Newsletter Archives

• Should all BIOS be updated?

  Posted on February 27, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  This is a follow-up to my Patch Watch column on Monday. Should you update all computer systems and search out a new BIOS? In a word: No.

  If you are running Windows 10 on an older computer that will not support Windows 11 or you do not plan to upgrade to Windows 11, and your computer is running just fine, I see no reason to upgrade the BIOS.  My advice to seek out and upgrade your BIOS is only for those running Windows 11 23H2 who will be looking to go to 24H2 or are already there.

  Updating your BIOS isn’t quite as scary as it used to be, but when you have a functional system that you do not plan on upgrading, I don’t see a reason to. Do you?

  Windows Patches/Security Patch Lady Posts, Windows 10, Windows 11, Windows 11 24H2, Windows patches

• Still not fixed

  Posted on February 26, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  Windows 10 KB5052077, the preview update, was released on Tuesday. I do not recommend installing preview updates because as far as I’m concerned, they are for testing purposes. If you’ve selected Get the latest updates as soon as they are available in Settings, then you will be offered up/pushed these updates. Ensure that setting is Off in your Windows update settings.

  Next, be aware that the error spotted back in January is still there:

  The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025 or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935.”

  This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear as a dialog box or notification.

  I’ve seen some folks attribute all sorts of weird things to this event log bug. Be aware that this is a cosmetic bug. If you are experiencing any rebooting/freezing or general weirdness on your Windows 10 PC and think this event log item is the culprit, it is not.

  Windows 10 KB5052077, Patch Lady Posts, Windows, Windows 10

• MS-DEFCON 4: Beware of clickbait

  Posted on February 25, 2025 at 02:45 CST by Susan Bradley • Comment in the Forums

  

  ISSUE 22.08.1 • 2025-02-25

  

  By Susan Bradley

  Don’t be taken in by ‘The sky is falling!’ headlines.

  It’s been my experience that what is purported to be news is often based on a limited number of users, not everyone on the planet. Based on my own research and testing, I’m comfortable in lowering the MS-DEFCON level to 4.

  As a small case study, consider that Will Fastie and I each have several Windows 11 PCs. During the month, we compare and contrast the news with what we are seeing on our own equipment. For the most part, we don’t see the effects described by those headlines.

  Anyone can read the full MS-DEFCON Alert (22.08.1, 2025-02-25).

  AskWoody Plus Alert, MS-DEFCON Alerts, CVE-2025-21420, HP printer, KB5014754, KB5050021, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts, USB Audio, Windows 11 24H2

• Patching embedded code

  Posted on February 24, 2025 at 02:45 CST by Susan Bradley • Comment in the Forums

  

  ISSUE 22.08 • 2025-02-24

  PATCH WATCH

  

  By Susan Bradley

  I’m here to state that patching firmware is easy.

  Easy, that is, if you can get over a big hurdle — knowing what device you have and where to find the proper firmware update.

  If you have a home-built or custom-built computer, often the hardest part is remembering which motherboard and accessory cards were installed. Then something turns out to be not quite right, and you’re in a pickle.

  Read the full story in our Plus Newsletter (22.08.0, 2025-02-24).
  This story also appears in our public Newsletter.

  Patch Watch BIOS, Drivers, Firmware, Firmware Update, Newsletters, Patch Lady Posts, Printers, Surface firmware update, System Information Viewer

• Encryption isn’t wise

  Posted on February 21, 2025 at 08:00 CST by Susan Bradley • Comment in the Forums
  

  View of password protected file

  Before you think I’m about to say encryption in all cases isn’t wise, no, I’m not going to say that. But I will say there are times that encryption is a very bad idea if you’ve made no plans for someone else to know or how to handle getting back into a “thing” that is encrypted.

  I can’t tell you how many times I’ve been asked how to remove an encryption password from an Excel file that someone used to store their passwords. The person may be ill or passed away, and their loved ones will be scrambling to get into various accounts. While there is software that can easily get into a QuickBooks file by removing the password and requiring you to reset it, for Excel it’s a slow, brute-force process to figure out what the password is. The best you can hope for is that there will be a favorite phrase on a sticky note somewhere. Otherwise, you may (probably will) be stuck trying to get into the accounts and recover access.

