Newsletter Archives

  • Here come the May updates

    First up consumer advice:

    Remember this is the time that your main machine should be in deferral mode. So either defer updates for a later date, choose to be on metered connection, use WUshowhide to choose what updates you want ….but not now… today is wait and see what us testers find out.

    Business patchers:

    • I’m still tracking an issue with Windows Server 2022 and RDgateway brokerage service. I’ll let you know if that’s fixed.  It’s not been fixed. Still occurring.
    • Installation issues – as noted on the BornCity blog should be fixed in the May releases. Note I only saw this in corporate networks so to me it appears to be a build/deployment triggered event.

    Remember — “Windows 10, version 1909, and Windows 10, version 20H2 have reached end of servicing.  As of May 10, 2022, the Home and Pro editions of Windows 10, version 20H2, and all editions of Windows 10, version 1909 have reached end of servicing. The May 2022 security update, released on May 10, is the last update available for these versions. After that date, devices running these editions will no longer receive monthly security and quality updates containing protections from the latest security threats.”

    And now we pop the popcorn and see what today’s releases bring to us:

    from Dustin Childs he says…. “Some really interesting bugs in today’s #Microsoft patch release, incl one under active attack. I’ll have my thoughts out soon. #PatchTuesday

    Stay tuned, I’ll be adding links and comments here as well.

    Consumer comments:

    • Print spooler bugs being patched again, so I’ll be watching for printing bugs
    • The one bug in active attack is more corporate targeted (LDAP) not consumer.
    • .NET is getting patched (IMHO the whole retirement of the older .net versions is still extremely and frustratingly not clear, while .net updates no longer throw off quite the side effects they did before, the communication regarding the support of older .nets and lack of good informative tools to let you know what you have and what you are vulnerable to is frustrating to me. Look for more articles/guidance on this in the future)
    • Windows 11 is having issues with applications that want .NET 3.5.  Looks like Microsoft is handling this with a “known issue rollback”.  If you have 11 look in the comments link for more reports.

    Business comments:

    • If you still patch on premises Exchange there are updates out this month.
    • The “in the wild” vulnerability where we are patching PetitPotam again (CVE-2022-26925) is triggering some side effects with patches.  You may want to keep an eye out for NPS policies side effects
  • April patching showers here we go

    It’s that time of the month for all computer users to get in the habit of checking their devices.

    While “Patch Tuesday” is the big one for Windows users, it’s also wise to check your Apple devices.  I know that my iPhone has been offering – but not pushing – the latest updates. They too are doing a “let’s dribble them out and see how well they go” methodology these days.

    But back to Microsoft:

    Remember this month they push out “Search highlights will roll out to Windows 10 customers over the next several weeks. We are taking a phased and measured approach. ” in Windows 10.

    I’ll be adding more links as folks post up analysis.  Here at Askwoody we track the side effects and try to weed out what is “corner cases” from those issues that are widespread.

    145 vulnerabilities

    1 publicly disclosed

    10 critical

    .NET security updates are included in the April 2022 updates for denial of service issues.

    Dustin Child’s zero day write up here.  Clearly we have a difference between home users and business computers this year with a bug that will provide lateral movement inside a network once they get in.  Port 135 is a typical file and printer sharing port – but it not exposed to the outside world. But in an office network, once they get in, ouchie!

  • Unicorn Friday – what do you want from updating?

    Microsoft product manager for Windows updating Aria tweets today:

    If I were to have a magic unicorn that could grant one wish that would give you what you have always wanted within the world of Windows Updating, what would your wish be?  She asks would it be related to:

    Good Reporting
    More Control(s)
    Better documentation
    Better enduser experience
    So what would your one wish be?

    For those that are consumers/home users we often have to ride the leftovers from the enterprises. If THEY want something we then GET that something.  I think there is one more item we want that EVERYONE wants:  That of quality updates that don’t break our stuff.
  • March Madness patching begins

    While over at Apple they are having a livestream event, Microsoft is releasing their updates. Will Apple release updates today as well?

    Windows 11 gets weather on the left hand side where start menu is in Windows 10.  You know you are getting old when moving the weather icon around annoys you.  While Microsoft said that Windows 11 would only get feature releases once a year, they are dribbling out these task bar changes constantly. Remember the changes that were in preview last time, will be in the Windows 11 updates this month. My advice?  Use Start11 or any of the other classic menu offerings if you are on Windows 11.

    Meanwhile, for those of us on Windows 10, 8.1, 7 and server operating systems, keep an eye out for the security updates releasing today.

    Also be aware that Windows 10 20H2 Home and Pro edition drops out of support on May 10, 2022 and Windows 10 1909 Enterprise and Education drops out on May 10, 2022 as well.

    For those on Linux, look out for “Dirty pipe” a vulnerability that recently came to light and has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022.  A proof of concept has been released.

