Newsletter Archives

  • Got a Windows configuration update?

    Did you receive a Windows configuration update that demanded a reboot?

    I got it at the office where my patches are normally controlled and I’m not 100% sure what the “configuration” was updating.

    I believe – but I’m not sure – it was a Moments release as the update history points to this page.

     

    If so, it really was not a great experience. No notification, just an alert I needed to reboot and not a great deal of information about exactly what was installed. Furthermore in my LONG experience with Windows, machines do weird things if patches are installed and machines are not rebooted so I really don’t like to see machines with pending updates.

    So did you receive this as well on your Windows 11 22H2? Let me know in the comments.  Needless to say I’ll be investigating as to why Microsoft handled this like this.

  • Master Patch List for September 12, 2023


    I’ve updated the Master Patch list for the September updates.  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

    The updates are taking longer than normal to install. Many are reporting this, but it doesn’t mean anything bad is happening to your machine.

    Consumer tip:  If you are on Windows 11 and have any sort of third party menu or file explorer program, ensure that it’s up to date. If the start menu won’t launch be prepared to remove it. While I haven’t seen issues in my testing, it’s still too soon to be installing updates.

    I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

    • Windows 11 22H2: Recommended
    • Windows 11 21H2: Will be recommended these get updated to 22H2 at the end of the month.
    • Windows 10 22H2: Recommended
    • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • September patches, Apple headlines and Browsers!


    Lots of headlines today. Today is the day they hold their event to announce new product releases. Rumor has it that iPhone 15 will be announced.

    Next up is our usual release of security patches from Microsoft.  Remember today is the day that I start testing, and the rest of you hold back. We have adventurous souls on the site that also test and report back (and for that thank you!) .  In early review we have for Windows 11 in addition to security patches additional “enhancements” (annoyances?) such as “new hover behavior for the search box gleam, fixes an issue that impacts the search box size. It also “This update removes a blank menu item from the Sticky Keys menu. This issue occurs after you install KB5029351.”

    Remember for businesses, you need to be aware of the full enforcement phase for updates that impact Kerberos protocol changes. Before you install updates this month ensure you have reviewed your Domain controller event logs looking for Event 43 with the text “The Key Distribution Center (KDC) encountered a ticket that it could not validate the
    full PAC Signature. See https://go.microsoft.com/fwlink/?linkid=2210019 to learn more. Client : <realm>/<Name>” in the System law.

    Finally and in my mind, more importantly as an action item that I DO want you to do, is to launch each browser you have on any device and review that it’s up to date. Chrome has a zero day out and just released a fix for it. Firefox is out with 117.0.1 today. So regardless if you patch your operating system – whether that’s Windows, Mac, or various flavors of Linux, DO launch your browser, to into the settings and then about to make it ‘kick’ a self update.  Make sure you do this on all browsers today.

    Dustin Child’s zero day blog

    As a reminder I’ll be watching for bugs and side effects and will call them out on the Master Patch List page.

     

  • Master Patch List for August 8, 2023

    I’ve updated the Master Patch list for the August updates.  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

    So far trending issues are:

    8/8/2023:  Still in the process of testing and evaluating updates but be aware that I am seeing failures to install the Exchange server updates for Microsoft’s mail server see this post. Microsoft has pulled the update at this time.

    Consumer tip:  If you are on Windows 11 and have any sort of third party menu or file explorer program, ensure that it’s up to date. If the start menu won’t launch be prepared to remove it. While I haven’t seen issues in my testing, it’s still too soon to be installing updates.

    Business tip: On August 8, 2023, Windows Updates for Server 2022 will add options for administrators to audit client machines that cannot utilize LDAP channel binding tokens via events on Active Directory domain controllers.  (more info in the master patch list)

    I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

    • Windows 11 22H2: Recommended
    • Windows 11 21H2: If you have a Windows 11 PC and are a gamer, recommended
    • Windows 10 22H2: Recommended
    • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • August 2023 updates are out

    For Apple devices, while 16.6 was released back on July 24, your device may not have received them yet – or will be installing it shortly. As always, if you see any weirdness try turning the device off and then back on again.