  I am a fan of encryption when used responsibly. But when someone uses encryption and doesn’t plan on recovery, it can lead to a world of hurt. None of us will live forever. My dad is 96 and working on that, but he still makes sure I know how to get into his accounts or makes me an additional user on them.

  It’s okay to write passwords down, hopefully in a safe place. It’s not okay to protect them so well that your loved ones can’t access them when they need to.

  Security Passwords, Patch Lady Posts, Security

• Passkeys in Turbo Tax?

  Posted on February 20, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  I hit this last night logging into QuickBooks online, but you may also see it when logging into TurboTax on a system that supports passkeys.

  A passkey is a modern authentication method designed to replace traditional passwords, offering enhanced security and user convenience for accessing online accounts and applications. Unlike passwords, which are user-generated and vulnerable to various attacks, passkeys are automatically generated using public-key cryptography. It’s tied to that PC. So even though I set up a passkey for this computer, it doesn’t mean that I am mandated to use a passkey on all computers. If I logged into a PC that didn’t support passkey technology, it would require my two-factor authentication to log in. Intuit may have supported this before, but this was the first time it popped up — encouraging me to use it.

  The main thing is that passkeys are phishing resistant.

  Are they immune to attacks?  Nothing is immune. Given enough time, energy, computing power, and especially adversary-in-the-middle attacks, the latter being when the attacker manipulates login in forms to expose alternative, weaker logins or device compromises in which the private key could be exposed. But it does mean that the attacker will be encouraged to go down the street and attack your neighbor. Ultimately, that’s our goal — to make it just a little bit harder so that the attacker will find the weak link elsewhere.

  Security Multifactor Authentication, Passkeys, Patch Lady Posts

• Finding cheap Office

  Posted on February 19, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  Not a day goes by that I don’t see one of these offers.  Get Office for cheap.  No subscription. Folks, I know this is really hard to hear — but there is no cheap Office.  Anything you get that touts itself as cheap, or below the normal retail price tag of Office, is a scam. Typically, these types of offers are tied to volume license keys or Microsoft 365 Education keys.

  The same goes for Adobe products on the cheap or without a subscription, such as a listing for “Adobe 2020” on eBay. Trust me on this one — don’t get it. It will fight you on Windows 11 tooth and nail and will not want to be your default PDF editor.  Yes, I know it’s expensive to get the real thing.

  Bottom line: if you are in business and need the Microsoft tools, there is no cheap way to get them.  Any cheap offering is a rip off and a scam.  Don’t fall for it.

  I also don’t suggest Windows 10 (or 11) LTSC — it’s not available to the masses. It’s a specialized operating system offered in the volume licensing channel. If you see it on eBay, it’s not a legit license. Beware.

  And to vendors out there? We don’t like subscriptions.  We get that you like the reliability of recurring revenue, but your customers do not feel the value in your “capex versus opex” argument.  We don’t want Outlook (new) unless you make it comparable to Outlook (classic). We don’t want Copilot getting in the way of our letter writing.  When we want AI, we will use it. So if we’re going to have to put up with these subscriptions, how about you pay attention to what we want?

  Office Patch Lady Posts

• February — Same number of patches, fewer bugs

  Posted on February 17, 2025 at 02:43 CST by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  This month we have a more “normal” patch release of 57 vulnerabilities.

  Although that’s a “woo-hoo” for the security researchers, you and I will still see the same old security updates being offered. That is, we will see a Windows security update.

  What also hasn’t changed is my stance toward Windows 11 24H2. If you buy a computer with it, stay there. If you are already on it and see no issues, stay there. But if you haven’t yet installed the 24H2 feature release on your existing Windows 11 23H2 machine, I still recommend holding back, especially for businesses. For consumers, the risk is less — as long as you are not a gamer.

  Read the full story in our Plus Newsletter (22.07.0, 2025-02-17).

  Patch Watch Apple updates, CVE-2025-21194, CVE-2025-21376, CVE-2025-21387, CVE-2025-21391, CVE-2025-24200, KB890830, Netlogon, Newsletters, Outlook (new), Patch Lady Posts, System Guard, Windows 11 24H2

• Updating your Surface

  Posted on February 14, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  I have several Surface devices (Surfii?) because they are one of the best traveling devices, especially if they have cellular built in and you don’t want to mess with hotel Wi-Fi, VPNs, and other roaming annoyances. But sometimes, their patching behavior is confusing. Case in point: the recent CVE-2025-21194 that patches a unique “Microsoft Surface Security Feature Bypass Vulnerability.” The theory is that it’s related to an IPv6 PixieFail vulnerability.

