Newsletter Archives
-
USA only – alert to be sent to all devices
If you are startled tomorrow, it’s just the FEMA and FCC running a test of the emergency alert system.
“FEMA, in coordination with the Federal Communications Commission (FCC), will conduct a nationwide test of the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA) this fall.
The national test will consist of two portions, testing WEA and EAS capabilities. Both tests are scheduled to begin at approximately 2:20 p.m. ET on Wednesday, Oct. 4.
The WEA portion of the test will be directed to all consumer cell phones. This will be the third nationwide test, but the second test to all cellular devices. The test message will display in either English or in Spanish, depending on the language settings of the wireless handset.
The EAS portion of the test will be sent to radios and televisions. This will be the seventh nationwide EAS test.”
If you don’t want to be alerted, you can turn off your phone. But don’t panic, that large noise you’ll be hearing is merely a test.
-
Microsoft Backup triggers help-desk calls and confusion
ISSUE 20.40 • 2023-10-02 ON SECURITY
By Susan Bradley
I applaud Microsoft for admitting that we all need to back up our computers and workstations, or at least have a recovery plan of some sort.
But Microsoft’s recent backup implementation, its suddenly appearing Microsoft Backup app, is not well thought out and is a one-size-fits-all solution — that doesn’t fit well at all.
Here’s the backstory. The new Backup app is available for both Windows 10 and 11. That’s a surprise, because we’ve been put on notice that Windows 10 22H2 is the final release, with only security updates coming our way until October 2025.
Read the full story in our Plus Newsletter (20.40.0, 2023-10-02).
This story also appears in our public Newsletter. -
Wait for the bugs to be worked out
Lately no matter what the vendor, it pays to not be first.
Case in point, today Apple acknowledged that there is a bug in their latest OS 17 combined with iPhone 15 to cause it to run hot.
The issue will be fixed in an upcoming patch.
Over the next several weeks you’ll see stories and hype about Windows 11 23H2 and Copilot for Windows which is being slid into the October security updates. But don’t worry, we got your back. Rest assured you can defer and block whatever you don’t like that Microsoft is slinging your way. Already there is a KB tracking the known issues in Copilot.
Bottom line, good things come to those who wait, or in our case, block what we don’t want.
For the Copilot in Windows preview, we have identified the following: - Narrator does not work as you expect with challenge–response tests, such as Captcha.
- Narrator fails to correctly state the name of the “remove an image” button. It also fails to say the name of the dialog or buttons for a skill.
- When you are in the chat input box, pressing Tab does not change the keyboard focus. If you add an image to the chat input box, Narrator does not announce the addition.
We are working on a resolution and will provide an update in an upcoming release. The color font format for COLRv1 does not render properly. This format enables Windows to display emoji with a 3D-like appearance. We are working on a resolution and will provide an update in an upcoming release. -
MS-DEFCON 4: Is Windows 11 really a disaster?
ISSUE 20.39.1 • 2023-09-26 By Susan Bradley
Every month, I read headlines claiming that the latest patches for Windows 11 22H2 are causing major issues and impacting gazillions of users.
Every month, I also note that the deployments of Windows 11 in my home and office are well behaved. Some of that is surely the result of my tender ministrations, such as using an alternate menu system. But for the rest, Windows 11 is not some sort of monster stomping through neighborhoods and ruining lives.
I consider the current updates safe, so I’m lowering the MS-DEFCON level to 4.
Anyone can read the full MS-DEFCON Alert (20.39.1, 2023-09-26).
-
Locked out of your refurbished computer?
ON SECURITY
By Susan Bradley
Corporate “leftovers” may impact your new computer.
All of us want to purchase a good deal. Often I will look for refurbished computers, many of them systems coming off corporate leases, because they are an excellent value. Many times, they are less than three years old and support Windows 11. Some even come with Windows 11.
Most of these systems have been reset to factory defaults, so the configuration process is basically the same OOBE you would get with a new PC. You start the boot process, set it up with either a Microsoft account or a local account with the no@thankyou.com email trick, and off you go. You’re happy: you have a well-built computer that is cheaper than anything you’d purchase elsewhere.
Read the full story in our Plus Newsletter (20.39.0, 2023-09-25).
-
What happened to the manual?
The other day at the office AT&T insisted that we needed to upgrade our Fiber connection to a faster connection. Upon installing the new fiber connection I was left with a BGW 320 500 unit with no manual. Instead there was a QR code guiding you to download an app on the phone.
Mind you this is at the office where the intent is that this will be the backup Internet to the office, so as a result I need the necessary static IP address. While I could connect to the Internet simply by attaching to the unit’s wifi and doing a whatismyip look up, that didn’t give me the necessary information for the five IP addresses. When I reached out to the vendor, they provided me with an IP address that didn’t make sense with the IP address I was getting when connecting via wifi.
