MS-DEFCON 2: Windows 10 22H2 expected this month

By Susan Bradley

We originally had the impression that Windows 10 and 11 updates would appear simultaneously, but — for this time at least — it looks like Windows 10 22H2 will be here in October, a month after Windows 11 2022 (22H2).

As with Windows 11 2022, I am not expecting a major release. As per my usual recommendation, don’t accept the Windows 10 22H2 update right away. Instead, defer it until I’ve had a chance to test and review. That advice also comes with an elevation of the MS-DEFCON level to 2.

Anyone can read the full MS-DEFCON Alert (19.40.1, 2022-10-06).

October 2022 Office non-Security updates have been released

The October 2022 Office non-Security updates have been released Tuesday, October 4, 2022. They are not included in the DEFCON-4 approval for the September 2022 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

Office 2016
Update for Microsoft Office 2016 (KB5002243)

Office 2013
Update for Microsoft Office 2013 (KB5002274)

On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support ends for Office 2013 on April 11, 2023.
Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

Securing Windows 11 with 22H2

ON SECURITY

By Susan Bradley

The recent Windows 11 update brings more security features, but with a big caveat — only users with specific license levels benefit.

In addition, hardware requirements are tighter; I’ll discuss those shortly.

I’ve received some key questions about Windows 11 from our readers, and I’m going to take the opportunity to answer some of those in this column.

Read the full story in our Plus Newsletter (19.40.0, 2022-10-03).
This story also appears in our public Newsletter.

Real-life SSD reliability must be managed

HARDWARE

By Ben Myers

Solid-state drives did not have a very good week here recently, but it was not their fault.

Here are the facts about a trifecta of mainstream laptops I handled recently, and why these laptops came up short. If you pay attention to the details here, you can improve the life and reliability of your solid-state drives (SSDs).

I will also weave in my opinions and points of view on various related subjects.

Read the full story in our Plus Newsletter (19.40.0, 2022-10-03).

How to digitize your 35mm slides (or, how I did it)

PERSONAL MEDIA

By Gary Oddi

My first retirement project, nearly 20 years ago, was to digitize my 35mm slides — all 11,000 of them.

I started with flatbed scanners, but they were too time-consuming and too frustrating to set up. Were the slides right side up? Did I have the emulsion side correctly positioned?

Most of my slides were in Kodak carousels, and many more were in archival trays or plastic slide sheets. It was a pain in the neck to take them out individually, scan them, and put them back — and it took too much time. So, nothing happened. I’ll bet that’s a familiar story.

Read the full story in our Plus Newsletter (19.40.0, 2022-10-03).

Slimjet – A Web browser with no assembly required

FREEWARE SPOTLIGHT

By Deanna McElveen

There are a lot of Web browsers out there if you want to stray from Microsoft Edge, Google Chrome, or Mozilla Firefox.

All have extensions you can install to add your favorite cool features, but that’s like having to assemble your toys on Christmas morning. How about something that comes out of the box ready to go?

Read the full story in our Plus Newsletter (19.40.0, 2022-10-03).

What kind of backup do you need?

Seeing the devastation in Florida reminds me that having key records stored someplace else is wise. But there are two things to always keep in mind:

1. Security of where that is stored
2. Where that is stored

Should you have digital records stored on a portable flash drive or external usb hard drive?  Should you have it in a cloud service?

When deciding what it key to keep, think in terms of what is important for recovery purposes as well as what is important for your legacy and memories.

If extreme events occur, having things stored on the cloud is actually not a bad thing.  You can sign up for inexpensive storage on onedrive.  If you are a small business you can look at products like Cyber Fortress (used to be called Jungle Drive) .

Another option you can use is products that “sync” your data.  Now I’m not talking about Onedrive, but rather products that Sync to Onedrive or other cloud services. So you still have your full file structure locally, but then there is a copy elsewhere.  The one I use personally is SyncBackPro.  It works for both business settings as well as personal settings (they have a free personal version).  For many years Microsoft had this tool called Synctoy that worked great.  Too great.  They killed it. Yeah…

One command line tool that still works wonders is robocopy – but mind you it’s best with mapped drives or local drives.  Depending on the Cloud service it may not work to copy items.

Do you use syncing software?  If so, what do you use and why do you like it?  What do you sync and where do you sync it to?

Microsoft email zero day

What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already fully patched.

If we have online email with Microsoft, are we at risk?  No.

Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

If you are an Exchange admin and need help, pile on here

(note I am sending this out as a defcon text alert but not an email alert)

Follow the guidance in the MSRC post to protect your on premise email servers:

The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns

Note:

If you don’t run Microsoft Exchange on premise, and don’t have Outlook Web App facing the internet, you are not impacted.

Preparing yourself

First off to anyone in the path of Hurricane Ian, please stay safe.

All of us need to remind ourselves that while we may not be facing Hurricanes, we may be facing some other destruction.  I’ll be doing some articles and videos on backups and best practices but this is also a reminder to not be so quick to blow off any cloud solution in your backup plans because of the subscription model (which it has) or the risk of cloud access by attackers (which should also not be blown off as a non issue). As the images and videos out of Florida showcase, this is when you can not have enough backups.  Having your key information somewhere in a secure cloud is actually a GOOD thing.  Often your local devices are damaged, you can’t get back into your home, your office, or your bank where you stored your offsite backup.

Also think of alternative ways you can access your information on a non standard device. Rather than a desktop computer, think of a device like an ipad or a chromebook which is much more portable and you can take it with you.

Here are some other tips from the Florida Red Cross:

Hurricane Ian | Press Release | American Red Cross

Download the free Red Cross Emergency App for real-time weather alerts, open Red Cross shelters, and expert advice on emergency situations. Search “American Red Cross” in app stores or go to redcross.org/apps. You can also enable the Red Cross Hurricane Alert skill on Amazon Alexa-enabled devices to receive warnings about an approaching hurricane and preparedness information.

And if you like… donate to the red cross who are often one of the first folks back in to help clean up.

MS-DEFCON 4: A well-behaved September

By Susan Bradley

September updates have few side effects.

It’s always nice when the monthly update process is calm, with no storms. But due to a few snags, the best I can do is lower the MS-DEFCON level to 4.

These side effects are limited to issues seen in businesses; we ordinary, consumer mortals are not much affected.

Anyone can read the full MS-DEFCON Alert (19.39.1, 2022-09-27).

Windows 11 2H22 released, mostly

MICROSOFT NEWS

By Will Fastie

Well, it wasn’t really 2H22. It was 2022.

The entire news cycle about Windows 11, starting with its announcement over 18 months ago, has been different. Maybe weird is a better descriptor.

The announcement wasn’t an event; nothing was live. There wasn’t even a video from Panos Panay, who was simply noted as the author of a blog post. The surprise twist in all this, especially from the perspective of someone in the press, was that the announcement was not accompanied by a press release in Microsoft’s usual location. Instead, it was given its own microsite. The release was not mentioned on Microsoft’s home page and was noted only on the Windows page with an eyebrow link at the very top.

Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).
This story also appears in our public Newsletter.

Should you get a free credit report for any data breach?

PUBLIC DEFENDER

By Brian Livingston

Samsung Electronics — the giant multinational that sells 28% of all the smartphones in the world, as well as many other consumer devices — has sent notices to some of its users that their personal information in Samsung’s database has been hacked.

In a statement, the company says the hackers didn’t obtain users’ credit-card or debit-card numbers. But the intrusion did reveal some customers’ names, addresses, birthdates, and the Samsung products they’d registered. As a result, the corporation’s notices recommend that affected users obtain a copy of their credit report from major reporting agencies.

Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).