|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Monthly Archives: August 2021
-
October 5th is the date
B in the forums points out that Microsoft says October 5th is when Windows 11 comes out!
Topic: Windows 11 to be released on October 5, 2021 @ AskWoody
I’m so old I remember when people would sleep overnight at a computer store when a Microsoft release would come out. Now? Eh….I’ll wait until the bugs get worked out and the third party tools that will allow us to do what we want with the desktop come out.
(Yes Start11 is in beta)
-
The basics of security
ISSUE 18.33 • 2021-08-30 ON SECURITY
By Susan Bradley
What are the basics you need to secure your computers and devices?
The needs of consumer and business users are different, but the foundation of security is the same for both. We all need an operating system we can trust, a means to surf the Internet in a trustworthy fashion, and a way to save and store passwords securely. And I’ll add a fourth to this list, increasingly important: we need an application or device to allow us to effectively and efficiently use multi-factor authentication.
Read the full story in the AskWoody Plus Newsletter 18.33.0 (2021-08-30).
This story also appears in the AskWoody Free Newsletter 18.33.F (2021-08-30). -
The new PC Health Check app is here (almost)
WINDOWS 11
By Will Fastie
Hallelujah!
Sorry. That might be a little over the top. Rejoicing may be too early. And maybe unjustified.
On August 27, Microsoft posted an article titled Update on Windows 11 minimum system requirements and the PC Health Check app to its Windows Insider blog. The article covered two topics, as its title suggests.
Read the full story in the AskWoody Plus Newsletter 18.33.0 (2021-08-30).
This story also appears in the AskWoody Free Newsletter 18.33.F (2021-08-30). -
Should you activate Win10’s optional Application Guard?
LANGALIST
By Fred Langa
It’s disabled by default and comes with some serious gotchas … but it also can add an extra level of online security to Microsoft Office apps and to the Edge browser.
Here’s how to tell whether Microsoft Defender Application Guard is available on your PC and how to enable it if you wish to give it a try.
Plus: Sleuthing a user’s unusual Windows 7 to 10 activation issue!
Read the full story in the AskWoody Plus Newsletter 18.33.0 (2021-08-30).
-
Apple plans to break its end-to-end encryption
PUBLIC DEFENDER
By Brian Livingston
Apple Computer shocked computer-security experts when the Cupertino company announced on August 5 that it plans to circumvent end-to-end encryption in Mac and iOS software, reporting US users if more than a few photos in their iCloud account match a national database of child pornography.
“We want to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material (CSAM),” Apple said in its announcement. But people with experience in the subject said the technology would be used for everything other than that.
Read the full story in the AskWoody Plus Newsletter 18.33.0 (2021-08-30).
-
Breaking and entering with Linux
HARDWARE
By Ben Myers
Use Linux on a USB stick to diagnose a Windows system.
My working premise here is that your Windows system will not boot, not even in safe or any other degraded mode. You have no idea what’s going on, and it is premature, time-consuming, and sometimes futile to rip a computer open to see what is inside. The solution is to boot another operating system from a USB stick and use it to explore and diagnose problems.
Read the full story in the AskWoody Plus Newsletter 18.33.0 (2021-08-30).
-
Opal: How I planned my new build
HARDWARE DIY
By Will Fastie
I’ll say it again — it’s not the building, it’s the planning.
A favorite saying about war plans is that they do not survive first contact with the enemy. A slight paraphrase is that a plan does not survive first contact with reality.
Reality caused me to make a change in my build plan, which is the first thing I want to tell you about. Onyx may be dying.
Read the full story in the AskWoody Plus Newsletter 18.33.0 (2021-08-30).
-
Tasks for the weekend – August 28, 2021 – trying out new browsers
(Youtube here demo-ing the various browsers)
Last week’s newsletter about browsing your way to more security showcased that many of you are looking for browser options. It reminded me that the world is not just Edge, Firefox, Chrome or even Brave.
Other browsers to investigate include:
Tor Browser – safeguards privacy
Now I will complain about Opera – either I missed a check box but it made itself default.
So? What browsers have you used lately? I’d recommend having multiple ones installed and trying them out on your different devices. Many of them have versions for Windows, Apple, Linux and even phone platforms.
