Newsletter Archives

• MS-DEFCON 2: September – here we go again

  Posted on September 9th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.35.1 • 2021-09-09 By Susan Bradley It’s time to start getting ready for Windows 11. The countdown is on to the release of Windows 11 on October 5, and it’s the time of the month when I urge you to take actions to ensure you are ready to install updates when you want to. The security updates this month begin the process of introducing group policy settings to control Windows 11, as well as Intune policy settings. But never fear — we will provide you all the information you need to either avoid or embrace Windows 11, as you see fit. Consumer and home users First, and as I always recommend when we get close to the second Tuesday of the month (now infamously known as Patch Tuesday), make sure that your backup is working properly. Open whatever backup software you use, and review the log of recent actions to confirm that the backup is running and backing up as it should. At a minimum, browse your backup location to see whether the file dates in that location are recent. Next, decide what type of patcher you are. If you have spare machines and know you have a solid backup, you could actually be in the patcher category “Extreme” — because you let Windows install updates on its own terms and you simply review for side effects afterward. There are quite a few AskWoody Plus members who do exactly this, because they know that a good backup allows them to recover from updates, just as it protects them from ransomware. The next patcher category is “Deferral.” Go into Start, Settings, Update &  Security, Advanced options and choose September 28 as your deferral date, the date when you allow Windows to do its thing. Next? “Cautious.” For this group, I recommend the use of WUMgr to control updates. You can review how to use this tool in the forums. Business users I predict that I’ll be urging business patchers to install updates no later than September 21, 2021. For now, I don’t anticipate that Microsoft will be providing solutions to the mess that they introduced with the PrintNightmare patches, so we’re still going to have to deal with the fallout and side effects of the August updates. I’ll be recapping these known issues in the September 13 AskWoody Plus newsletter. We’re soon going to be adding the ability to get text alerts sent to you when the AskWoody MS-DEFCON level changes. You can follow the alert account on Twitter now, but soon you can sign up for text alerts as well. You’ll need to be an AskWoody Plus member in order to receive texts to your phone when we send out alerts; look for more information soon. Read the full story in the AskWoody Plus Alert 18.34.1 (2021-09-09).

  AskWoody Plus Alert, Patch Watch AskWoody Plus Newsletter, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts

• Beta testing – want to get text alerts when the MS-DEFCON changes?

  Posted on August 27th, 2021 at 14:38 Susan Bradley Comment on the AskWoody Lounge

  Update at 8:39 am. pacific 8-28 – all slots gone – I’ll let you know when the service opens up after beta testing is over.

  I’m doing a VERY small beta test and asking for 20 of the Askwoody forum folks if they want to sign up for a beta of the AskWoody MS-DEFCON texting service.

  As you know when we declare that it’s all clear to install updates, we change the status on the site and we email you the alerts if you are a plus member.  But several of you have asked for a more direct notification.

  Currently there are two ways to be alerted.  The first is utilizing twitter to get a notice on your phone or twitter page when the site changes status.

  Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. They will look like this:

  

  The second way is currently in beta testing:

  Cell phone notifications via text:  Stay tuned. We are in the process of beta testing a service that will text you when the status changes.  There will be a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the texting service and server hosting needed to send out the alerts.

  Here’s my request:  I need 20 volunteers/beta testers to test out the sign up process and then test out the alerts when they go out.  The requirement is that you MUST already be an AskWoody Plus member.  If you’d like to participate email me (sb@askwoody.com) an email with the subject line of BETA and I will email you back the instructions and coupon so you can have the service for a year.  Once these twenty slots are filled, I’ll update this post to let you know that they’ve been filled up.

  I’ll then need those of you who sign up to let me know if the process of signing up worked for you and then of course when we change the alerts status on the site if the notification got to you okay.

  For everyone else, I’ll let you know when the site and service goes fully live! Right now I anticipate the end of September for my go-live goal.

  Thank you in advance for your help!

