Monthly Archives: December 2021

• More subscriber experiences with Windows 11

  Posted on December 20, 2021 at 02:44 CST by Fred Langa • Comment in the Forums

  LANGALIST

  

  By Fred Langa

  AskWoody readers are dipping their toes into Win11’s chilly (but warming!) waters, and that means there are more and more real-world cases we can all learn from!

  In today’s column, you’ll read the Win11 experiences of four different subscribers, learn of some corrections and amendments to previous information, and see where Win11 stands as of today.

  Read the full story in the AskWoody Plus Newsletter 18.49.0 (2021-12-20).

  LangaList LangaList, Newsletters, Windows 11

• Microsoft’s calling confusion: Teams, Meet Now, or Skype?

  Posted on December 20, 2021 at 02:43 CST by Peter Deegan • Comment in the Forums

  MICROSOFT 365

  

  By Peter Deegan

  Microsoft has a split personality when it comes to video and audio calling. There’s Skype, Skype for Business, Teams calling/meetings, and “Meet Now” in Windows 11.

  All three can do the same basic thing — computer-to-computer video/audio calls and meetings. What’s the difference, which one to use, and what’s the future of all these overlapping Microsoft options?

  Read the full story in the AskWoody Plus Newsletter 18.49.0 (2021-12-20).

  Microsoft 365 Microsoft 365, Newsletters, Skype, Teams

• End of the road for 2004

  Posted on December 20, 2021 at 02:42 CST by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  This is the very, very last patching month for Windows 10 release 2004.

  If you are still on 2004, even if you are using the Education or Enterprise editions, you will receive no updates in January or thereafter. Updates for Windows 10 1909 for Education or Enterprise editions expire on May 10, 2022.

  Read the full story in the AskWoody Plus Newsletter 18.49.0 (2021-12-20).

  Patch Watch Apple updates, Browser Updates, Newsletters, Patch Lady Posts, Windows Updates

• Tips for the week – what about the AppX vulnerability?

  Posted on December 18, 2021 at 22:15 CST by Susan Bradley • Comment in the Forums

  (Note, we’re not ready to give the all clear for installing this is just a post clarifying a particularly confusing update. More about the December updates will be in tomorrow’s newsletter)

  Youtube video here

  This is a special post about a VERY confusing patch that came out on December 14.
  Referred to the Windows AppX installer vulnerability, it’s been used in actual targeted attacks.

  What’s confusing about this update and it’s “patch documentation” is that it’s not really a separate patch, rather it gets updated through the cumulative update. You only need to install this “patch” if you are in a business or corporation and have blocked updating your machines, then you need to manually install this update. Otherwise, it’s already patched and you don’t have to worry about it.

  Now mind you the way the update is documented, it’s not clear, but in testing I can tell that it’s already been fixed.

  Now keep in mind that many of these “in the wild” exploits come in through attachments, so always be wary of attachments to emails. Think… don’t click! I call this “patching the human”. If you patch yourself first – make sure you don’t click on attachments that you weren’t expecting – this goes a long way to keeping yourself safe.

  Edit 12-19-2021:  clearly this is even more confusing. It gets updated through the Microsoft store. Note that I recommend that you leave the Microsoft store to automatically update software for this very reason. Just like browsers, this is something that too often we forget needs updating as well. Bottom line if you’ve not disabled updates for the MS store, you will already be up to date and will not need to take any action.

  Windows Security Patch Lady Posts

• December 2021 Patch Tuesday arrives – say goodbye to 2004

  Posted on December 14, 2021 at 12:24 CST by Susan Bradley • Comment in the Forums

  It’s that day of the month again when we turn and look (northward in my case, your location may vary) to Redmond and see what Holiday helpings they are serving this time. For those of you in businesses, you are probably not wanting to see any more patch notifications right now after dealing with all of the Log4shell patching you’ve been having to do lately. What got found in an online gaming platform is now causing patching headaches for many businesses because they all used this code in their logging software.

  https://twitter.com/GossiTheDog/status/1470787395805192199

  Even if you are a gamer, YOU aren’t the patcher in the Log4shell patching situation, it’s the cloud and application vendors. This code is not native to Windows operating systems. You may see a lot of headlines about businesses impacted by coin-mining attacks or ransomware. Reportedly Kronos a payroll company was hit with a Log4shell attack.