    August is BlackHat and Defcon – the big security conferences held in Las Vegas and this month is a BIG release for security patches as well.

    We STILL do not have a patch for all affected version of Office/wordpad for last month’s security vulnerability in Office/html (if you remember it was patched in the M365 versions but not all) instead we have an advisory.

    Exchange mail servers have a patch.

    .NET’s have security updates.

    More in next weeks newsletters.  For now I start testing on my canary machines and you – you just hang tight and defer those updates.

  • Are you seeing multiple reboots?

    For those running Windows – if you’ve gone ahead and installed the July updates, are you seeing more than one reboot?

    (Note I am not recommending that you install the updates at this time, I’m just noting something I’ve seen and wanting to know if those of you that HAVE installed updates have seen this behavior?) Because the .NET updates do not include any new security patches but do fix an issue with X509 certificates, I think what is going on is that the reboot sequence isn’t set up correctly by Microsoft and it will want to reboot after the cumulative update and then again when the .NET updates are installed.

    Note in a corporate setting where you may not approve the .NET patches, you should only see a single reboot.

    Note it doesn’t hurt anything, just slightly annoying and causing you to have to be more patient this month.

    So are you seeing this?

  • Master Patch List as of July 11, 2023

    I’ve updated the Master Patch list for the July  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

    So far trending issues are:

    Consumers:

    Windows 11 updates include fixes for gaming quality mice.

    Business side effects:

    If you have external email banners set up for Outlook clients that are suddenly missing after the last update to Outlook. try adjusting the colors .
    Manual registry keys have to be deployed to be fully patched. Testing the impact and will report back. I do not see this as a concern for consumers just potentially targeted businesses.

    I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

    • Windows 11 22H2: Recommended
    • Windows 11 21H2: If you have a Windows 11 PC and are a gamer, recommended
    • Windows 10 22H2: Recommended
    • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Attack surface reduction rule triggers a mess on Friday the 13

    #Fridaythethirteenthmess

    Microsoft 365 Status on Twitter: “The revert is in progress and may take several hours to complete. We recommend placing the offending ASR rule into Audit Mode to prevent further impact until the deployment has completed. For more details and instructions, please follow the SI MO497128 in your admin center.” / Twitter

    If you set up the Attack surface reduction rule to check Office macros, you have woken up to missing shortcuts. It appears to have been triggered after a defender update. Note this will only occur IF you have attack surface reduction rule enabled. On machines where this is not set, no issues will be seen using Defender.  It is just those with ASR rules enabled.

    The specific rule causing this is

    Block Win32 API calls from Office macros

    Rule-ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b

    In Intune or group policy set the rule to audit if Microsoft hasn’t done it for you already.  Now how to deal with the missing shortcuts?

    Emin reports that “If you’ve volume shadow copy enabled, you can find these shorcuts in a VSS snapshot. I still use nowadays this code whenever I’ve to mount/dismount VSS snapshots. https://p0w3rsh3ll.wordpress.com/2014/06/21/mount-and-dismount-volume-shadow-copies/

    Alternatively you can get the shortcuts from Onedrive if the Desktop synchronization was enabled.

    Microsoft’s guidance here:

    I’ll also note this on the Master Patch list – but it’s NOT exactly patch related side effect.

  • So how do you get to 21H2 without 22H2?

    • Windows 11 22H2: Not recommended
    • Windows 11 21H2: If you have a Windows 11 PC, recommended
    • Windows 10 22H2: Not recommended
    • Windows 10 21H2: Recommended

    That’s my current recommended versions of Windows 10 and Windows 11.  But how do you get to just 21H2 without installing 22H2?

    Easy. EITHER use the registry keys/group policy showcased here:

    Or use the tool at Incontrol. I consider this a bit easier to use.

    You download the tool and choose the version and release you want.  It will keep your machine at just that version and Microsoft won’t push you to 22H2.

    Now right now before next Tuesday, if you get offered 21H2 in the update window go ahead and install it and then set your deferral window to push off updates.

    If you purchased a Windows 11 computer and want to keep it on 21H2, use the same tool and pick version Windows 11 and then Version 21H2.

  • It’s time for those August updates to be deferred

    Annnndddd here we go again….

