|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
February 2025 updates are upon us
Nine months and counting befor the end of support (but not end of using) Windows 10. We also have a zero day that Apple released yesterday. The updates include the following:iOS 18.3.1 fixing a zero day CVE-2025-24200 used in extremely sophisticated attacks. So if you’ve seen headlines about massive risk, actually no, only if you are a CEO or someone high up in an organization.
For Windows 10 22H2, it’s KB5051974 – note the event ID issue with the System Guard runtime monitor service is not fixed with this release.
Windows 11 24H2 – KB5051987 – which I’m still not recommending 24H2 unless you’ve bought a machine with it or you’ve already upgraded and see no issues – has been released.
For Windows 11 23H2 look for KB5051989. Remember at this time we are in test mode only.
Microsoft indicates that the February updates include a fix for the following:
After installing the January 2025 Windows security update released January 14, 2025 (the Originating KBs listed above), you might experience issues with USB audio devices. You are more likely to experience this issue if you are using a USB 1.0 audio driver based DAC (Digital to Analog converter) in your audio setup. This issue might cause USB audio devices to stop working, preventing audio playback.
-
Why is software security so hard?
ON SECURITY
By Susan Bradley
I’ve had discussions with developers about how and why software bugs get introduced into software.
Most of the time, it’s because humans write the code, and then we humans use the code, often doing things that the software developer just didn’t think we’d do. But then there are those bonehead decisions that developers have made along the way — because someone decided it was faster or easier to do something that later proved to be a problem, rather than taking the time to do it right in the first place.
Read the full story in our Plus Newsletter (22.06.0, 2025-02-10).
-
MS-DEFCON 1: Controlling features — 24H2 pushed hard
ISSUE 22.05.1 • 2025-02-06 
By Susan Bradley
If your machine is eligible for Windows 11 — meaning it ticks all the boxes for hardware compatibility — Windows 11 24H2 will download in preparation for installation, with no way to stop it.
For right now, the only way to prevent this is to adjust Registry keys accordingly, and the simplest, fastest way to do so is with InControl.
Although it’s time to pause until Patch Tuesday passes, the increased push by Microsoft for 24H2 is the key reason I’m raising the MS-DEFCON level to 1. Pay attention, and exercise caution.
Anyone can read the full MS-DEFCON Alert (22.05.1, 2025-02-06).
-
SLAP and FLOP – should we be concerned?
You may have seen the news that Apple devices are subject to vulnerabilities that could potentially (note that word!) allow an attacker to see the content of your Web browsing when using Safari or Chrome.
Let’s interpret the statement, shall we?
If an attacker can inject malformed data into these processes, then it can read memory content that shouldn’t be accessible …
Translation: If a bad guy can trick you into going to their malicious website, and:
The researchers say there is no evidence that either vulnerability has yet been exploited in the wild…
The attack sequence also would entail the following:
“FLOP requires a target to be logged in to a site such as Gmail or iCloud in one tab and the attacker site in another for a duration of five to ten minutes. When the target uses Safari, FLOP sends the browser “training data” in the form of JavaScript to determine the computations needed. With those computations in hand, the attacker can then run code reserved for one data structure on another data structure. The result is a means to read chosen 64-bit addresses.”
I don’t see this as a huge threat. I have never seen these side-channel attacks done at the consumer level. Targeted nation state? Maybe. You and me? No. If you really are concerned, just make it a point to swipe up and close your applications and tabs. It’s wise to shut down the apps every now and then anyway — and rebooting your phone will not close apps.
So don’t panic. It’s just a research whitepaper.
-
Our blog
FROM THE PUBLISHER
By Susan Bradley
Did you know that our blog, also known as the AskWoody home page, contains regular posts that are not part of our newsletter?
Maybe not. Although our annual survey of Plus members is not yet complete, we know that only 40% of our readers are aware of this. We were quite surprised by that result.
Read the full story in our Plus Newsletter (22.05.0, 2025-02-03).
This story also appears in our public Newsletter. -
Protecting your identification
ON SECURITY
By Susan Bradley
There is some sort of unique code in every country and jurisdiction, usually a number, that identifies you to the government — especially for tax purposes.
In the United States, it’s our Social Security number (SSN). But no matter where you live, protecting that ID is critically important. I’ll discuss that here in the context of the US, but the same caution applies similarly everywhere.
Read the full story in our Plus Newsletter (22.05.0, 2025-02-03).
-
Previews are previews
If you have set your machine to Get the latest updates when they are available in the Windows update settings, congratulations on being a beta tester. These updates are the preview updates of the nonsecurity changes that Microsoft releases in the “D” week, better known as the fourth week of the month. They will be included in the security releases installed next month.Given my reluctance to be on the cutting/bleeding edge when it comes to my production machines, and not be an unpaid beta tester, I do not recommend this setting unless you like being a beta tester.
Microsoft has released the preview update for Windows 10 (KB5050081) and it includes “New! You now have the new Outlook for Windows app. A new app icon appears in the Apps section on the Start menu, near classic Outlook. There are no changes to any settings or defaults. If you are an IT admin, learn how to manage this update at Control the installation and use of new Outlook.”
For Windows 11, KB5050094 has been released including some gradual rollout items and some regular rollout items.
I do not recommend preview updates on machines unless you are in a beta-testing frame of mind.
-
We now have AI in our forums!
