This worked great and I have been enjoying it for the last couple of days. Today I ran into an issue though. I was trying to print out a PDF using Microsoft's Reader.

With Windows 8 you do this by bringing up the charm bar on the right of the screen in the app you want to print and clicking on devices.

To bring up the charm bar for a device with keyboard/mouse press "Windows Key + C" or take your mouse to the very upper-right or lower-right of the screen and it will appear

After clicking on Devices it should display your printer as well as some other devices. You then click on your printer. After doing this you should get a Print Preview as well as some options that allow you to print out the document.

In my case though instead of getting the preview as you see to the left I got an error, which I wish I had print screened but sadly didn't. It stated something along the lines of not being able to communicate with the printer. This was odd for me and I guessed it had some issue with the driver. The odd thing though was that when I was in the "Desktop" mode than the printer printed fine. I guessed then that the driver from Windows 7 was not compatible with the Metro section of Windows 8.

This was odd to me since the print drivers for Windows 8 are awesome in that they are supposed to provide basic print functionality for pretty much every printer. Meaning that unlike what many people did when they upgraded to Vista or 7 you don't need to purchase a new printer. You can read more about this here: MSDN Blog Article:

The Solution
I went into the printer properties for my printer and it showed the right driver. I then deleted my printer. I then went to re-added my printer. I noticed one of the other ways didn't work so the way that worked for me to find my printer was to open "Devices and Printers" and click on "Add a Printer"

My printer was then discovered and I added it. It then used one of the class drivers which provide compatibility with printers that are not compatible with Windows 8, called "Brother Laser Leg Type2 Class Driver". This was for a Brother HL2070N.

I thought that the fact that Windows 8 had picked this driver I was probably in a better place. Sure enough opening my PDF, bringing up the charm bar then devices and clicking on my printer brought up the print preview and allowed me to successfully print out my PDF.

So my recommendation for people having printer problems would be to delete them and then re-add them. Windows 8 will select the best driver and you should be good to go.

Hope this helps everyone using the Microsoft Reader, athough I am guessing this would have been a problem with Adobe Reader too if it is metro compatible.