  AskWoody Plus Alert Patch Lady Posts

• MS-DEFCON 4: All clear for consumers, less so for businesses

  Posted on August 25th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.32.1 • 2021-08-25 By Susan Bradley This month has been a bit bumpy for business users needing to print. This month’s change to a technology called “Point and Print” has triggered side effects for information technology professionals who deployed workstations without administrator rights. Although I’m reluctantly recommending installing these updates, because you need to be protected from all the other vulnerabilities this month, I must acknowledge that even after you patch, you still won’t be protected from printer vulnerabilities. There is yet another Print Spooler issue out there. Right now, the only way you can protect yourself from the remote Print Spooler attack described by CVE-2021-36958 is to keep your Print Spooler service disabled unless it is absolutely needed. Consumer and home users Install the August updates. In a change to my past update recommendations regarding .NET, I now recommend installing the .NET updates as well. For the last year, I’ve not experienced any side effects with the nonsecurity .NET updates and feel confident about their safety. I’ve also not been tracking any side effects with Chromebook 92 after its release on August 2. Unlike last month, there’s been no need to roll back this version. Business users For those of you in charge of business patching, there’s no good resolution for the side effects of the August updates, not to mention the risks of the unpatched Print Spooler vulnerability. If you deploy print drivers using group policy and your users do not have administrator rights, they are being prompted to install a printer-driver update even though the printer driver has not changed — the only thing that has occurred is that the patch was installed. You can deploy a registry key to HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint with the name RestrictDriverInstallationToAdministrators and a DWord value of 0, but unfortunately, this opens up your workstations to attack. It’s not a good solution. The root cause appears to be v3 versions of printer drivers. In the short term, I recommend several possible solutions. Temporarily allow administrator rights via group policy to allow your end users to install the updated print driver, and then revert them back to non administrator rights. Use the registry key workaround (above) that will allow printer drivers to be installed, with full knowledge that this opens your machine up to attack. Review the printer drivers you have installed and ensure that they are v4 and not earlier versions. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.32.1 (2021-08-25).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts

• MS-DEFCON 2: Get ready for battle stations

  Posted on August 6th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.29.1 • 2021-08-06 By Susan Bradley The annual security conference known as Black Hat is in the bag, and we are (well, I am) anxiously awaiting the next bugs that will rear their heads, based on the headlines that came out of the conference. Topics like Print Spooler bugs, Mac privacy bugs, and encryption platform attacks were just some of the headline topics that I expect to result in a new wave of patches — not just for Windows, but for almost every device. Consumer and home users In preparation for Patch Tuesday, I recommend that you take the usual actions to defer, pause, block, and just avoid updates for the operating system and Office apps. I suggest deferring until at least August 24. As always, we’ll keep an eye on side effects and issues. Remember, there are several ways to defer updates. The easiest way, in my opinion, is to click on Settings, Windows Update, Advanced Options, and then choose August 24 in the “Pause updates” section. When that clock runs out, updates will install automatically. Alternatively, use WuMgr to selectively install updates. Of course, as I always recommend, take the time to back up your system. Chromebooks should have been updated to 92.0.4515.130. It includes an improved version of Zoom as well as several other useful bug fixes. The Apple camp is still in beta testing mode on Monterey, and it’s anticipated that the release will be in September. In the meantime, you can keep up with the latest news on that beta in our forums. Business users What concerns me most is the “Microsoft Won’t-Fix-List (July 2021 Edition)” that a security researcher started in July of 2021 to document all the items that Microsoft hadn’t fixed by the end of July. Note that this list does not include all “won’t fix” items, just the ones that occurred during the month of July. I’m hoping that we see more of these issues fixed, especially those related to Print Spooler bugs. Those bugs keep me nervous about having the Print Spooler service enabled. I continue to recommend that you enable the Print Spooler service only on those computers and servers that absolutely need it for business operations. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.29.1 (2021-08-06).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, Patch Lady Posts, Patch Watch

• MS-DEFCON 4: July updates should be installed

  Posted on July 27th, 2021 at 01:00 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.28.1 • 2021-07-27 PATCH WATCH By Susan Bradley July patches have been well behaved. Consumer and home users If you’ve used the “pause updates” methodology, now is the time to install the July updates. I’ve not seen any major printing issues introduced with these July updates. However, I still recommend that you keep the Print Spooler service disabled. If you do print, consider turning the spooler off and then back on when you need it. Microsoft fixed the issue with the Print Nightmare bug, but another Print Spooler bug has yet to be fixed and is slated to be discussed at the annual security conference in Las Vegas, better known as the Black Hat Conference. For Office updates, open up any installed Office application, click on File, then on Account, then on Office Updates and choose to enable updates. Then click on Update Now to trigger the installation of the updates. Business users For business users, Microsoft has described only one side effect with printers and the July updates. Printers that rely on smart-card (PIV) authentication may fail to print after the installation of the July patches. This is not a widespread problem, and there is no reason to delay installation of the patches. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.28.1 (2021-07-27).

