AskWoody

If you are on the Windows 11 “beta” version

Alex pointed this out earlier, but I wanted to bubble this up to the blog site:

https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21H2#2739msgdesc

• Snipping Tool
• Accounts page and landing page in the Settings app (S mode only)
• Start menu (S mode only)
• Touch Keyboard, Voice Typing, and Emoji Panel
• Input Method Editor user interface (IME UI)
• Getting started and Tips

• Touch Keyboard, Voice Typing and Emoji Panel
• Input Method Editor user interface (IME UI)
• Getting started and Tips

MS-DEFCON 2: Here comes 21H2

ISSUE 18.42.1 • 2021-11-04 By Susan Bradley Microsoft is beginning to push 21H2, Microsoft’s least interesting feature release in the Windows 10 era. With new features that are interesting only to businesses, this feature release will serve only one purpose — that of providing you with lifecycle support for several years. So what’s in 21H2? Addition of WPA3 H2E standards support for enhanced Wi-Fi security In Windows Hello for Business, introduction of cloud trust, a new deployment method to support simplified, passwordless deployments and achieve a deploy-to-run state within a few minutes GPU compute support in the Windows Subsystem for Linux (WSL) and Azure IoT Edge for Linux on Windows (EFLOW) deployments, for machine learning and other compute-intensive workflows In other words, not much that will excite most of us. I don’t recommend installing feature releases until several weeks (at least) after their release. I strongly recommend that you use either group policy or the registry key methods to keep yourself on 21H1 at this time. You can review your options to defer feature releases. Consumer and home users For consumer and home users, I recommend that you push off updates until right before Thanksgiving, no sooner than November 23. Click on Start, Settings, Update and Security, and click the Pause for 7 days button. if you want to pause for more than seven days, click the button more than once. Do remember my mantra. I always want to install updates — it’s just a matter of timing. Business users By now (hopefully), you have found a resolution to any printing problems that have been driving you insane over the last several months. If not, we can hope that the November updates will include more printing fixes. We already know that the preview updates released at the end of October helped to fix issues for some. Those patches will be included in the November update releases, because Windows 10 patches are always cumulative. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.42.1 (2021-11-04).

Look Ma, no legs

Day one keynote at Microsoft’s Ignite. This is Microsoft’s major IT pro presentation for the year. Once again it’s coming to us digitally.  They are demonstrating an virtual experience that Accenture has used to onboard employees during the pandemic to provide animated versions of “you” in business meetings.

Most of the comments were about the fact that folks had no legs! It is a bit… odd to say the least.

Alex Fields notes that Microsoft Defender for Business is coming to SMB as it will be included in M365 Business premium. Announcement only, no public preview yet.

If I hear any announcements about Windows 10, I’ll add it here!

Most corporate PCs can’t install Windows 11, study says

ISSUE 18.42 • 2021-11-01

PUBLIC DEFENDER

By Brian Livingston

Microsoft has issued many, shall we say, evolving requirements for Windows 11 — confusing people about which devices actually qualify — but now a study of 30 million machines worldwide reveals the answer: at least 55% of PCs used by businesses don’t meet Win11’s upgrade requirements.

Surprisingly, the incompatibility is not due mainly to Microsoft’s insistence that version 2 of a motherboard-based device called a Trusted Platform Module be installed and enabled before a machine can upgrade to Win11.

Instead, more than 55% of PCs lack a new-enough CPU to meet the requirements, according to Esben Dochy, technical product evangelist for Lansweeper, the Belgium-based tech-management firm that conducted the study.

Read the full story in the AskWoody Plus Newsletter 18.42.0 (2021-11-01).
This story also appears in the AskWoody Free Newsletter 18.42.F (2021-11-01).

Update fails, and WaaSMedic runs for hours …

LANGALIST

By Fred Langa

Windows 10/11’s built-in WaaSMedic agent is supposed to automatically detect and repair problems with Windows Update.

