9th Chrome Zero day being patched

Just a kind reminder, it’s that time of the year where depending on which hemisphere you are in it’s either a bit nippy, a bit tropical or a bit warm. But regardless of where you are located, it’s also that time of the year to ensure that whatever browser you use is fully up to date.

Chrome is releasing a fix for the 9th zero day patch of the 2022 year. An exploit has been used in the wild. It’s unsure if this bug has been used in targeted attacks or widespread. The details are being withheld until we all get patched up.  Which also means that Edge will get it’s update soon. While you are there, make sure Firefox and any other browser you use is up to date especially given this is holiday surfing time.

I was just online finding a recipe for a grilled cheese sandwich that looked really good and also saw the alert about the zero day.  Let’s be careful out there while we find good recipes for grilled cheese sandwiches!

A major change to our newsletters

FROM THE PUBLISHER

By Susan Bradley

We’re developing new, bonus content!

When I acquired the AskWoody business, I felt that we would face difficulty in publishing our newsletters every week, 52 weeks per year. One of my first decisions was to change the publishing schedule to 48 times per year, approximately four issues per month. That remains our official policy.

However, that’s not actually what we did.

Read the full story in our Plus Newsletter (19.48.0, 2022-11-28).
This story also appears in our public Newsletter.

How our little business is run

FROM THE EDITOR

By Will Fastie

The operation of a small business isn’t usually the subject of a paper in the Harvard Business Review.

Neither is AskWoody Tech LLC.

In one of our regular and routine conversations, Susan and I talked about our respective operational roles, the things we regularly do, and — more to the point — the technology we use every day. The surprise was that despite common links, we do dramatically different things.

Read the full story in our Plus Newsletter (19.48.0, 2022-11-28).
This story also appears in our public Newsletter.

Behind the scenes: The site

COMMENTARY

By Susan Bradley

A newsletter about Windows isn’t run on Windows.

I’ve always found it interesting to see how something works, and I’ll bet many of our readers do, too. So I’m going to use my space in this bonus issue by giving you a peek into the technology we use to run the site and our forums, to prepare the newsletter, and to get it to your inbox.

Read the full story in our Plus Newsletter (19.48.0, 2022-11-28).
This story also appears in our public Newsletter.

Behind the scenes: The newsletter

COMMENTARY

By Will Fastie

When I took this job, I was surprised at the number of moving parts involved in publishing the newsletter.

My predecessor, editor emeritus Tracey Capen, did an excellent job with general organization and collaboration. Tracey wrote a very comprehensive document in OneNote about how to produce the newsletter, which was extremely helpful in my early days. I was very grateful to have that guide because otherwise, I would have been at sea on day one.

Publishing an issue of the newsletter involves a lot of steps.

Read the full story in our Plus Newsletter (19.48.0, 2022-11-28).
This story also appears in our public Newsletter.

Got pop ups and ads?

Someone mentioned the other day “I’m having more and more ads … so many it’s often hard to read anything on a website …”

Whenever anyone complains about ads that are so annoying to where they interfere with a web site, chances are you don’t need an ad blocker, chances are you have either browser notifications enabled or some sort of advertising software installed on your system that it making your system pop up an ad.

This is the American holiday of Thanksgiving when I review the health and well being of my computer systems. One key way to review your systems is to literally look in the add/remove programs (or programs and features) section of your computer and sort by date installed. If those annoying pop ups started a month ago, scroll down and review what programs are installed. If you don’t recognize something, ask here in the forums and we can help you figure the good programs from the bad ones.

Next, see any funky tool bars installed?  Is your search engine not going to what you want it to go to?

Next open up each browser you have installed. Click on the (typically) the three dots in the upper corner and click on extensions. What do you have installed? Do you personally remember installed each installed extension?

Go into the settings of the browser and search on notifications. In Chrome it’s chrome://settings/content/notifications?search=notifications, in Firefox it’s about:preferences#searchResults and then search on notifications. Make sure only those sites you WANT to notify you are set to be notified from.

Especially if you are going to be online shopping this weekend, make sure your browser is up to date, ONLY has the extensions YOU intend to have installed, and ONLY uses the search engine you intend to have.