  AskWoody Plus Alert, Patch Watch AskWoody Alert, AskWoody Plus Newsletter, Patch Lady Posts

• MS-DEFCON 2: Print Nightmare causes printing nightmares

  Posted on July 7th, 2021 at 19:20 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.25.1 • 2021-07-07 PATCH WATCH By Susan Bradley Microsoft has released an emergency update for a Print Spooler vulnerability. Consumer and home users Microsoft has released an out of band update for a recent vulnerability that is being referred to as  “Print Nightmare.” Zebra Label printers have been impacted by this out-of-band patch. The only remedy is to uninstall the update. Because I don’t see active attacks on home users at this time, I recommend that you hold off installing this update. In fact, I’ll probably wait until the July updates come out next week before encouraging you to install any patches. Next week’s updates will include these fixes; there is no urgent need to install them right now. Business users For businesses with Active Directory, disable the print spooler service on your domain controllers. It only impacts “clean up jobs” for printing artifacts and I suggest keeping this service disabled going forward. Reports suggest that the patch does not fully provide all protections for networks, so it’s best to keep print spoolers disabled in the short term. More testing and evaluation is required. References AskWoody Master Patch List Read the full story in the AskWoody Plus Newsletter 18.25.1 (2021-07-07).

  AskWoody Plus Alert, Patch Watch AskWoody Plus Newsletter, MS-DEFCON 2, Patch Lady Posts

• MS-DEFCON 4: Get those June updates installed

  Posted on June 24th, 2021 at 02:50 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.23.1 • 2021-06-24 MS-DEFCON 4: Get those June updates installed By Susan Bradley It’s time to deal with “News and Interests.” Consumer and home users If you’ve been procrastinating with the June updates so you didn’t have to deal with the new “News and Interests” feature and its side effects, the time has come. Microsoft has released KB5003698 to fix issues with blurry images in 1909 for Enterprise. Windows 10 2004/20H2 and 21H1 received KB5003690 to fix the blurry text on the News and Interests button for some screen resolutions. KB5003690 also fixes a problem with search box graphics on the Windows taskbar, which occurs if you right-click the taskbar and turn off News and Interests. This graphics issue is especially visible when using dark mode. If it is a problem for you, install this optional update. There are other issues to work out, such as interactions with the desktop if you are using Classic Shell or other menu programs. AskWoody readers have noted cases in which sign in to customize the news selections did not work. If you have problems with the News and interests feature, try setting it to icons only instead of icons and text. For Office updates, open up any Office software application, click on File, Account, Office Updates, and enable updates. Then click on Update Now to trigger their installation. Business users This month’s releases showcase that timing is everything. If you apply updates to workstations before applying them to servers and then attempt to use remote event-log tools, you will find that you cannot access the event logs. As noted by Microsoft, affected apps are using certain legacy Event Logging APIs. Ensure that you apply the updates for both workstations and servers before attempting to use such software. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.23.1 (2021-06-24).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4

• MS-DEFCON 2: Defer Windows & Office updates to June 24

  Posted on June 4th, 2021 at 03:00 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.20.1 • 2021-06-04 By Susan Bradley Consumer and home users Hopefully, you’ve taken the time to get the May updates installed. Before next Tuesday, be sure you are comfortable with your methodology for deferring updates. For Windows updates, I’m still a fan of the method I call “pick the date.” Go to Settings, then to Update and Security; click on Advanced options, and select Pause updates. Then use the Select date drop-down to choose the date when you’d like updates to resume. I’m suggesting June 24. Note that the News and Interests notification will be fully enabled in your task bar this month. For Office updates, open up any Office application, click on File, Office Account, Office Updates; choose Disable Updates. You can resume updates later in the month. While you have Office updates disabled, avoid opening macro-enabled files as a defense against potential ransomware threats. Business users Ransomware has been a big topic in the news this month. While doing your patch testing, continue to educate your end users about the dangers posed by simple tasks done carelessly — opening emails, transferring files, clicking on links, etc. Greater danger requires greater vigilance. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.20.1 (2021-06-04).