But sometimes, it can’t fix what’s wrong; other times, WaaSMedic itself is the problem!

Fortunately, there are a number of known solutions — including some new advice from Microsoft — to remedy this and other common Update problems.

Plus: Edge won’t stay dead! And: A Wi-Fi dongle takes down a keyboard and mouse.

Read the full story in the AskWoody Plus Newsletter 18.42.0 (2021-11-01).

Freeware Spotlight – MyFolders

BEST UTILITIES

By Deanna McElveen

Sometimes you come across a free program and think to yourself, “Why is this not already a part of Windows?”

We’ve conditioned ourselves to use our computers a certain way. Need to sort a bunch of files? Well, start opening a bunch of windows and get to dragging. Sure, multi-pane file managers such as Q-Dir (my favorite) make things easier when sorting, especially if you use large or multiple screens, but what if I told you about something entirely new?

Read the full story in the AskWoody Plus Newsletter 18.42.0 (2021-11-01).

Security isn’t just a Microsoft thing

ON SECURITY

By Susan Bradley

Here at AskWoody, we concentrate on Microsoft patch days and security issues.

But insecurity, privacy, and protection of your sensitive information aren’t just a Microsoft thing. Attackers go where there are people, and computers, to attack. Recently, an ad claiming that Chromebooks were immune to ransomware caught my eye. While makers of Chromebooks can state that they do not have the operating system targeted by ransomware, that’s not to say they are immune from all security risks. There should be a certain amount of paranoia on every platform.

Read the full story in the AskWoody Plus Newsletter 18.42.0 (2021-11-01).

Tasks for the weekend – how is your ChromeBook?

While Chromebooks don’t suffer from the same aches and pains that Windows machines have, they aren’t 100% secure either. Any computer can be made better.

Youtube video here demonstrating the settings

Here are come recommendations for ChromeBooks.

1. Click the Three Dots at the top right of your screen, choose Settings, and then head to Privacy and Security followed by Security. There will be a section for Safe Browsing.  Choose the Enhanced Protection option. This provides more scanning of web sites for malicious content.
2. Reboot often – it ensures your system is up to date.
3. Ensure your passwords are encrypted: In Chrome’s Settings menu, click the You and Google option at the top of the screen. You’ll need to be logged into a Google Account for this.  Under Sync, choose Encryption Options. Look for the option that says Encrypt Synced Passwords With Your Google Account.
4. Opt out of Chrome’s new cookie platform: Visit Chrome’s Settings, go to Privacy and Security, and click the link to Privacy Sandbox. From there, you can flip a switch to disable Sandbox trials, as well as FLoC.  What’s FLoC you ask? It’s an alternative to cookies.
5. Make sure you are using Secure DNS: Click the Privacy and Security section in Settings, and look for the Use Secure DNS option.
6. Last and true for ANY browser: Always routinely review extensions.

Zero days in browser

Whether or not you’ve installed the October updates, make sure your Chrome – and even Edge – browser is up to date.

Two in-the-wild 0-days patched by Chrome: CVE-2021-38000 and CVE-2021-38003.

Regardless of how you patch the underlying operating system, you want to make sure your browser is fully patched.

Another operating system zero day was announced but I’m not as concerned about it. Given that “the exploit requires a threat actor to know another user’s user name and password to trigger the vulnerability, so it will likely not be widely abused in attacks“… this is one of those they need to get into your system or harvest information first. Thus it’s more of a business/enterprise risk for when the attacker is already in the network and has harvested credentials in the network per my read.

Edit on 10-29-2021 – Edge’s Chromium update is now out.