And yes, note that the AskWoody site/WordFence that protects the site from attacks does NOT like the Tor Browser when it’s in what I’m going to call it’s “hide me” mode where you are using a vpn like connection to the tor network. As many of you know (and can attest to) this is a common occurrence with the site. As always it’s hard to balance security and usability. Lower the security of the site, and the site suffers. Use a VPN or VPN like browser to gain security on your side and you suffer by being blocked. I’d recommend using multiple browsers and deciding which browser you use for your tasks and browsing that you want more private, and another for those sites that request a bit more from you. In the meantime I have a case open with WordFence and I’ll keep you posted. Security is never easy for sure.
-
Beta testing – want to get text alerts when the MS-DEFCON changes?
Update at 8:39 am. pacific 8-28 – all slots gone – I’ll let you know when the service opens up after beta testing is over.
I’m doing a VERY small beta test and asking for 20 of the Askwoody forum folks if they want to sign up for a beta of the AskWoody MS-DEFCON texting service.
As you know when we declare that it’s all clear to install updates, we change the status on the site and we email you the alerts if you are a plus member. But several of you have asked for a more direct notification.
Currently there are two ways to be alerted. The first is utilizing twitter to get a notice on your phone or twitter page when the site changes status.
Twitter: https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. They will look like this:
The second way is currently in beta testing:
Cell phone notifications via text: Stay tuned. We are in the process of beta testing a service that will text you when the status changes. There will be a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the texting service and server hosting needed to send out the alerts.
Here’s my request: I need 20 volunteers/beta testers to test out the sign up process and then test out the alerts when they go out. The requirement is that you MUST already be an AskWoody Plus member. If you’d like to participate email me (sb@askwoody.com) an email with the subject line of BETA and I will email you back the instructions and coupon so you can have the service for a year. Once these twenty slots are filled, I’ll update this post to let you know that they’ve been filled up.
I’ll then need those of you who sign up to let me know if the process of signing up worked for you and then of course when we change the alerts status on the site if the notification got to you okay.
For everyone else, I’ll let you know when the site and service goes fully live! Right now I anticipate the end of September for my go-live goal.
Thank you in advance for your help!
-
Got OneDrive for business with more than 1TB?
We’re investigating an issue in which users' OneDrive for Business storage limits are lower than expected. Additional information will be provided in the admin center under OD280960.
— Microsoft 365 Status (@MSFT365Status) August 26, 2021
If any of your users got an email this morning that their OneDrive for business was over the 1TB limit and you KNOW you set that to be a 5TB limit, bottom line the issue is not you, it’s the cloud.
-
Before rolling out Windows 11
Check that supportability with your vendors:
CCH Software News – Compatibility with Microsoft Windows 11 Operating System
Dear CCH Customer:
At this time, we are unable to officially support our 2021 software products on the new Microsoft® Windows® 11 operating system for the upcoming tax season. While preliminary testing against the preview versions has shown positive results, the final release candidate of Windows® 11 has not yet been released to us, and therefore we have been unable to test our 2021 software for full compatibility with Windows® 11.
After the final release candidate for Windows® 11 is released to us, we will commence our compatibility testing. The projected official release of Windows® 11 is late 2021, and, as such, we do not anticipate officially supporting the new operating system for the 2021 tax filing season.
We will communicate any change in the support policy for our 2021 software once Microsoft® officially releases the operating system and our compatibility testing is complete. See the Microsoft® website for more information on Windows® 11.
Sincerely,
Wolters Kluwer Tax & Accounting, North America
Wolters Kluwer is one of several main tax software vendors in the US. This is pretty typical for line of business applications, I just thought it interesting that they go so far as to indicate that they probably won’t support it for the entire tax season (typically January through April 15th).
-
MS-DEFCON 4: All clear for consumers, less so for businesses
ISSUE 18.32.1 • 2021-08-25 
By Susan Bradley
This month has been a bit bumpy for business users needing to print.
This month’s change to a technology called “Point and Print” has triggered side effects for information technology professionals who deployed workstations without administrator rights.
Although I’m reluctantly recommending installing these updates, because you need to be protected from all the other vulnerabilities this month, I must acknowledge that even after you patch, you still won’t be protected from printer vulnerabilities. There is yet another Print Spooler issue out there. Right now, the only way you can protect yourself from the remote Print Spooler attack described by CVE-2021-36958 is to keep your Print Spooler service disabled unless it is absolutely needed.
