AskWoody

MS-DEFCON 4: The printing issues continue

ISSUE 18.37.1 • 2021-09-28 By Susan Bradley Printing or security — you decide We’re back to reasonable levels of safety and of understanding the nature of recent updates, so I’m recommending the resumption of update installation — but not without some major caveats. Sadly, there are still some side effects with printing, which is getting to be an annoying trend. It’s been months now. These updates also include new and expanded categories plus registry keys that allow you to officially defer Windows 11 and then choose to push off the upcoming 21H2 release. More about that later. Consumer and home users I haven’t seen printing problems with directly attached printers, the most likely scenario for home users. Therefore, I recommend applying the September updates now. The reason is that this month’s updates include expanded sections to choose various versions of Windows 10 or Windows 11 and specifically block what you don’t want. For those of you on Windows 10 Professional, after installing the September updates you’ll be able to click on the search box and type in “edit group policy.” Next, scroll down to Computer Configuration, Administrative Templates, Windows Components, Windows Update, and Windows Update for Business. Find the setting for Select the target Feature Update version. Click on Enabled, fill in the product version in the first box (“Windows 10”), and then the feature release version you want to keep. Of course, Windows 10 Home can’t do group policy. Instead, use registry keys to defer Windows 11 and stay on the version of Windows 10 you want. You’ll be adding a value under HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate Manually add the values “TargetReleaseVersion”=dword:00000001, “ProductVersion”=”Windows 10”, and “TargetReleaseVersionInfo”=”21H1”. I’ve made it easier for you by including links to download these registry keys. If you want to stay on 21H1, click on this link and install it on your system. If you plan to let your machine upgrade to 21H2, click on this link. And if you leave the setting alone and do nothing, and your computer does not have the hardware capabilities for Windows 11, you will not be offered the upgrade. If you do have hardware that can handle Windows 11, you’ll be offered — but not pushed to — Windows 11. Business users First the good news: Microsoft has finally acknowledged what we’ve known for weeks now — its updates trigger issues if your users do not have administrator rights. The bad news is that it hasn’t yet acknowledged the issues we’ve seen this month, nor are any fixes planned. Microsoft will only urge us to Verify that you are using the latest drivers for all your printing devices and where possible, use the same version of the print driver on the print client and print server. Microsoft indicates that the trigger is … caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file. But here’s the problem: We never installed a newer driver on the server. We did nothing but install the software update to the server. I know that many of these notifications are triggered by the use of v3 (older) printer drivers versus v4 printer drivers. If you cannot upgrade to v4 drivers, you have a couple of options to “re-push” out drivers to fix this issue. Unfortunately, in this era of cumulative updates you can’t break out the parts of the update you want from the parts you don’t want. So if you don’t install this update this month, you put your business at risk from MSHTML-based ransomware attacks (CVE-2021-40444).  If you make the decision to not install these updates, make sure you use the registry keys I wrote about earlier to block the MSHTML vulnerabilities. Don’t go unpatched and unprotected. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.37.1 (2021-09-28).

Got your Plus newsletter now?

So hopefully by now you have received your PLUS newsletter for the week. First, apologies. For some unknown reason that I’m unsure of at this time,  Mailchimp flagged our Plus newsletter account and would not send out the emails last night. They finally unblocked the account around noon pacific time, but for a while there I was considering alternatives.

When I reached out to Mailchimp the issue they said was “As you know, this was a pause by Omnivore, our automated abuse-prevention system, and was done out of caution, rather than for correction. It scans account and campaign content, and prompts human review so we can determine whether correction is needed, or, as is the case here, all’s well.”

Okay so how much do you want to bet that a software update nailed us? Sigh.  Apologies again, sorry for the inconvenience, we should be fully back to mailing you properly now. Remember stay tuned for the MS-DEFCON 4 to go out this week.

Missing your Plus newsletter?

So are we.  Apparently we are in the dog house (or rather Chimp house?) and it was not sent out last night as it was supposed to be.  We have a support ticket open with Mailchimp and as soon as the issue is resolved we’ll be sending out the newsletter.  Until then, remember you can read it online here.

Then clearly if we didn’t have enough troubles we accidentally put the subject line of “Plus” in the “Free” newsletter.  So if you got a “plus” newsletter and couldn’t get to any of the paid links, it’s because it REALLY was the Free newsletter.

I know.  It’s a Monday.  Apologies for the mess, we’ll get it straightened out.

Trouble in Paradise!

This morning we discovered that the Plus Newsletter was not delivered as expected. The newsletter was published and scheduled as usual, but our email provider had a problem. We don’t know what the problem is yet, but we are working on it.

We’ll get it mailed as soon as we can.