    As always, pop that popcorn, sit on the sidelines as we weed through the releases and see what side effects will occur.

    I’ll be adding links and resources as the patches and information is released. Of course, full analysis will be in next week’s newsletter.

    Updated info:

    92 vulnerabilities, 2 publicly disclosed, 3 critical

    If you have an on premises Exchange server – once again you want to test and patch as soon as you can.

    Remote Desktop client needs a patch- but it needs a malicious server to trigger the remote control execution.

    Windows 10 2004 and later (only) have a SMBv3 bug and Xbox has a bug unique to it and it alone.

    HEVC video extensions are getting a patch which means if you are one who blocks updates through the Microsoft store, you’ll need to manually update this.

    Gunther Born reports that Remote desktop connection role on Server 2022 is impacted. Note I am not seeing this on Server 2019 or earlier versions.

     

  • Don’t move your printer spooler files

    Video here

    This came up the other day on one of the patching lists. Someone was trying to install the recent patches that include print spooler fixes and the updates kept failing/causing issues. Turns out the print spooler was moved to a different drive and the update was expecting it to be on the C drive. Once they moved it back all was well.

    Moving the print spooler is something that can be done with a registry key, but it’s something I honestly don’t recommend doing. While we can say Microsoft shoulda/coulda/woulda and gee shouldn’t it be able to know where your spooler is located and not care which drive it’s on? I just feel that your best patching experience is when you stay with a normal Windows location for the files on the system. And while in a perfect world, every patch should be such that it wouldn’t care where the spooler is located, we live in the real world where your patching experiences are just better if you stick with “normal”.

    So what else do you do to stay with normal when it comes to patching?

  • Beware of firmware updates on Surface book 3

    Barb Bowman passed this along and I’m seeing other posts on the subject.

    The recent firmware update to Surface Book 3’s are bricking some of the devices. it appears

    Arnaud van Galen posted in No disks after firmware update “also had this combination of 2 firmware updates (13.101.140.0 and 13.0.1889.2 sounds right) last night, but the machine didn’t boot at all anymore this morning. When I enter the UEFI it says System UEFI = 13.101.140 and Intel Management Engine = 13.0.1889.2 so it does seem that both firmwares got installed correctly.

    I tried booting from a recovery USB and from inside diskpart it showed that there were no partitions anymore.

    I tried reinstalling (both with secureboot on and off) but Windows gives Error 0x80300024 and from inside diskpart I get “The request failed due to a fatal device hardware error” after giving a ” list disk, select disk 0, detail disk, clean, create partition efi””

    “While not conclusive, it looks like this firmware update and the Hynix drive (HFM256GDGTNG-87A0A) have issues about 50% of the time, rendering the surface useless.”

    More threads are here: Windows 11 update blue-screened my Surface Book 3 – Microsoft Community

    Surface Book 3 – The newest update has completely bricked my Surface – Microsoft Community

    “HoopersX on Twitter: “Hey @karaswisher did you hear about the @microsoft firmware update for their Surface Book 3’s that has completely bricked the devices and they have no answers since it started last Thursday? It kills the BIOS ability to see the drive. So no easy fix in Windows” / Twitter”

  • February 2022 Patch Tuesday early reports

    It’s that time of the month again that we wait on news of update side effects. It’s my philosophy that you shouldn’t rush into anything and patching (with very few exceptions) falls into that as well.

    This month includes patches for Print spooler (ugh) but it remains to be seen if we’ll see more printer side effects.

    So ensure you have (for Windows 10/11) start/settings/update and security/advanced options/pause updates/choose the date of February 22 and then sit back and let’s see how February shakes out. In the meantime here’s a Valentine’s day poem from Kelley Robinson:

    Roses are red
    Violets are blue
    Turning on 2FA
    Is good for me and you

    Links to keep an eye on for those of you that want to dig through the weeds yourself – but as always we’ll be recapping the side effects in the newsletter and Master patch list so you don’t have to wade through all of the weedy stuff.

    Raw link from MSRC
    Dustin Child’s Security update review
    SANS patch recap
    Patch Tuesday dashboard
    Reddit’s Patch Tuesday megathread (lots and lots to dig through)

     

  • November patches here we come

    Here comes updates for November. Remember at this time I urge you to defer, not install UNLESS you have a test bed/good backup plan and you are one of the regulars that love to test for the rest of us to let us know how the patching looks.

    For those updating Macs, recently they fixed an issue where the Monterey release was bricking some machines with the T2 security chip.

    Peter Deegan over on Office-Watch has a post about how Microsoft is “aligning support of consumer OneDrive sync with the life cycles of the platforms.” Once again Windows 8.1 is the red headed step child of the operating systems and I’m not buying this “alignment” when it’s still fully supported for another year. We’ll have more on alternatives in an upcoming newsletter.