Consumer and home usersInstall the August updates. In a change to my past update recommendations regarding .NET, I now recommend installing the .NET updates as well. For the last year, I’ve not experienced any side effects with the nonsecurity .NET updates and feel confident about their safety.
I’ve also not been tracking any side effects with Chromebook 92 after its release on August 2. Unlike last month, there’s been no need to roll back this version.
Business usersFor those of you in charge of business patching, there’s no good resolution for the side effects of the August updates, not to mention the risks of the unpatched Print Spooler vulnerability. If you deploy print drivers using group policy and your users do not have administrator rights, they are being prompted to install a printer-driver update even though the printer driver has not changed — the only thing that has occurred is that the patch was installed. You can deploy a registry key to
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
with the name RestrictDriverInstallationToAdministrators and a DWord value of 0, but unfortunately, this opens up your workstations to attack. It’s not a good solution.
The root cause appears to be v3 versions of printer drivers. In the short term, I recommend several possible solutions.
- Temporarily allow administrator rights via group policy to allow your end users to install the updated print driver, and then revert them back to non administrator rights.
- Use the registry key workaround (above) that will allow printer drivers to be installed, with full knowledge that this opens your machine up to attack.
- Review the printer drivers you have installed and ensure that they are v4 and not earlier versions.
References
- AskWoody Master Patch List
Read the full story in the AskWoody Plus Alert 18.32.1 (2021-08-25).
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
iOS/iPadOS 16.4 : Dim Epilepsy-Inducing Flashing Lights In Videos
by 12 minutes ago
-
windows networking issues
by 2 hours, 4 minutes ago
-
Gordon Moore died at the age of 94
by 7 hours, 7 minutes ago
-
New CISA tool detects hacking activity in Microsoft cloud services
by 22 hours, 37 minutes ago
-
Laptop update from Mate 19.2 to 21.1
by 4 hours, 26 minutes ago
-
Microsoft setting the ball for Windows 12 as it begins adding Cloud PC
by 1 hour, 33 minutes ago
-
March KB5023696 patch removed but now I have a what’s next question
by 20 hours, 25 minutes ago
-
CCleaner’s Driver Updater – does it work?
by 12 hours, 8 minutes ago
-
Issue 2439: CentOS Stream 9: missing kernel security fixes
by 1 day, 21 hours ago
-
Microsoft to throttle emails to online email if you are running old stuff
by 1 day, 13 hours ago
-
fre-ac updates
by 1 day, 21 hours ago
-
Windows 10 lost start up password
by 1 day, 21 hours ago
-
Windows 11 Insider Preview Build 22621.1470 and 22623.1470 released to BETA
by 1 day, 22 hours ago
-
Windows 11 Insider Preview build 25324 released to Canary
by 23 hours, 41 minutes ago
-
Windows 11 Insider Preview build 23419 released to DEV
by 2 days ago
-
Dribble?
by 2 days, 1 hour ago
-
Allow defenderbootstrapper.exe to phone home?
by 3 hours, 47 minutes ago
-
KB 5022836 will not install
by 1 hour, 44 minutes ago
-
Windows 11 desktop for Windows 10 user
by 2 days, 1 hour ago
-
GNOME 44 ‘Kuala Lumpur’ released
by 2 days, 21 hours ago
-
Emotet adopts Microsoft OneNote attachments
by 2 days, 21 hours ago
-
US : The Spy Law That Big Tech Wants to Limit
by 1 day, 17 hours ago
-
Ferrari confirms customer data breached following ransomware attack
by 2 days, 22 hours ago
-
Outlook bookmarks redirects to a different location, Help!
by 2 days, 23 hours ago
-
Should I go to win11?
by 1 day ago
-
The Framework Laptop – Fully Modular
by 1 day ago
-
Windows Snipping Tool is vulnerable to Acropalypse too.
by 3 hours ago
-
Pale Moon updates
by 3 days, 8 hours ago
-
“Local Security Authority protection is off.” with persistent restart
by 2 days, 22 hours ago
-
Self-encrypting drive setup on Linux
by 3 days, 10 hours ago