MS-DEFCON 3: Ready or not, it’s time to update

ISSUE 18.41.1 • 2021-10-26 By Susan Bradley It’s not exactly an all-clear. Normally, this is the time in the update cycle when I give an all-clear. It’s when most, if not all, of the side effects of patches have been identified. This month, unfortunately, there are still issues. However, that doesn’t mean I don’t want you to install updates. Even though there are documented problems with network printing after the October updates, they are not widespread. Many system administrators report that printing problems most often occur when the operating system of the server hosting the print server is older — and possibly unpatched — while the workstations are newer platforms that are patched. Therefore, after installing the updates in your peer-to-peer network, Make testing printing your first step. If you can print, leave the updates installed and pat yourself on the back — you survived October. If you are impacted by the October updates and do have printing issues, consider your situation carefully before you uninstall and block updates. There are several vulnerabilities included in the October updates, one of which, CVE-2021-40449, has been used in targeted malware attacks to elevate privileges on a system. My ongoing philosophy is that when the risk of being unpatched is higher than the risk of applying a patch, it’s time to install updates. I also don’t want to go a month without installing an update unless the reasons for doing so are very clear. I’ve installed the October updates at my home and office, including a collection of Ricoh network printers as well as stand-alone Brother, HP, Lexmark, and Canon printers (black-and-white as well as color printers). I’ve had no issues printing after installing the October updates, whether at home or office. I have mixtures of server operating systems including Server 2019, Server 2016, and Server 2012 R2 as well as Windows 10, plus a Windows 7 system under extended security patches. In short, just because you read in the headlines that we’re seeing printing issues doesn’t mean that you will have issues. Consumer and home users For those of you in a home setting, install updates now and immediately test for printing issues. My best guess is that you’ll be fine, with no problems. As mentioned above, everything is good at my house. Business users I’m sorry to say that business users must not be so sanguine — you are more likely to experience problems. If you do, there are several options. The first (which I’d rather you not do) is to uninstall the updates and block them (pause updates) until next month. The second is to install one of the preview updates that Microsoft will be releasing soon, especially if you are having issues deploying printers using Internet Printing Protocol. Microsoft has already released KB5006744 for Windows 10 1809, which includes a fix for: Addresses a known issue that might prevent the successful installation of printers using the Internet Printing Protocol (IPP). This month, there’s no clear resolution. You may have no issues at all with the October updates. You may have issues printing. If you are required to patch, and you end up having issues printing, I’d urge you to install the preview updates that I’ll be listing in the Master Patch List. If that doesn’t work, ensure that you understand the risks involved in not being patched this month. *Edit 10/26/2021 – Microsoft released KB5006738 for 21H1, 20H2 and 2004. It includes printing fixes that may help the issue. If you are impacted, install it and see if it helps. Bottom line: install the updates, see whether you can print. If you can, pat yourself on the back. If you can’t, prepare yourself for a bit of testing and hassle. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.41.1 (2021-10-26).

Big Sur and Monterey are out for Apple

The unofficial Apple security twitter account posted that there are updates for Big Sur 11.6.1 (if you want to stay on Big Sur) or macOS Monterey 12.0.1.

When you go to software updates, you may see “Upgrade now” and Monterey offered up to you. Alternatively is you want to stick with Big Sur, click on the More Info in the middle there

And you can opt to install that.

Should you install Monterey at this time?  Eh, it’s like Windows 10 and their feature releases. Unless you have a backup and an alternative computer, day one is not a good time to install new operating systems. So I recommend you stay on Big Sur at this time. I’ll let you know when it feels right to be upgrading to Monterey.

P.S. While this is a valuable account to follow if you are into twitter – I don’t believe the https://twitter.com/ApplSec twitter account is “officially” Apple. It’s still a valuable account to follow as it’s extremely up to date on it’s information, but just be aware it’s not an official communication from Apple.

What’s a NAS, and do I need one?

ISSUE 18.41 • 2021-10-25

HARDWARE

By Richard Hay

If I were writing this to a group of aviators in the United States Navy, they would immediately respond by saying a NAS is a Naval Air Station. However, this article is not about a location where planes and helicopters take off and land.

For this article, NAS stands for network-attached storage.

Read the full story in the AskWoody Plus Newsletter 18.41.0 (2021-10-25).
This story also appears in the AskWoody Free Newsletter 18.41.F (2021-10-25).