  For the windows updates this does have the printing fixes now rolled up in them and here’s hoping no new printer side effects will be introduced.

  https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec

  6 Zero days
  21 Elevation of Privilege Vulnerabilities
  26 Remote Code Execution Vulnerabilities
  10 Information Disclosure Vulnerabilities
  3 Denial of Service Vulnerabilities
  7 Spoofing Vulnerabilities

  And a partridge in a pear tree

  The updates have just started rolling out, again, as per normal rules of Askwoody patching engagement, you the home user want to hold back and wait to see what side effects occur. We’ll keep an eye out for you.

   

  MS-DEFCON December 2021 Black Tuesday, Patch Lady Posts

• Patching guidance for Apple devices – December 13, 2021

  Posted on December 13, 2021 at 15:05 CST by Susan Bradley • Comment in the Forums

  https://support.apple.com/en-us/HT201222

  As you can see by the release notes there are a LOT of security fixes in these releases

  iOS 15.2 security content addresses 38 vulns.

  8: out-of-bounds access
  7: buffer overflow
  5: input validation
  4: race condition
  4: logic issues
  3: memory corruption
  3: state machine
  2: use after free
  1: type confusion
  1: misc permission issue

  Same sort of Askwoody patching rules apply:  Home user, you can wait a bit to ensure there are no side effects.

  Business user – especially someone who might be targeted (work for defense, big business etc) you’ll want this sooner not later

  Apple Patch Lady Posts

• AskWoody subscribers test Windows 11

  Posted on December 13, 2021 at 02:45 CST by Fred Langa • Comment in the Forums

  ISSUE 18.48 • 2021-12-13

  LANGALIST

  

  By Fred Langa

  AskWoody members are experimenting with Windows 11 … and getting mixed results.

  Today’s examples: One reader got good (albeit confusing) results with Microsoft’s free Win11 Virtual PC, but another suffered a much less happy outcome with a for-real installation.

  This column provides additional detail regarding the free Win11 VPC and the likely causes (and remedies!) for the second PC’s problems.

  Read the full story in the AskWoody Plus Newsletter 18.48.0 (2021-12-13).
  This story also appears in the AskWoody Free Newsletter 18.48.F (2021-12-13).

  LangaList LangaList, Newsletters, Windows 11

• Mad at costly Grinch bots? Get yourself a free one.

  Posted on December 13, 2021 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  This year’s global supply-chain crunch is making numerous electronic items go in and out of stock at retailers, and the problem has been made worse by “Grinch bots,” automated tools that some operators use to snap up whatever hot tech and toys may momentarily become available.

  Some worried tech buyers — and a few desperate parents of kids who “need” this year’s must-have toy — have tried to subscribe to their own Grinch bot (formally known as a shopping bot). But the services can cost $99 per month plus initiation fees, and they offer no guarantee you’ll actually score the items you want.

  Read the full story in the AskWoody Plus Newsletter 18.48.0 (2021-12-13).

  Public Defender Newsletters, Online shopping, Public Defender

• Two solid replacements for the kludgy Windows 11 Start menu

  Posted on December 13, 2021 at 02:43 CST by Lance Whitney • Comment in the Forums

  WINDOWS 11

  

  By Lance Whitney

  Don’t like the Windows 11 Start menu? Both Start 11 and StartAllBack will bring the menu back to more traditional and usable style and functionality.

  In its fervor to push out Windows 11, Microsoft made some key changes to the new OS — some good and some bad. On the bad side of the fence is the new Start menu. Dispensing with the familiar list and tile layout in Windows 10, Microsoft pared down the menu into a single box that shows only your pinned and recommended apps.

  Read the full story in the AskWoody Plus Newsletter 18.48.0 (2021-12-13).