I was expecting to be given an IP address in the range of the IP address I was getting when I logged into wifi, but the address they gave me was totally different and didn’t make sense that the static IP they gave me would work given the IP address I was getting from merely connecting to the unit via wifi. Turns out this is I guess you could call it a hybrid unit. As I was told by a friend, “You can connect a device to the modem and it can dole out a dynamic IP from AT&T. But you can also connect a device using the static range they assign you – for example your own router or firewall appliance. You CAN set up your desktop/laptop with one of those usable addresses that they provided to me . You may need to reboot your router if you plug in and get a dynamic address – and then need to switch to your static IP address. NOTE: The dynamic IPs do NOT route to the static subnet.”
Learned something new about fiber equipment. But what kills me is that I’m having to google to find guidance and a manual. Why is good documentation so hard to get these days? Do you find your ISP doesn’t provide good documentation for the equipment they provide?
-
Apple zero days out – September 2023
Apple has fixes for zero days that have been under attack. It appears most are triggered by a specially crafted web content.
- CVE-2023-41991 – A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.
- CVE-2023-41992 – A security flaw in Kernel that could allow a local attacker to elevate their privileges.
- CVE-2023-41993 – A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content.
📱 iOS and iPadOS 17.0.1 – 3 bugs fixed
📱 iOS and iPadOS 16.7 – 3 bugs fixed
⌚ watchOS 9.6.3 – 2 bugs fixed
⌚ watchOS 10.0.1 – 2 bugs fixed
💻 macOS Ventura 13.6 – 3 bugs fixed
💻 macOS Monterey 12.7 – 1 bug fixedMind you iOS 17 *just* came out the other day.
These security vulnerabilities have been seen in attacks in the wild.
-
Zeroing in on zero days
PATCH WATCH
By Susan Bradley
September’s updates are out, with several zero days and several interesting vulnerabilities.
The good news is that for consumers and home users, many of these are unique to a business network and won’t be seen in a home network.
What will be seen this month is that the update installation and reboot process will take longer. I’m not sure what is triggering the slowness, but note that this month’s updates also include .NET updates. Patience.
Read the full story in our Plus Newsletter (20.38.0, 2023-09-18).
-
Got a Windows configuration update?
Did you receive a Windows configuration update that demanded a reboot?
I got it at the office where my patches are normally controlled and I’m not 100% sure what the “configuration” was updating.
I believe – but I’m not sure – it was a Moments release as the update history points to this page.
If so, it really was not a great experience. No notification, just an alert I needed to reboot and not a great deal of information about exactly what was installed. Furthermore in my LONG experience with Windows, machines do weird things if patches are installed and machines are not rebooted so I really don’t like to see machines with pending updates.
So did you receive this as well on your Windows 11 22H2? Let me know in the comments. Needless to say I’ll be investigating as to why Microsoft handled this like this.
-
Master Patch List for September 12, 2023
I’ve updated the Master Patch list for the September updates. Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.The updates are taking longer than normal to install. Many are reporting this, but it doesn’t mean anything bad is happening to your machine.
Consumer tip: If you are on Windows 11 and have any sort of third party menu or file explorer program, ensure that it’s up to date. If the start menu won’t launch be prepared to remove it. While I haven’t seen issues in my testing, it’s still too soon to be installing updates.
I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.
- Windows 11 22H2: Recommended
- Windows 11 21H2: Will be recommended these get updated to 22H2 at the end of the month.
- Windows 10 22H2: Recommended
- Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.
As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.
-
September patches, Apple headlines and Browsers!
Lots of headlines today. Today is the day they hold their event to announce new product releases. Rumor has it that iPhone 15 will be announced.Next up is our usual release of security patches from Microsoft. Remember today is the day that I start testing, and the rest of you hold back. We have adventurous souls on the site that also test and report back (and for that thank you!) . In early review we have for Windows 11 in addition to security patches additional “enhancements” (annoyances?) such as “new hover behavior for the search box gleam, fixes an issue that impacts the search box size. It also “This update removes a blank menu item from the Sticky Keys menu. This issue occurs after you install KB5029351.”
Remember for businesses, you need to be aware of the full enforcement phase for updates that impact Kerberos protocol changes. Before you install updates this month ensure you have reviewed your Domain controller event logs looking for Event 43 with the text “The Key Distribution Center (KDC) encountered a ticket that it could not validate the
full PAC Signature. See https://go.microsoft.com/fwlink/?linkid=2210019 to learn more. Client : <realm>/<Name>” in the System law.Finally and in my mind, more importantly as an action item that I DO want you to do, is to launch each browser you have on any device and review that it’s up to date. Chrome has a zero day out and just released a fix for it. Firefox is out with 117.0.1 today. So regardless if you patch your operating system – whether that’s Windows, Mac, or various flavors of Linux, DO launch your browser, to into the settings and then about to make it ‘kick’ a self update. Make sure you do this on all browsers today.
As a reminder I’ll be watching for bugs and side effects and will call them out on the Master Patch List page.
-
The death of a hard drive
ON SECURITY
By Susan Bradley
I got a call. “Susan? Can you help me with my laptop? It won’t boot up, and it’s making a weird noise.”
“Sure,” I said to the friend on the other end of the phone call.
But when my friend brought the laptop and I turned it on, I went from feeling certain I would tame the tech (after all, it’s me) to knowing it wasn’t looking good and that I might not be able to help after all.
Read the full story in our Plus Newsletter (20.37.0, 2023-09-11).