News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • September 2021 – it’s patch day!

    Posted on September 14th, 2021 at 12:53 Comment on the AskWoody Lounge

    This week is clearly “patch the zero day” week.  Yesterday we had Apple, also Chrome fix several zero days.

    Today we have the Microsoft version.  Now while Adobe doesn’t have any zero days in their release bundle, if you are (still) a user of Adobe Acrobat or Reader, you’ll be getting and wanting an update.

    Today we are fixing the Microsoft zero day MSHTML vulnerability I wrote about the other day. If you used the registry key to protect yourself, when I give the all clear I’ll remind you to undo that.

    One thing I’m not clear on from initial read of my usual sources of Dustin Childs and Bleeping computer is the situation with the print spooler. There are more print spooler bugs being fixed – but are they the ones we were concerned about that were carried over from prior months that kept me urging you to keep the print spooler service disabled? I’ll be digging into that question.

    Stay tuned, deeper analysis by this weekend.

    As always for those that DO have a backup, like to be the beta testers for the rest of us, do let us know of any issues you see. In the meantime I’ll be watching and accumulating the facts – and not the rumors – as we always do here on AskWoody.

    Don’t forget to sign up for either the twitter alerts or the newly minted text alerts:

    Want to get alerted when the AskWoody MS-DEFCON status changes?

    MS-DEFCON Alert system

    If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

    Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

    Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

  • August updates causing issues with multi user QuickBooks

    Posted on August 17th, 2021 at 09:03 Comment on the AskWoody Lounge

    Mitch McCarley reports that his clients are impacted by the August patches and multi-user QuickBooks.

    It looks like the August 2021 Windows Updates are causing an issue in QuickBooks.  We are unable to open QB in multi-user mode, and also QB is having a hard time opening QB data files on mapped drives.  Intuit Support said it’s a known issue possibly related to recent Windows Updates and there is no fix at this time.

    He went on to say

    There were a few issues:

    –  QB could not switch to multi-user mode.

    –  QB could no longer find the previously opened file.  When I tried to browse to the mapped drive, the mapped drive not listed under This PC in the QB explorer.

    –  With Network Discovery on and the required services enable, I could browse the network to the server and find the data file.

    –  I could open the file directly from the mapped drive.

    Intuit Support only knew there was “known issue probably related to a Windows Update”, but had no other details.

    I’m also still tracking issues with group policy deployed printers. Microsoft has made a mess of the printer deployment via group policy.  If you have v3 printer drivers they are prompting for administrative rights.  If you are an IT pro I’ll urge you to join the conversation on the patchmanagement.org list where everyone is still trying to figure out a solid solution.

    A reminder for home/consumer users: If the patch is installed and you have no issues with printing, leave the patch installed, don’t uninstall it.

  • Print spooler – here we go again

    Posted on July 15th, 2021 at 19:05 Comment on the AskWoody Lounge

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481

    Just out right now.

    Here we go again: Yes, another Print spooler vulnerability, no patch yet. Not sure which platforms are vulnerable.

    So if you took mitigation such as disabling print spooler – leave it off.

    As we know more, you’ll know more.

    (Susan is saying… really? More Print spooler bugs?  Can’t we get them all fixed at the same time?)

    Edit 7/18:  New Windows print spooler zero day exploitable via remote print servers (bleepingcomputer.com) Even more print spooler bugs.

     

  • EFI Partition issues?

    Posted on July 15th, 2021 at 11:38 Comment on the AskWoody Lounge

    Passing this along as a heads up… now mind you I have installed this patch on several machines with zero issues.  And point number two – remember ANY issue is recoverable if you have a backup.

    On a reddit thread, a poster is indicating issues with EFI partitions causing a no boot situation after the install of the July updates. An EFI partition is “The EFI partition (similar to the System Reserved partition on drives with the MBR partition table), stores the boot configuration store (BCD) and a number of files required to boot Windows. When the computer boots, the UEFI environment loads the bootloader”.

    Some things to keep in mind that monthly patches don’t move a EFI partition so I don’t think that’s what’s going on. When you have two EFI partitions that typically means you dual boot and I always consider a dual booting machine an advanced setup that you should consider a bit more carefully and ensure it’s backed up.

