MS-DEFCON 2: Pause to review

By Susan Bradley

We’re halfway through the patching year.

It seems like just yesterday when I lowered the MS-DEFCON level to allow a cautious breather so we could apply critical patches. Oh, wait — that’s right, it was just last week.

In June, Patch Tuesday fell on the latest day of the month possible: the 14th. It takes all of us patch watchers a little bit of time to assess the safety of the last round of updates — and before you know it, the next Tuesday is upon us. So after little more than a week, it’s time to pause updates again. Accordingly, I am raising the MS-DEFCON level to 2.

Anyone can read the full MS-DEFCON Alert (19.27.1, 2022-07-07).

Apple is coming out with a super lockdown mode

Apple announced (and Alex has posted a link over here) about their “lockdown” mode for those iphone users that are specifically targeted.

Keep in mind that it also includes blocking devices from being able to forensically examined. The phone will be blocked and not allow cables to be plugged into its port — stymieing the kinds of digital forensics tools.

Note this will not be needed for all users, but might be interesting to try out and consider using if you are really into security. It’s slated to be in the next version of iOS 16 which is currently in beta.

July 2022 Office non-Security updates are now available

The July 2022 Office non-Security updates have been released Tuesday, July 5, 2022. They are not included in the DEFCON-3 approval for the June 2022 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

Office 2016
Update for Microsoft Office 2016 (KB5002192)
Update for Microsoft Office 2016 (KB5002226)

There were no non-security listings for Office 2013.
On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support ended for Office 2013 on April 11, 2023.
Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

SPECIAL EDITION: Web Presence

EDITORIAL

By Will Fastie

Freedom!

For our US-based readership, today is a celebration of freedom and liberty. To add our little bit to the festivities, we are “liberating” eight articles previously available only to Plus members. And for Plus members, you’ll now have this entire set in one, ad-free place.

I’m talking about the “Web Presence” series I wrote for Woody in the second half of 2020. In the series, I tried to provide a comprehensive primer about living on the Web and especially about creating and maintaining your own website, whether for personal or business reasons. The series touches on domains, email, social networks, development, and more.

Read the full story in our Plus Newsletter (19.27.0, 2022-07-04).
This story also appears in our public Newsletter.

It’s mid year check up time!

It’s middle of the 2022 year and it’s time to take stock of your computing needs and wants and what might need some upgrades.  Now before you think I’m ready to say let’s all upgrade  to Windows 11, that’s not the upgrade I’m thinking of. Rather I want you to review your existing equipment and specifcally your backups.  Mid year is when I review my backup media and if I’ve been using an external hard drive (like my usual Western Digital USB external hard drives), I consider retiring one that I’m using and buying a new one.  I do this to ensure that my backup is on healthy drives, and then I typically take a mid year backup and store it offsite.  In the case of my office I take backups home, or in the case of home, you may even consider putting a usb external hard drive with critical information into your safety deposit box at the bank.  You may even want to consider adding some cloud service as an additional backup location.

Next what about the firmware on your computer?  If you have a name brand computer like HP or Dell they have a firmware checking tool that alerts you to firmware updates. Just like windows updates, firmware updates are really important these days to ensure your machine is functioning correctly.

What about the plug ins in your browser?  I would launch each browser you have on your computer and review what extensions are installed. If you can’t remember why you installed that extension, it’s time to remove it or at least ask in the forums as to why you still might need it.

What about the driver for your printer? And what about how your printer connects to your computer? Whenever I set up a printer these days, whether it’s at the office or at home I set them up as wired – not wireless connections. Then I print out from the configuration screen of the printer what the print configuration is. It will tell me what IP address the printer has grabbed. I will then go to the computer, add printer, and then add printer via IP address.  After I set up the printer – it will pull down the printer driver it wants – I will go back and ensure that the printer is still set up with an IP address not the WSD printer type that the printer wants it to be, but I don’t want it to be.

I then go back and set up the IP address that the printer is actually on.

WSD is one of those technologies that I still stay away from.

So what do you include in your mid year review of your technology?

MS-DEFCON 3: Should we patch?

By Susan Bradley

I have good news and bad news.

