Newsletter Archives

  • Unicorn Friday – what do you want from updating?

    Microsoft product manager for Windows updating Aria tweets today:

    If I were to have a magic unicorn that could grant one wish that would give you what you have always wanted within the world of Windows Updating, what would your wish be?  She asks would it be related to:

    Good Reporting
    More Control(s)
    Better documentation
    Better enduser experience
    So what would your one wish be?

    For those that are consumers/home users we often have to ride the leftovers from the enterprises. If THEY want something we then GET that something.  I think there is one more item we want that EVERYONE wants:  That of quality updates that don’t break our stuff.
  • March Madness patching begins

    While over at Apple they are having a livestream event, Microsoft is releasing their updates. Will Apple release updates today as well?

    Windows 11 gets weather on the left hand side where start menu is in Windows 10.  You know you are getting old when moving the weather icon around annoys you.  While Microsoft said that Windows 11 would only get feature releases once a year, they are dribbling out these task bar changes constantly. Remember the changes that were in preview last time, will be in the Windows 11 updates this month. My advice?  Use Start11 or any of the other classic menu offerings if you are on Windows 11.

    Meanwhile, for those of us on Windows 10, 8.1, 7 and server operating systems, keep an eye out for the security updates releasing today.

    Also be aware that Windows 10 20H2 Home and Pro edition drops out of support on May 10, 2022 and Windows 10 1909 Enterprise and Education drops out on May 10, 2022 as well.

    For those on Linux, look out for “Dirty pipe” a vulnerability that recently came to light and has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022.  A proof of concept has been released.

    As always, pop that popcorn, sit on the sidelines as we weed through the releases and see what side effects will occur.

    I’ll be adding links and resources as the patches and information is released. Of course, full analysis will be in next week’s newsletter.

    Updated info:

    92 vulnerabilities, 2 publicly disclosed, 3 critical

    If you have an on premises Exchange server – once again you want to test and patch as soon as you can.

    Remote Desktop client needs a patch- but it needs a malicious server to trigger the remote control execution.

    Windows 10 2004 and later (only) have a SMBv3 bug and Xbox has a bug unique to it and it alone.

    HEVC video extensions are getting a patch which means if you are one who blocks updates through the Microsoft store, you’ll need to manually update this.

    Gunther Born reports that Remote desktop connection role on Server 2022 is impacted. Note I am not seeing this on Server 2019 or earlier versions.

     

  • Don’t move your printer spooler files

    Video here

    This came up the other day on one of the patching lists. Someone was trying to install the recent patches that include print spooler fixes and the updates kept failing/causing issues. Turns out the print spooler was moved to a different drive and the update was expecting it to be on the C drive. Once they moved it back all was well.

    Moving the print spooler is something that can be done with a registry key, but it’s something I honestly don’t recommend doing. While we can say Microsoft shoulda/coulda/woulda and gee shouldn’t it be able to know where your spooler is located and not care which drive it’s on? I just feel that your best patching experience is when you stay with a normal Windows location for the files on the system. And while in a perfect world, every patch should be such that it wouldn’t care where the spooler is located, we live in the real world where your patching experiences are just better if you stick with “normal”.

    So what else do you do to stay with normal when it comes to patching?

  • Beware of firmware updates on Surface book 3

    Barb Bowman passed this along and I’m seeing other posts on the subject.

    The recent firmware update to Surface Book 3’s are bricking some of the devices. it appears

    Arnaud van Galen posted in No disks after firmware update “also had this combination of 2 firmware updates (13.101.140.0 and 13.0.1889.2 sounds right) last night, but the machine didn’t boot at all anymore this morning. When I enter the UEFI it says System UEFI = 13.101.140 and Intel Management Engine = 13.0.1889.2 so it does seem that both firmwares got installed correctly.

    I tried booting from a recovery USB and from inside diskpart it showed that there were no partitions anymore.

    I tried reinstalling (both with secureboot on and off) but Windows gives Error 0x80300024 and from inside diskpart I get “The request failed due to a fatal device hardware error” after giving a ” list disk, select disk 0, detail disk, clean, create partition efi””

    “While not conclusive, it looks like this firmware update and the Hynix drive (HFM256GDGTNG-87A0A) have issues about 50% of the time, rendering the surface useless.”

    More threads are here: Windows 11 update blue-screened my Surface Book 3 – Microsoft Community

    Surface Book 3 – The newest update has completely bricked my Surface – Microsoft Community

    “HoopersX on Twitter: “Hey @karaswisher did you hear about the @microsoft firmware update for their Surface Book 3’s that has completely bricked the devices and they have no answers since it started last Thursday? It kills the BIOS ability to see the drive. So no easy fix in Windows” / Twitter”

  • February 2022 Patch Tuesday early reports

    It’s that time of the month again that we wait on news of update side effects. It’s my philosophy that you shouldn’t rush into anything and patching (with very few exceptions) falls into that as well.