    I personally don’t dual boot, rather I use virtual machines as I feel it’s safer.

    But bottom line we’ll keep an eye on it and keep you posted.

     

  • July 2021 security updates are out

    Posted on July 13th, 2021 at 12:35 Comment on the AskWoody Lounge

    Which means we wait and see how the month fares before dipping our toes into the patching waters.

    Remember the Print spooler patch that was released earlier this month is also included in this batch. Microsoft has included the fix for the USB label printers (Zebra/Dymo) but if you have any label printer it would be wise to hold off – or at least prepare yourself to uninstall if you have to.

    Exchange (email server) has another patch so if you are still patching an on premises Email server, heads up!

    As always, holler if you do see issues and report in when you don’t, as it helps to see how many come through okay.

    Windows 7 ESU folks have a servicing stack update.

    Resources to read in the meantime:

    Dustin Childs’ Zero day blog

    Firefox 90 is out

    Security updates for Firefox

    Bleeping Computer – 9 zero days fixed

    Edit 7/14/2021 – added links to Master Patch page (Plus members only)

    So far not seeing anything major trending at this time, keeping an eye on things.

  • Why you don’t want to reboot in the middle of an update

    Posted on June 17th, 2021 at 23:45 Comment on the AskWoody Lounge

    I spotted this video yesterday – it’s a really good recap of why you don’t want to reboot in the middle of an update . Click on that link and he explains what’s going on behind the scenes.

    Once you watch it, come back and I’ll share some OLD technet blog links that discuss the concept as well.  Back in the days of Vista Microsoft made a major change to how the operation system was built and serviced.  At the time one of Microsoft’ engineers blogged about how some of the guts of the Windows servicing process worked.

    If you haven’t read his blogs, they are a good deep dive on the updating process.

    Servicing windows part one

    Servicing windows part two

    Then for those of you that remember this…. When Windows 7 sp1 first came out it laid a big fat egg when it was released. If you happened to install the service pack using WSUS it would leave your Windows 7 workstation unbootable into a lovely black screen.  A workaround some of us found was to edit the pending.xml file. Long story short this was not a good thing to do. As I recall the underlying trigger was that the service pack was supposed to be installed all by itself and because it was being approved with other updates, it triggered a reboot when it wasn’t supposed to. And for anyone who thinks patching quality has gone down, I honestly didn’t think it was all that great back then.

    Bottom line, it’s a nice reminder that there’s a lot going on under the hood as these patches are installed

  • Patch Tuesday poll – how is the testing going?

    Posted on April 14th, 2021 at 08:06 Comment on the AskWoody Lounge

    [yop_poll id=”4″]

    Well how is everyone doing the day after in your early testing of the updates?

  • April Patch Tuesday out – Exchange once again

    Posted on April 13th, 2021 at 12:56 Comment on the AskWoody Lounge

    Patches are just coming out.
    Patch Lady

    Small business guidance up first:

    Exchange (Microsoft’s on premises mail server) has an update. This time I’m ignoring any guidance that might say “targeted attacks only” and saying – if you have on prem Exchange patch TODAY just to be safe. I totally understand that to ask any business large or small to have them take down the mail server on a business day is asking a lot, but I’m not taking chances this time with my small business peeps getting nailed.
    Patch them.
    Do it.
    Reboot that Exchange server ahead of time.
    Ensure you open a command prompt and run as admin to run the commands to update Exchange. Ensure you watch that services fully restarted after the box is rebooted.
    – CVE-2021-28480/28481 – Microsoft Exchange Server Remote Code Execution Vulnerability
    Both of these CVEs are listed at a 9.8 CVSS and have identical write-ups, so they both get listed here. Both code execution bugs are unauthenticated and require no user interaction. Since the attack vector is listed as “Network,” it is likely these bugs are wormable – at least between Exchange servers. The CVSS score for these two bugs is actually higher than the Exchange bugs exploited earlier this year. These bugs were credited to the National Security Agency. Considering the source, and considering these bugs also receive Microsoft’s highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible.
    For consumers and home users, pop that popcorn and we’re going to be in patch testing mode watching for the dead bodies. As usual the full write up will be coming up in Monday’s Plus newsletter.  Biggies to watch out for – old Edge goes, and… for how many months past October end of life for Office 2010 we are STILL patching Office 2010.
  • Windows Update for Business isn’t just

    Posted on April 6th, 2021 at 22:26 Comment on the AskWoody Lounge

    Over on Computerworld I have an article about how Windows Update for Business isn’t just for business. I use it all the time on my standalone machines.

