|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
MS-DEFCON 4: A well-behaved September
ISSUE 19.39.1 • 2022-09-27 
By Susan Bradley
September updates have few side effects.
It’s always nice when the monthly update process is calm, with no storms. But due to a few snags, the best I can do is lower the MS-DEFCON level to 4.
These side effects are limited to issues seen in businesses; we ordinary, consumer mortals are not much affected.
Anyone can read the full MS-DEFCON Alert (19.39.1, 2022-09-27).
-
MS-DEFCON 2: Will September updates behave?
ISSUE 19.36.1 • 2022-09-08 
By Susan Bradley
Microsoft patches need to go back to school, too.
Summer vacation is over, which means it’s time for youngsters to return to school. After several years of computer-based, pandemic-induced remote learning, it’s back to the classrooms. Meanwhile, Microsoft is getting ready to roll out the 22H2 releases of Windows 10 and Windows 11.
I’m hoping that the engineers at Microsoft have had enough vacation, rest, and other downtime to ensure that September’s releases are nice, calm, and — well — boring. Unfortunately, August updates haven’t been quite so boring, and that’s not encouraging. Caution is my watchword, so I’m raising the MS-DEFCON level to 2.
Anyone can read the full MS-DEFCON Alert (19.36.1, 2022-09-08).
-
MS-DEFCON 3: Issues with bootloader patches
ISSUE 19.34.1 • 2022-08-23 
By Susan Bradley
This month’s updates are a great example of why my patching advice differs for consumers and businesses.
For consumer patchers, whether using Windows 10 Home or Professional, I’m not convinced that you need to install KB5012170, Microsoft’s security update for Secure Boot DBX (the Secure Boot Forbidden Signature Database). Unless, that is, you think you will be targeted by an overseas attacker with a malicious bootloader installer. If your computer holds the keys to the nuclear codes, then by all means install this update instantly. The fact that this isn’t clear-cut is the reason I can lower the MS-DEFCON only to 3 this time around.
But if you are a normal user, with normal levels of paranoia to get you through the normal security risks of daily life, I’m not convinced that this update is mandatory. In fact, I think it often causes more pain than benefit. Just read through the threads of many a forum poster trying to get this update installed.
Anyone can read the full MS-DEFCON Alert (19.34.1, 2022-08-23).
-
MS-DEFCON 2: Printing issues, again
ISSUE 19.31.1 • 2022-08-04 By Susan Bradley
This time we’re forewarned, and the problem probably won’t affect many.
Here we go again. Month after month this year, updates have affected printing in some way, and the side effects have ranged from minor to major (such as printers being completely disabled).
Fasten your seatbelts anyway, although chances are that many of us won’t notice this side effect at all. In fact, the security fix causing this side effect has actually been installed on our systems for over a year. Starting with the July and August updates, “hardening” is finally being enabled. Still, prudence demands raising the MS-DEFCON level to 2.
Anyone can read the full MS-DEFCON Alert (19.31.1, 2022-08-04).
-
MS-DEFCON 4: July updates make some hot and bothered
ISSUE 19.30.1 • 2022-07-26 By Susan Bradley
Access bugs ruin a quiet July, but we can still lower MS-DEFCON to 4.
To any reader of this alert who is sweltering in a heat wave, my sincere condolences. I can slightly relate, as I’m having the normal July heat wave in my neck of the woods.
The big difference is that my area of the country is used to this weather. Thus I’m inside an air-conditioned home, remotely accessing office workstations and servers to perform the monthly maintenance tasks while some of you are … well … just really hot and really uncomfortable. Fortunately for us, this month’s Windows and Office updates were mostly well behaved.
Anyone can read the full MS-DEFCON Alert (19.30.1, 2022-07-25).
-
MS-DEFCON 2: Pause to review
ISSUE 19.27.1 • 2022-07-07 By Susan Bradley
We’re halfway through the patching year.
It seems like just yesterday when I lowered the MS-DEFCON level to allow a cautious breather so we could apply critical patches. Oh, wait — that’s right, it was just last week.
In June, Patch Tuesday fell on the latest day of the month possible: the 14th. It takes all of us patch watchers a little bit of time to assess the safety of the last round of updates — and before you know it, the next Tuesday is upon us. So after little more than a week, it’s time to pause updates again. Accordingly, I am raising the MS-DEFCON level to 2.
Anyone can read the full MS-DEFCON Alert (19.27.1, 2022-07-07).
-
MS-DEFCON 2: Zero days unpatched
ISSUE 19.23.1 • 2022-06-09 By Susan Bradley
Once again, we are faced with several zero days that are plaguing Office and Windows.
Accordingly, I am raising the MS-DEFCON alert level to 2.
At this time, the vulnerabilities are being used in targeted attacks and ones that are more probing in nature (probes test the ability of the attack to get in but don’t take action). So far, we have not seen widespread attacks, but there are some ways you can proactively protect yourself.
Anyone can read the full MS-DEFCON Alert (19.23.1, 2022-06-09).