If there is something not quite right, ask here in the forums, there are links to the right to get you started!

MS-DEFCON 3: Side effect with Domain patch

By Susan Bradley

November Domain controller update leads to memory leak

Business patchers only:  Microsoft has posted up a known side effect introduced by the November updates applied to domain controllers.

As they note in their health release: (with my slight edits for clarification)

After installing November or later updates on Domain Controllers (DCs), you might experience a memory leak with Local Security Authority Subsystem Service (LSASS,exe). Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart. Note: The out-of-band updates for DCs released November 17, 2022 and November 18, 2022 do not fix the issue and are also affected by this issue.

Workaround one if you can remove the patch: Uninstall the November 8th updates and out of band updates that are listed here.

Workaround two if you are mandated to keep the patch installed: To mitigate this issue, open Command Prompt as Administrator and use the following command to set the registry key KrbtgtFullPacSignature to 0:

Note that this ONLY impacts business patchers and does NOT impact consumers.

Happy Thanksgiving to all 2022!

It’s the American holiday of eating turkey, watching tv and at my house, the annual get the Christmas boxes down and start decorating the tree. Already I’ve prevented a near disaster, when checking the Christmas tree lights (as I am the master light checker), I realized that one of the fuse bulbs was out making an entire string go out. Fortunately, last year I realized that while I still had quite a few replacement bulb, I didn’t have many fuse bulb and ordered replacements.  Notice they are sold out and thus at some point in the future I will have to restring the tree with new lights. Once again proving that with any technology, always make sure you have spare parts.

Today’s the day I also spend the time reviewing the health and well being of computers in my house as the turkey roasts in the oven. I’ll review hard drive space, make sure that all computers have been updated to SSD drives. I use this time to ensure all of my machines on Windows 10 21H2 are ready to go to 22H2. But don’t just review your computer hardware, also review the speed of your internet. If you have multiple computers, check the speed on all of the devices – including ipads. If you’ve been a customer of your ISP for a long time, consider calling them up and seeing if you can get a cheaper/faster deal. You may not want to call today, as chances are their staffing is lower today and thus you’d have longer wait times.

So monitor that turkey, and review your technology and have a happy holiday!  Thanks to all of you too!

MS-DEFCON 3: Issues with domains

By Susan Bradley

November updates lead to side effects

My usual advice regarding updates with known side effects is to wait until the problems are resolved. But every so often, the risk of waiting is greater than the risks associated with the side effects.

That’s the way I see the situation now. The November updates require you to slog through the issues and deal with the side effects. For that reason, I’m lowering the MS-DEFCON level to 3. I’d really like to go to 4, but I think greater caution is required.

Anyone can read the full MS-DEFCON Alert (19.47.1, 2022-11-22).

When should you retire your Apple device?

PATCH WATCH

By Susan Bradley

Apple’s recent releases encourage new hardware.

There are several people at my office who constantly purchase the latest iPhone or iPad, turning in their old devices in the process. I’m not that adventurous — I don’t recommend updating quite that fast.

However, I do recommend an upgrade if your phone is an older model, such as iPhone 8. Why? Because the best security is provided on the newest hardware, and because Apple has become more like Microsoft in requiring newer hardware to protect against snooping, zero days, and other risks.

Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).
This story also appears in our public Newsletter.

Be watchful for scams in the forums

FROM THE FORUMS

By Susan Bradley

Last week, there was an incident in the forums that was unexpected and of some concern.

Someone (let’s codename the person “Rogue”) signed up for a Plus membership, then used it to send direct messages (DMs) to several other members. The DM contained a solicitation.

I took immediate action.

Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).
This story also appears in our public Newsletter.

Will PayPal fine you $2500 for trading artistic nudes?

PUBLIC DEFENDER

By Brian Livingston

PayPal, the giant online payment-processing service based in San Jose, California, put itself in hot water last month by releasing, and then disavowing, a document that threatened to deduct $2500 or more from PayPal users’ financial accounts if any of their transactions “appear to depict nudity” or “promote misinformation.”

Setting aside that vague and confusing language for a moment, PayPal’s checkered history with regulators is worth recalling. For instance, the company was recently subjected to a number of actions.

Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).