    If you are an IT Pro, I’d recommend following the twitter account of AriaUpdated. She’s the Microsoft Product manager for Windows Update for Business.

  • Windows update for business – fun fact

    Posted on March 31st, 2021 at 11:49 Comment on the AskWoody Lounge

    AH HA! The first unofficial documentation I’ve seen that confirms what @PKCano and others have noted: If you have certain settings in place, you DON’T get offered up the preview updates.

    Windows Update for business is merely local group policy settings that set certain patch settings.

     

  • The ides of March

    Posted on March 29th, 2021 at 06:09 Comment on the AskWoody Lounge

    To patch or not to patch this month…. that is the question I attempt to answer this week in ComputerWorld.

    Printers side effects were the big issue (and still are) this month.

    (note that I’m going to have to reach out to the ComputerWorld editors… they missed part of the post I sent them…)

    It’s supposed to read:

    So for Windows 10 2004 or 20H2 you need to skip the updates released on March 9th and instead jump over to the March 18th update of KB5001649. It should be offered up to you as an optional update, or you can download it from the Catalog site. Because Windows 10 updates are cumulative you only need the one update (the third and final update Microsoft released this month).

    For Windows 10 1909, you need KB5001648. Once again it should be offered up to you as an optional update if you go to the Windows update interface or you can download it from the Catalog site like 2004/20H2 handles it’s updating, 1909 is cumulative.

    For Windows 8.1 the process is slightly different as the fixing patches are not cumulative. This time the updates are not documented on the Windows 8.1 history page but can be found if you dig into the 8.1 health release dashboard. On Windows 8.1 you need to install both the original update from March 9th of KB5000848 AND the fix up patch of KB5001640. These are not offered up as optional updates and you must download KB5001640 from the catalog site.

    Windows 7 is similar to Windows 8.1 in not having a cumulative update patch to fix it’s printing issues. After you install the original security only update of KB5000851 or the monthly rollup of KB5000841 (which includes security updates) is fixed by KB5001639 which is only available from the Catalog site.  So for these platforms you need to install two updates just like 8.1.

  • Let’s get Mikey to try it

    Posted on March 19th, 2021 at 00:13 Comment on the AskWoody Lounge

    Do you remember that old commercial that had two little boys who didn’t want to eat cereal that was supposed to be good for you?  The two little boys slid the cereal bowl over to their little brother and said “Let’s get Mikey to try it…”

    … so who wants to be Mikey tonight?

    Microsoft halts rollout of Windows 10 KB5001649 emergency update (bleepingcomputer.com)

    Apparently even Mikey doesn’t want it now.

    From the Update portal

    For those of you with Dymo label printers, this might fix your issue:

    Microsoft identified an issue that affects Windows 10 devices which applied the March 2021 security update released March 9, 2021 and the out-of-band updates released March 15, 2021, and a resolution has been expedited. Affected devices might receive unexpected results when printing from some apps or to some printers. Issues might include missing or solid color graphics, misalignment/formatting issues, or printing of blank pages/labels. An out-of-band optional update is now available on the Microsoft Update Catalog and on Windows Update.
    We recommend you only install this update if you are affected by this issue. For more information, see the known issues section for your version of Windows 10 or see the links below:
    • Windows 10, version 20H2 and Windows Server, version 20H2 (KB5001649)
    • Windows 10, version 2004 and Windows Server, version 2004 (KB5001649)
    • Windows 10, version 1909 and Windows Server, version 1909 (KB5001648)
    • Windows 10, version 1809 and Windows Server 2019 (KB5001638)
    • Windows 10, version 1803 (KB5001634)
    • Windows 10, version 1607 and Windows Server 2016 (KB5001633)
    • Windows 10, version 1507 (KB5001631)
    Note Updates for the remaining affected versions of Windows will be released in the coming days.