-
MS-DEFCON 4: A mixed bag for May
ISSUE 19.21.1 • 2022-05-24 By Susan Bradley
Good news! Most consumer and home users should be just fine after installing this month’s updates.
I’m not seeing any major, trending issues with patches for the bulk of users, so I’m lowering the MS-DEFCON level to 4.
But there’s a “but”: I’m still seeing some corner-case oddities and just can’t quite put my finger on the root cause. For example, reader Ray G reports:
… after the updates are installed, I still have a black screen and have to wait for about 5 minutes for the desktop to appear.
Anyone can read the full MS-DEFCON Alert (19.21.1, 2022-05-24).
-
MS-DEFCON 2: 2004 is out of support
ISSUE 19.18.1 • 2022-05-05 By Susan Bradley
Check your Windows version, then update accordingly.
I regularly come across PCs that are running old, out-of-support versions of Windows because they aren’t on the Web long enough to be “serviced” by Windows Update. For example, there are two Surface laptops in my office that are used by people on cellular connections. As a result of sporadic use, they never get a feature update.
Just the other day, I realized they were running Windows 10 2004 and thus no longer were getting security updates, a serious matter.
Anyone can read the full MS-DEFCON Alert (19.18.1, 2022-05-05).
-
MS-DEFCON 4: Protect yourself with patches
ISSUE 19.17.1 • 2022-04-26 By Susan Bradley
I’ve been holding my breath.
For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.
CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.
Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).
-
MS-DEFCON 2: Deferring April
ISSUE 19.14.2 • 2022-04-07 By Susan Bradley
Don’t let April showers rain on your PCs.
I love April. It’s the end of the busy tax season at the office, and it’s spring where I live — the tulips are in bloom. But what I don’t love is updates disrupting my business before the end of the busy season. So I urge you to do what I do at the office: defer those updates.
Anyone can read the full Plus Alert (19.14.2, 2022-04-07).
-
Ensuring your safety
ISSUE 19.14.1 • 2022-04-05 
By Susan Bradley
MailChimp was compromised by attackers. Here’s what you should know.
This is breaking news.
An article at BleepingComputer on Monday, April 4, 2022, revealed the news that the MailChimp email and marketing service had been breached. The report has also been picked up by many different online services and will probably hit the bigger publishers by tomorrow. The attack focused on MailChimp’s internal tools, which allowed the bad guys to steal audience data and launch phishing attacks.
Read the full Plus Alert (19.14.1, 2022-04-05).
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
KB4023057: Update for Windows Update Service components
by 6 minutes ago
-
win 12 as BORG?
by 49 minutes ago
-
Windows 11 — should I stay on Windows 10?
by 2 hours, 27 minutes ago
-
Did I really install PaintShop Pro?
by 1 hour ago
-
You’re fired if you don’t know how to use GPT-4
by 4 hours, 8 minutes ago
-
Microsoft 365 Copilot announced
by 7 hours, 18 minutes ago
-
What’s wrong with OneNote — and what you can fix
by 8 hours, 23 minutes ago
-
Temp_Cleaner GUI — Just what I was looking for
by 20 minutes ago
-
Who controls our tech?
by 6 minutes ago
-
Missing drives
by 8 hours, 52 minutes ago
-
Can I boot into Win7 from Win10 laptop
by 6 hours, 43 minutes ago
-
How to Force HP Pavilion Laptop to Boot from USB Stick
by 17 hours, 25 minutes ago
-
The Internet Archive lost in court vs publishers
by 1 day, 1 hour ago
-
why is free space shrinking
by 15 hours, 1 minute ago
-
Celebrating Spring
by 3 hours, 49 minutes ago
-
TicTock is child’s play compared to Flowtime devices (From TheGuardian.Com)
by 1 day, 21 hours ago
-
iOS/iPadOS 16.4 : Dim Epilepsy-Inducing Flashing Lights In Videos
by 1 day, 23 hours ago
-
windows networking issues
by 22 hours, 50 minutes ago
-
Gordon Moore died at the age of 94
by 2 days, 6 hours ago
-
New CISA tool detects hacking activity in Microsoft cloud services
by 2 days, 21 hours ago
-
Laptop update from Mate 19.2 to 21.1
by 3 hours, 40 minutes ago
-
Microsoft setting the ball for Windows 12 as it begins adding Cloud PC
by 2 hours, 31 minutes ago
-
March KB5023696 patch removed but now I have a what’s next question
by 2 days, 19 hours ago
-
CCleaner’s Driver Updater – does it work?
by 3 hours, 51 minutes ago
-
Issue 2439: CentOS Stream 9: missing kernel security fixes
by 3 days, 20 hours ago
-
Microsoft to throttle emails to online email if you are running old stuff
by 3 days, 12 hours ago
-
fre-ac updates
by 3 days, 20 hours ago
-
Windows 10 lost start up password
by 3 days, 20 hours ago
-
Windows 11 Insider Preview Build 22621.1470 and 22623.1470 released to BETA
by 3 days, 21 hours ago
-
Windows 11 Insider Preview build 25324 released to Canary
by 2 days, 22 hours ago