Many apologies for the inconvenience.

Share browsers without sharing their stored passwords

ISSUE 18.37 • 2021-09-27

LANGALIST

By Fred Langa

Browser-based password managers have an obvious vulnerability on shared PCs: anyone with access to the browser might also have access to all its stored passwords!

Today’s lead item discusses two separate ways to prevent unwanted password sharing. One is extremely secure but takes a little time to set up; the other takes only seconds but is less secure. Here’s the scoop!

Plus: Improved searching for old content on AskWoody.com!

Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).
This story also appears in the AskWoody Free Newsletter 18.37.F (2021-09-27).

Why some Outlooks will stop working with Microsoft services

MICROSOFT 365

By Peter Deegan

In a few weeks, some Outlook software will stop working with Microsoft’s online services, such as Microsoft 365.

If you thought that Microsoft products would always work with Microsoft’s own services, I have bad news. There’s a cutoff point. Microsoft is stopping some versions of Outlook for Windows from connecting to Microsoft hosted mailboxes.

Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).
This story also appears in the AskWoody Free Newsletter 18.37.F (2021-09-27).

Kape Technologies, formerly Crossrider, now owns 4 top VPNs

PUBLIC DEFENDER

By Brian Livingston

A holding company with a controversial history — Kape Technologies — announced this month that it had purchased a leading virtual private network, ExpressVPN, adding it to a collection of three other major VPN companies that Kape acquired in 2017 through 2019.

This concentration of VPN services has raised concerns.

Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).

Breaking and entering with Linux: What you see

HARDWARE

By Ben Myers

In my first “Breaking and entering” article, you saw what to do step-by-step to get an unbootable system into legacy boot mode and how to prepare a UEFI USB stick with Linux Mint.

Now, boot your system with that Linux USB stick.

Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).

Windows 11 Surfaces

MICROSOFT NEWS

By Will Fastie

Microsoft’s September event showcased its updated Surface lineup and doubled down on the Duo 2.

While Microsoft’s livestream presentation of September 2 was not tremendously exciting, it was a well-done description of the new Surface devices and was hosted by Panos Panay, in fine form.

I won’t bore you with every detail, but here are some good sources of information.

Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).

Microsoft says forget your passwords!

ON SECURITY

By Susan Bradley

In a major push, Microsoft is advocating moving away from passwords and instead using different authentication methods.

The headline: “The passwordless future is here for your Microsoft account.” Is it?

Here’s what Microsoft has to say in its security blog about a move away from passwords.

Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).

Tasks for the weekend – September 25, 2021 – but what if you DO want Windows 11?

Youtube here  Unless you’ve been’ living under a rock, you’ll know that Windows 11 is to be officially released on October 5th. We don’t know when 21H2 will be released but I think it will be after October 5th.  Don’t worry after I give the all clear to install updates I’ll walk you through the setting to defer 21H2 and ensure Windows 11 won’t get installed in next week’s newsletter. Some of you that are the testers for the rest of your office/fleet may want to have Windows 11 as soon as possible.

So what should you do if you DO want Windows 11 on your existing computer? 

First off as we’ve said before, check that your hardware can support it. Keeping in mind that if you’ve done ANY group policy based deferrals of updates, the Microsoft tool will say that your organization manages patching on your machine.  Thus you’ll need to use a third party tool like WhynotWin11 instead.

Next click on search, device manager, go into your video card driver drivers and review the date of the drivers. Next go to the manufacturer of the video card drivers (don’t google and go to a random driver site) and see if there are newer drivers. If there are, install them.

Next check if you have the latest and greatest engine of your antivirus vendor. (This will be automatic with Microsoft Defender). Ensure you have the latest engine from your vendor – and if need be – uninstall and reinstall. Make sure your backup vendor will support Windows 11 as well.

Review for support from your vendors – see if they all support it at this time – and if they don’t you can deal with not using them if there is an issue.

…and remember – you can roll back to Windows 10, you can easily do so.  So after you install it, go through the applications and accessories like printers and scanners that are your bread and butter items and test to make sure they work. If they don’t, roll back, report it here, and we’ll let you know when the issues are fixed.

Sneak peak – testing out a new skin on the forum

Over on a test forum (where we turn it on when we want to test updates and new plug ins) I have a test going on a new “skin” for the forum. Note we’re still in testing – at the present time if you want post anonymously you have to enter anon as the user and anon@askwoody.com as the email address – we’re working on making that prefilled in if you don’t want to log into the site.

https://testaskwoody.holbihost.com/forums/

Bottom line check it out. Let me know please if you have any issues?

The goal is to make it WAY more obvious how to start a topic or reply.

Feedback please!