    It’s Second Tuesday of the Month and Microsoft is releasing their updates:

    Remember first and foremost to always update your browsers so ensure Firefox, Chrome, Brave, Tor, Edge, Safari, whatever you use is up to date.

    Now onto the updates:  https://patchtuesdaydashboard.com/

    21 Critical

    2 already in the wild and exploited

    227 vulnerabilities patched

    The majority are “elevation of privilege” — translation the attackers want to get inside the office.

    I’ll link up more as we know it and in the meantime I’ll keep an eye out for side effects.

    Dustin Child’s zero day write up – https://www.zerodayinitiative.com/blog/2022/8/9/the-august-2022-security-update-review

    Dogwalk Zero day (the OTHER Microsoft support tool bug) got fixed

    There is a “Secure boot patch” I’ll be recommending you defer at least until we know more about it. Impacting all the way back to Windows 8.1.

     

  • Here come the May updates

    First up consumer advice:

    Remember this is the time that your main machine should be in deferral mode. So either defer updates for a later date, choose to be on metered connection, use WUshowhide to choose what updates you want ….but not now… today is wait and see what us testers find out.

    Business patchers:

    • I’m still tracking an issue with Windows Server 2022 and RDgateway brokerage service. I’ll let you know if that’s fixed.  It’s not been fixed. Still occurring.
    • Installation issues – as noted on the BornCity blog should be fixed in the May releases. Note I only saw this in corporate networks so to me it appears to be a build/deployment triggered event.

    Remember — “Windows 10, version 1909, and Windows 10, version 20H2 have reached end of servicing.  As of May 10, 2022, the Home and Pro editions of Windows 10, version 20H2, and all editions of Windows 10, version 1909 have reached end of servicing. The May 2022 security update, released on May 10, is the last update available for these versions. After that date, devices running these editions will no longer receive monthly security and quality updates containing protections from the latest security threats.”

    And now we pop the popcorn and see what today’s releases bring to us:

    from Dustin Childs he says…. “Some really interesting bugs in today’s #Microsoft patch release, incl one under active attack. I’ll have my thoughts out soon. #PatchTuesday

    Stay tuned, I’ll be adding links and comments here as well.

    Consumer comments:

    • Print spooler bugs being patched again, so I’ll be watching for printing bugs
    • The one bug in active attack is more corporate targeted (LDAP) not consumer.
    • .NET is getting patched (IMHO the whole retirement of the older .net versions is still extremely and frustratingly not clear, while .net updates no longer throw off quite the side effects they did before, the communication regarding the support of older .nets and lack of good informative tools to let you know what you have and what you are vulnerable to is frustrating to me. Look for more articles/guidance on this in the future)
    • Windows 11 is having issues with applications that want .NET 3.5.  Looks like Microsoft is handling this with a “known issue rollback”.  If you have 11 look in the comments link for more reports.

    Business comments:

    • If you still patch on premises Exchange there are updates out this month.
    • The “in the wild” vulnerability where we are patching PetitPotam again (CVE-2022-26925) is triggering some side effects with patches.  You may want to keep an eye out for NPS policies side effects
  • April patching showers here we go

    It’s that time of the month for all computer users to get in the habit of checking their devices.

    While “Patch Tuesday” is the big one for Windows users, it’s also wise to check your Apple devices.  I know that my iPhone has been offering – but not pushing – the latest updates. They too are doing a “let’s dribble them out and see how well they go” methodology these days.

    But back to Microsoft:

    Remember this month they push out “Search highlights will roll out to Windows 10 customers over the next several weeks. We are taking a phased and measured approach. ” in Windows 10.

    I’ll be adding more links as folks post up analysis.  Here at Askwoody we track the side effects and try to weed out what is “corner cases” from those issues that are widespread.

    145 vulnerabilities

    1 publicly disclosed

    10 critical

    .NET security updates are included in the April 2022 updates for denial of service issues.

    Dustin Child’s zero day write up here.  Clearly we have a difference between home users and business computers this year with a bug that will provide lateral movement inside a network once they get in.  Port 135 is a typical file and printer sharing port – but it not exposed to the outside world. But in an office network, once they get in, ouchie!