AI-generated image of a computer chip
We’ve added a new section in our forums for the topic Artificial Intelligence. But don’t worry — we haven’t added AI software to run our forum software, like nearly everyone else on the planet. We just want to provide a place to discuss its use — or reasons why we shouldn’t use it — in our welcoming community.
Let me note that this new forum section is separate from other sections devoted to specific vendors. This will be a general-purpose section.
I think there is a time and place to use artificial intelligence. For the moment, it’s showing up everywhere and seems like snake oil.
The most annoying AI-related thing I’ve seen so far is Copilot in Word. It now makes its presence prominently known and interferes with what you really want to do — work on a document. Maybe it will be helpful in the future, but right now my suggestion is to disable it or download a Classic version of 365.
-
MS-DEFCON 4: Microsoft begins a strong push for 24H2
ISSUE 22.04.1 • 2025-01-28 
By Susan Bradley
Last week, Microsoft announced that Windows 11 24H2 is now “broadly available.”
This notice was contained in the Microsoft Learn post Windows 11, version 24H2 known issues and notifications.
Except for my continuing recommendation not to install 24H2, I’m lowering the MS-DEFCON level to 4. There are some problems, but they are manageable. Go ahead and patch.
Microsoft’s language in the Learn post was more direct than usual and included Windows 10 in the mix.
Anyone can read the full MS-DEFCON Alert (22.04.1, 2025-01-28).
-
Understanding CVE
PATCH WATCH
By Susan Bradley
Vendors track issues using the Common Vulnerabilities and Exposures (CVE) database.
Maintenance of the database is handled by the MITRE Corporation under the sponsorship of the Cybersecurity and Infrastructure Security Agency (CISA), part of the US Department of Homeland Security. It has been operating since 1999. In 2021, MITRE launched a new website with the domain cve.org and with new features and capabilities.
Read the full story in our Plus Newsletter (22.04.0, 2025-01-27).
-
When is a good time to replace?
My sister has a guideline — never replace a device before you’ve paid it off. The phone companies will gladly let you trade in your phone for a new phone even if you haven’t fully paid off the old phone. But when should you replace a device?There are a few hard and fast rules:
- When the vendor stops supporting it or giving you updates, it’s time to seriously consider replacing it. Devices are app-driven and thus app vendors are bound by the restrictions the phone and device vendors put in place. Often older apps will no longer work. Not just unsupported, but flat out won’t work.
- When the device’s storage space is getting too full. If an iPhone’s free space gets too tight, updates won’t install. Patching devices that don’t have enough free space is a real hassle (ask me how I know).
- When the device can no longer hold a charge. For this you can opt for third-party solutions, available at local firms in the battery business.
- When it won’t support the application you are trying to download. This is typically related to number 1.
For me, the most common reason is power. Batteries tend to go bad before the support for the operating system lapses.
-
Clean installs for 24H2?
Microsoft’s notice regarding 24H2
On Tuesday, Microsoft announced that eligible devices on both Windows 10 and 11 will be offered the 24H2 release. As you know, I’m still not recommending 24H2 and do not expect to do so until after April. Just another reminder: you can use InControl to keep your computer on Windows 11 23H2 or Windows 10 22H2.
I chatted with my local computer firm, which says it is getting the best results when doing a clean install of 24H2. Ick. I’m not willing to do that, especially not going into busy season.
Remember that the 24H2 release is a full install — not an incremental one — so it’s back to creating a Windows.old folder and swapping out the operating system. 24H2 is not ready for prime time.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Add serial device in Windows 11
by 6 hours, 38 minutes ago
-
Windows 11 users reportedly losing data due forced BitLocker encryption
by 7 hours, 38 minutes ago
-
Cached credentials is not a new bug
by 11 hours, 12 minutes ago
-
Win11 24H4 Slow!
by 11 hours, 23 minutes ago
-
Microsoft hiking XBox prices starting today due to Trump’s tariffs
by 8 hours, 34 minutes ago
-
Asus adds “movement sensor” to their Graphics cards
by 13 hours, 33 minutes ago
-
‘Minority Report’ coming to NYC
by 9 hours, 53 minutes ago
-
Apple notifies new victims of spyware attacks across the world
by 22 hours, 15 minutes ago
-
Tracking content block list GONE in Firefox 138
by 21 hours, 39 minutes ago
-
How do I migrate Password Managers
by 5 hours, 29 minutes ago
-
Orb : how fast is my Internet connection
by 7 hours, 18 minutes ago
-
Solid color background slows Windows 7 login
by 1 day, 9 hours ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 1 day, 8 hours ago
-
Security fixes for Firefox
by 8 hours, 53 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 1 day, 20 hours ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 2 days, 5 hours ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 1 day, 20 hours ago
-
Return of the brain dead FF sidebar
by 1 day, 7 hours ago
-
Windows Settings Managed by your Organization
by 10 hours, 57 minutes ago
-
Securing Laptop for Trustee Administrattor
by 7 hours, 22 minutes ago
-
The local account tax
by 1 day, 9 hours ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 2 days, 18 hours ago
-
Digital TV Antenna Recommendation
by 2 days, 11 hours ago
-
Server 2019 Domain Controllers broken by updates
by 3 days, 6 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 3 days, 8 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 3 days, 11 hours ago
-
Outlook (NEW) Getting really Pushy
by 2 days, 13 hours ago
-
Steps to take before updating to 24H2
by 11 hours, 49 minutes ago
-
Which Web browser is the most secure for 2025?
by 2 days, 18 hours ago
-
Replacing Skype
by 2 days, 6 hours ago
Remembering Woody