  As I’m reading it, I should be expecting a Surface firmware update. But as of this moment, no such release has been posted. An update was released in January, but nothing in February. The good news is that it will come down automatically via Windows update. The bad news is I’m not sure whether it’s been received already.

  When it comes to Surfaces, firmware updates do not appear to have any set release schedule. Mind you that’s true for any firmware release. When I’ve decided to move to a Windows feature release, I tend to review whether I’m missing a firmware update, especially if the Windows release is a major one. So, I’ll be reviewing the firmware status of my devices once I decide to move to 24H2. I will remind you to do likewise when it’s time.

  Surface CVE-2025-21194, Patch Lady Posts

• Business Windows 10 ESU offering

  Posted on February 13, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  The other day, Microsoft announced more details about the Windows 10 ESU offering for business. It noted that “Extended Security Updates for Windows 10 can be purchased today through the Microsoft Volume Licensing Program, at $61 USD per device for Year One. “

  Ugh. The Volume Licensing (VL) program is one of Microsoft’s clunkier purchasing processes.  Although you can purchase a Windows 10 ESU in quantities as low as one, that doesn’t mean you can easily find a vendor willing to sell singletons if you are not an existing customer. In the past, I once used SoftwareOne to purchase small quantities.  I’ll reach out to see if it is still willing to do so.

  But be prepared to be patient. The last time I signed up for a new VL contract, it involved a bunch of electronic forms, after which I logged into a Microsoft 365 portal to download product keys (or whatever they will supply this time to activate the ESU). For consumers, Microsoft has not yet opened up a process to purchase the extended license. I’ll report once that happens.

  Windows 10 Patch Lady Posts, Windows 10 ESU

• Master patch listing for February 2025

  Posted on February 12, 2025 at 05:01 CST by Susan Bradley • Comment in the Forums

  I’ve updated the master patch list here.  Please note I am not recommending installing updates at this time, we are just testing and reporting.

  February’s release of vulnerabilities has been more tame and in addition to the normal Windows updates for each supported platform there is only a .NET 8 and 9 security updates being released.  No plethora of .NETs to have to install. In addition we’re still scratching our heads a bit about the behavior in New Outlook and Windows 10.  While it’s not taking over Classic Outlook for sure, the registry key that we followed via Microsoft’s guidance appears to be removed. We’ll let you know as we investigate more.

  As always, thank you all for supporting the cause! Remember we use the “name your price” model where you can choose how much you will pay for a membership. Plus membership gives you full access, And if you donate $50 or more, you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  More details about these updates in Monday’s newsletter.  You are missing out if you don’t sign up. All content is human made with our own blood, sweat, tears, fingers, and brain power — and it’s 100% AI free.  Therefore, if I’ve fat fingered any KB numbers or if you have any questions, as always post in the forums and I’ll follow up!

  Windows Security Master Patch List, Patch Lady Posts

• February 2025 updates are upon us

  Posted on February 11, 2025 at 12:10 CST by Susan Bradley • Comment in the Forums

  Nine months and counting befor the end of support (but not end of using) Windows 10. We also have a zero day that Apple released yesterday. The updates include the following:

  iOS 18.3.1 fixing a zero day CVE-2025-24200 used in extremely sophisticated attacks. So if you’ve seen headlines about massive risk, actually no, only if you are a CEO or someone high up in an organization.

  For Windows 10 22H2, it’s KB5051974 – note the event ID issue with the System Guard runtime monitor service is not fixed with this release.

  Windows 11 24H2 – KB5051987 – which I’m still not recommending 24H2 unless you’ve bought a machine with it or you’ve already upgraded and see no issues – has been released.

  For Windows 11 23H2 look for KB5051989. Remember at this time we are in test mode only.

  Microsoft indicates that the February updates include a fix for the following:

  After installing the January 2025 Windows security update released January 14, 2025 (the Originating KBs listed above), you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback.

  Windows Patches/Security CVE-2025-24200, Patch Lady Posts
• « Older Entries

  Newer Entries »