    I always link to resources like the Zero day blog, because to me it’s like the green start flag on the patching race. It’s now officially the release date. However here at Askwoody, we’re always flying the yellow warning flag to slow down, watch and be cautious.

    So far the only patch I’d urge business patchers to jump on is the Exchange security updates – and for that you first need to ensure you have a backup/a maintenance window to deploy updates/and recovery plans just in case. There are several Office bugs and make sure that you don’t open up attachments blindly – like Excel files. Finally there’s a bug in Remote desktop and for that there’s another “duh” workaround – make sure you don’t click on any RDP files offered or emailed to you.

    As always I’ll be looking for side effects and issues and will be reporting on them in the newsletter. Remember, you want to be the tortoise, not the hare when it comes to updating. Ensure your browser is updated, be a bit more paranoid about clicking, and stay tuned as I keep an eye out for the side effects and issues and report on them in the Plus newsletter.

  • September 2021 – it’s patch day!

    This week is clearly “patch the zero day” week.  Yesterday we had Apple, also Chrome fix several zero days.

    Today we have the Microsoft version.  Now while Adobe doesn’t have any zero days in their release bundle, if you are (still) a user of Adobe Acrobat or Reader, you’ll be getting and wanting an update.

    Today we are fixing the Microsoft zero day MSHTML vulnerability I wrote about the other day. If you used the registry key to protect yourself, when I give the all clear I’ll remind you to undo that.

    One thing I’m not clear on from initial read of my usual sources of Dustin Childs and Bleeping computer is the situation with the print spooler. There are more print spooler bugs being fixed – but are they the ones we were concerned about that were carried over from prior months that kept me urging you to keep the print spooler service disabled? I’ll be digging into that question.

    Stay tuned, deeper analysis by this weekend.

    As always for those that DO have a backup, like to be the beta testers for the rest of us, do let us know of any issues you see. In the meantime I’ll be watching and accumulating the facts – and not the rumors – as we always do here on AskWoody.

    Don’t forget to sign up for either the twitter alerts or the newly minted text alerts:

    Want to get alerted when the AskWoody MS-DEFCON status changes?

    MS-DEFCON Alert system

    If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

    Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

    Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

  • August updates causing issues with multi user QuickBooks

    Mitch McCarley reports that his clients are impacted by the August patches and multi-user QuickBooks.

    It looks like the August 2021 Windows Updates are causing an issue in QuickBooks.  We are unable to open QB in multi-user mode, and also QB is having a hard time opening QB data files on mapped drives.  Intuit Support said it’s a known issue possibly related to recent Windows Updates and there is no fix at this time.

    He went on to say

    There were a few issues:

    –  QB could not switch to multi-user mode.

    –  QB could no longer find the previously opened file.  When I tried to browse to the mapped drive, the mapped drive not listed under This PC in the QB explorer.

    –  With Network Discovery on and the required services enable, I could browse the network to the server and find the data file.

    –  I could open the file directly from the mapped drive.

    Intuit Support only knew there was “known issue probably related to a Windows Update”, but had no other details.

    I’m also still tracking issues with group policy deployed printers. Microsoft has made a mess of the printer deployment via group policy.  If you have v3 printer drivers they are prompting for administrative rights.  If you are an IT pro I’ll urge you to join the conversation on the patchmanagement.org list where everyone is still trying to figure out a solid solution.

    A reminder for home/consumer users: If the patch is installed and you have no issues with printing, leave the patch installed, don’t uninstall it.

  • Print spooler – here we go again

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481

    Just out right now.

    Here we go again: Yes, another Print spooler vulnerability, no patch yet. Not sure which platforms are vulnerable.

    So if you took mitigation such as disabling print spooler – leave it off.

    As we know more, you’ll know more.

    (Susan is saying… really? More Print spooler bugs?  Can’t we get them all fixed at the same time?)

    Edit 7/18:  New Windows print spooler zero day exploitable via remote print servers (bleepingcomputer.com) Even more print spooler bugs.

     

  • EFI Partition issues?

    Passing this along as a heads up… now mind you I have installed this patch on several machines with zero issues.  And point number two – remember ANY issue is recoverable if you have a backup.

    On a reddit thread, a poster is indicating issues with EFI partitions causing a no boot situation after the install of the July updates. An EFI partition is “The EFI partition (similar to the System Reserved partition on drives with the MBR partition table), stores the boot configuration store (BCD) and a number of files required to boot Windows. When the computer boots, the UEFI environment loads the bootloader”.

    Some things to keep in mind that monthly patches don’t move a EFI partition so I don’t think that’s what’s going on. When you have two EFI partitions that typically means you dual boot and I always consider a dual booting machine an advanced setup that you should consider a bit more carefully and ensure it’s backed up.

    I personally don’t dual boot, rather I use virtual machines as I feel it’s safer.

    But bottom line we’ll keep an eye on it and keep you posted.