  AskWoody Plus Alert, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Patch Watch

• MS-DEFCON 4: It’s quiet out there

  Posted on May 27th, 2021 at 01:00 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.19.1 • 2021-05-27

  

  By Susan Bradley

  This month has been relatively quiet with respect to patching side effects. It’s now time to install the May updates.

  Consumer and home users

  Most of the issues and complaints have not been about the May update. Instead, there has been dissatisfaction with a new feature called News and Interests. As this feature rolls out, more and more people are asking how to remove it. I have provided a registry update file that will automatically disable News and Interests. The only known side effect is audio issues in some machines; these can be bypassed by using stereo settings.

  More details will be provided in my upcoming Patch Watch article.

  Business users

  For small businesses that still have an on-premises Exchange email server, make sure you install this month’s Exchange patches, as described in KB 5003435.

  Note that some users reported issues if they had manually removed the new version of Edge, proving once again that Microsoft doesn’t test the edge cases (pun intended).

  Read the full story in the AskWoody Plus Alert 18.19.1 (2021-05-27).

  AskWoody Plus Alert, MS-DEFCON, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4

• MS-DEFCON 2: Pause on patching

  Posted on May 10th, 2021 at 12:00 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.17.1 • 2021-05-10 By Susan Bradley It’s time for both business users and consumer or home users to pause Windows updates. Accordingly, I’m changing the AskWoody MS-DEFCON level to 2. Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it. Consumer and home users If you are a home/consumer user, I recommend two actions to ensure you do not get inadvertent updates. First, select Start, Settings, Network & Internet, and then Wi-Fi or Ethernet (whichever connection you are using). Next, click Manage known networks; click on the network that you use, click Properties, and turn on Set as metered connection. This “tricks” the computer into thinking that your Internet connection is not unlimited (i.e., you might incur charges) and thus will download patches only after you approve the process. The second action is picking a deferral date after May 11, when Microsoft will push out the next Patch Tuesday security releases. Click on Start, Settings, Update & Security; then click on Advanced Options. Pick a date far enough in the future to give you comfort. I always wait at least a week, usually more. I’ll be re-evaluating the update situation closer to the end of the month, but for now choosing May 28 should be safe enough. For those of you with an Office click-to-run (CTR) edition, I strongly recommend that you change to the semiannual channel rather than the monthly one because it will keep you from the Autocomplete bug. Business users Coming this month in the May Security releases, Microsoft will be including a new “News and Interests” taskbar item featuring items of interest to your users. Remember, if you want to proactively block it, there are registry keys and group policy to control it. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.17.1 (2021-05-10).

  AskWoody Plus Alert, MS-DEFCON, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Windows Update

• MS-DEFCON 2 – Deferring the April Updates

  Posted on April 11th, 2021 at 01:00 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.12.1 • 2021-04-11

  

  By Susan Bradley

  Brace yourself for April updates

  It’s the time of the month to pause for updates. You will recall that the March updates were very disruptive and many of you decided to not install that round. The April releases are cumulative so you won’t have to go back and install the March updates. Instead, we’ll take a long pause to see what April brings.

  If you are a home/consumer user, I recommend two actions to ensure you do not get inadvertent updates. First, select Start, Settings, Network & Internet, and then Wi-Fi or Ethernet (whichever connection you are using). Next click Manage known networks, click on the network that you use, click Properties and turn on Set as metered connection. This “tricks” the computer into thinking that your Internet connection is not unlimited (i.e., you might incur charges) and thus will only download patches once you approve the process.

  The second action is picking a deferral date after April 13, when the next Patch Tuesday security releases will be pushed out by Microsoft. Click on Start, Settings, Update & Security, then click on Advanced Options. Pick a date far enough in the future to give you comfort. I always wait at least a week, usually more. I’ll be reevaluating the update situation closer to the end of the month, but for now choosing April 30 should be safe enough.

  Remember: For those of you running Windows 10 1909, support is coming to an end. After May 11, 2021, 1909 will not receive security updates. In accordance with prior advice, update to 20H2; 21H1 is just around the corner.

  Read the full story in the AskWoody Plus Alert 18.12.1 (2021-04-11).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON 2, Patch Lady Posts