Some of you will install the June updates and see absolutely no issues whatsoever. Others have tried to install the June updates and experienced side effects. Microsoft has acknowledged some, but not all, of the issues. This makes it a hard month. I don’t like to let people get to the end of the month and not install updates, but at the same time there are some bugs that are deeply impactful to both consumers and businesses.

Based upon my recommendations below, I am lowering the MS-DEFCON level to 3. I commonly set the level to 4 after giving the month’s updates a chance to settle, but this time greater caution is warranted.

Anyone can read the full MS-DEFCON Alert (19.26.1, 2022-06-28).

The right to repair

LEGAL BRIEF

By Max Stul Oppenheimer, Esq.

Purchasing a product gives you broad rights to do with it as you please.

Those rights are not unlimited. For example, you can’t drive your new Ferrari through town at 120 mph; you can’t use your new hammer to smash anyone’s thumb but your own.

Those rights are also limited by two legal constraints: you cannot infringe on someone else’s intellectual property rights, and you cannot use the product in a way you promised not to by entering into a contract to that effect.

Read the full story in our Plus Newsletter (19.26.0, 2022-06-27).
This story also appears in our public Newsletter.

The hard drive is dead; long live solid-state storage

SILICON

By Brian Livingston

The death of hard disk drives may be greatly exaggerated — after all, HDD manufacturers sold more than 250 million units worldwide in 2021 — but solid-state drives, which store data in semiconductors with no moving parts, finally overtook the unit sales of HDDs last year. The writing is on the wall for ye olde spinning platters.

SSDs have many advantages over HDDs, including being much smaller in size and offering faster throughput. But even after years of cost improvements, SSDs are still a much more expensive choice.

Read the full story in our Plus Newsletter (19.26.0, 2022-06-27).

Getting to one OneNote on Windows

ONENOTE

By Mary Branscombe

It’s finally becoming less confusing to pick the right Windows OneNote app, but you still have some decisions to make.

After 16 years of OneNote, you might have liked the fresh new look of OneNote for Windows 10 and the way it could sync custom tags from one device to another. If that was the case, you might have liked Microsoft’s 2018 claim that it was “making OneNote for Windows 10 the best version of OneNote on Windows.”

The official angle then was that no new features would be coming to OneNote 2016.

Read the full story in our Plus Newsletter (19.26.0, 2022-06-27).

FocusWriter — Don’t get distracted by squirrels and things

FREEWARE SPOTLIGHT

By Deanna McElveen

We have so many distractions on and near our computer screens that it can be a real chore to stay focused when writing. Whether it be an article, a family Christmas letter (we still do those), or a novel, you have to concentrate if you ever want to be done and see the sun again.

FocusWriter by Graeme Gott has been around since 2008 (same year OlderGeeks.com was born) and is one of the most popular freeware programs for writers. FocusWriter can’t keep the bluebirds away from your window or turn down your TV, but it is very good at keeping things on your screen from distracting you.

Read the full story in our Plus Newsletter (19.26.0, 2022-06-27).

Dealing with DCOM

PATCH WATCH

By Susan Bradley

In the June updates, Microsoft continues its journey to harden the Distributed Component Object Model (DCOM), with the goal of making it more resilient to attack.

DCOM is a proprietary Microsoft software component that allows COM objects to communicate with each other over a network. Network OLE was the precursor to DCOM (remember Windows 3.1.1?). Because DCOM can run programs on other computers, hackers can leverage it for lateral-movement attacks through your network, gaining access to more data. This activity can be difficult to detect because it’s not malware or hacker tools — all it takes to access DCOM is PowerShell.

Read the full story in our Plus Newsletter (19.26.0, 2022-06-27).

Windows 8.1 is getting close to the finish line

I know there are a fair amount of Askwoody readership that are still using Windows 8.1. Microsoft will be including a nag notification soon to indicate that the end of life for Windows 8.1 will be January 10, 2023.

Now just a reminder, your computer will still work. It just won’t receive security updates. You’ll need to ensure that your antivirus will continue to get dat files, and that browsers are supported. I don’t see Chrome posting any drop dead date at this time. Remember Windows 7 has a drop dead support date for Chrome as of January 15, 2023.

They are not planning to offer extended support packages for Windows 8.1.

I will have to investigate if 0patch is going to continue to update after 8.1 drops out of support.

Bottom line, if you LOVE Windows 8.1, start planning now.