  Windows 11 Newsletters, Start menus, Windows 11

• Click-to-run dribbles out changes

  Posted on December 13, 2021 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Office patches are handled differently than Windows patches, and they can be very disruptive as a result.

  Microsoft always releases security patches for Windows on the second Tuesday of the month, no matter what the actual date. It’s the reason that this month’s updates haven’t yet arrived — today is December 13, and Patch Tuesday is December 14. We won’t receive security patches until tomorrow!

  Read the full story in the AskWoody Plus Newsletter 18.48.0 (2021-12-13).

  On Security Microsoft 365, Newsletters, Office, Patch Lady Posts, Security

• Tips for the weekend – why are you still on 2004?

  Posted on December 12, 2021 at 00:12 CST by Susan Bradley • Comment in the Forums

  Video here

  For all of you askwoody readers that are still on 2004, after I give the go ahead for patching later on in the month, I’ll want you to do not only the updates for the month, but figure out why you are still stuck on 2004.  When I make the decision to upgrade to whatever version, my preferred way to upgrade is to go to the ISO download page and start the install from there by clicking on upgrade now, then launch the exe file that downloads and run the upgrade. It should install and then ask for a reboot.

  I’ve seen a few folks have issues with vpn software and with the update not occuring at all. Often the two drivers most impacted by feature releases are network card drivers and video card drivers. Go to the vendor’s site and see if you can find newer drivers.  If you’ve had issues getting 21H2 installed and regularly use VPN software, I’d honestly recommend uninstalling vpn software and reinstalling it afterwards. I’ve seen issues in past feature release installation processes triggered by installed

  Bottom line, use this post to let me/us know that you are still stuck on Windows 10 2004.  By now the majority of home users should have been offered a later version. So if you are STILL on 2004, please post here in the comments. I want to figure out why you are still stuck!

  Resources:

  Topic: 6000003 Registry keys and group policy settings to select specific feature

  Topic: Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10

  Windows 10 Releases Patch Lady Posts

• Critical vulnerability in something?

  Posted on December 11, 2021 at 02:00 CST by Susan Bradley • Comment in the Forums

  For home users this is one of those vulnerabilities you might read in our CodeRed forum and in the news in the coming days. It may impact services you use, espeially if you are a gamer you may have seen some notifications, but there’s not much you can do personally.  Your vendors have to patch for this. This is not native to the windows platform or the Apple computer you personally use.

  So why do I bring it up? Because your vendors may be scrambling to patch for this over the weekend. Log4j vulnerability is rated as a 10. There is no higher threat than this “A remote code execution zero-day vulnerability in Log4j 2, called Log4Shell (CVE-2021-44228), surfaced on December 9, 2021. Affected services include Cloudflare, iCloud, Minecraft: Java Edition, Steam, Tencent QQ, and Twitter. The feature causing this vulnerability can be disabled with a configuration setting, which has been disabled by default in version 2.15.0, officially released a few days prior. The Apache Software Foundation has assigned the maximum CVSS severity rating of 10 to Log4Shell”

  What is it?  A vulnerability in a Java based logging package that’s used in a LOT of vendor applications. This is especially concerning around the holiday season when security teams start taking vacation time.

  Who’s Impacted? (info courtesy of the Huntress folks)

  • Millions of applications and manufacturers use log4j for logging. This includes…

  • Apple

  • Twitter

  • Steam

  • Tesla

  • Apache applications (e.g. Apache Struts, Solr and Druid)

  • Redis

  • ElasticSearch

  • Video games (e.g. Minecraft)

  For those that are consultants that use tools to monitor computers, this may be in some of your tools.

  I would keep an eye on the Huntress blog for more information.

  Critical RCE Vulnerability: log4j – CVE-2021-44228 (huntress.com)

  Critical RCE Vulnerability Is Affecting Java : sysadmin (reddit.com)

  Bottom line, us home users aren’t impacted, but some of our application vendors may be pulling an all night patching session.

  Edit 12/11/2021 – Microsoft has released a blog post showcasing the actions they are taking.

  Windows Security Patch Lady Posts
• « Older Entries

  Newer Entries »