    This month includes patches for Print spooler (ugh) but it remains to be seen if we’ll see more printer side effects.

    So ensure you have (for Windows 10/11) start/settings/update and security/advanced options/pause updates/choose the date of February 22 and then sit back and let’s see how February shakes out. In the meantime here’s a Valentine’s day poem from Kelley Robinson:

    Roses are red
    Violets are blue
    Turning on 2FA
    Is good for me and you

    Links to keep an eye on for those of you that want to dig through the weeds yourself – but as always we’ll be recapping the side effects in the newsletter and Master patch list so you don’t have to wade through all of the weedy stuff.

    Raw link from MSRC
    Dustin Child’s Security update review
    SANS patch recap
    Patch Tuesday dashboard
    Reddit’s Patch Tuesday megathread (lots and lots to dig through)

     

  • November patches here we come

    Here comes updates for November. Remember at this time I urge you to defer, not install UNLESS you have a test bed/good backup plan and you are one of the regulars that love to test for the rest of us to let us know how the patching looks.

    For those updating Macs, recently they fixed an issue where the Monterey release was bricking some machines with the T2 security chip.

    Peter Deegan over on Office-Watch has a post about how Microsoft is “aligning support of consumer OneDrive sync with the life cycles of the platforms.” Once again Windows 8.1 is the red headed step child of the operating systems and I’m not buying this “alignment” when it’s still fully supported for another year. We’ll have more on alternatives in an upcoming newsletter.

    I always link to resources like the Zero day blog, because to me it’s like the green start flag on the patching race. It’s now officially the release date. However here at Askwoody, we’re always flying the yellow warning flag to slow down, watch and be cautious.

    So far the only patch I’d urge business patchers to jump on is the Exchange security updates – and for that you first need to ensure you have a backup/a maintenance window to deploy updates/and recovery plans just in case. There are several Office bugs and make sure that you don’t open up attachments blindly – like Excel files. Finally there’s a bug in Remote desktop and for that there’s another “duh” workaround – make sure you don’t click on any RDP files offered or emailed to you.

    As always I’ll be looking for side effects and issues and will be reporting on them in the newsletter. Remember, you want to be the tortoise, not the hare when it comes to updating. Ensure your browser is updated, be a bit more paranoid about clicking, and stay tuned as I keep an eye out for the side effects and issues and report on them in the Plus newsletter.

  • September 2021 – it’s patch day!

    This week is clearly “patch the zero day” week.  Yesterday we had Apple, also Chrome fix several zero days.

    Today we have the Microsoft version.  Now while Adobe doesn’t have any zero days in their release bundle, if you are (still) a user of Adobe Acrobat or Reader, you’ll be getting and wanting an update.

    Today we are fixing the Microsoft zero day MSHTML vulnerability I wrote about the other day. If you used the registry key to protect yourself, when I give the all clear I’ll remind you to undo that.

    One thing I’m not clear on from initial read of my usual sources of Dustin Childs and Bleeping computer is the situation with the print spooler. There are more print spooler bugs being fixed – but are they the ones we were concerned about that were carried over from prior months that kept me urging you to keep the print spooler service disabled? I’ll be digging into that question.

    Stay tuned, deeper analysis by this weekend.

    As always for those that DO have a backup, like to be the beta testers for the rest of us, do let us know of any issues you see. In the meantime I’ll be watching and accumulating the facts – and not the rumors – as we always do here on AskWoody.

    Don’t forget to sign up for either the twitter alerts or the newly minted text alerts:

    Want to get alerted when the AskWoody MS-DEFCON status changes?

    MS-DEFCON Alert system

    If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

    Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

    Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

  • August updates causing issues with multi user QuickBooks

    Mitch McCarley reports that his clients are impacted by the August patches and multi-user QuickBooks.

    It looks like the August 2021 Windows Updates are causing an issue in QuickBooks.  We are unable to open QB in multi-user mode, and also QB is having a hard time opening QB data files on mapped drives.  Intuit Support said it’s a known issue possibly related to recent Windows Updates and there is no fix at this time.

    He went on to say

    There were a few issues:

    –  QB could not switch to multi-user mode.

    –  QB could no longer find the previously opened file.  When I tried to browse to the mapped drive, the mapped drive not listed under This PC in the QB explorer.

    –  With Network Discovery on and the required services enable, I could browse the network to the server and find the data file.

    –  I could open the file directly from the mapped drive.

    Intuit Support only knew there was “known issue probably related to a Windows Update”, but had no other details.

    I’m also still tracking issues with group policy deployed printers. Microsoft has made a mess of the printer deployment via group policy.  If you have v3 printer drivers they are prompting for administrative rights.  If you are an IT pro I’ll urge you to join the conversation on the patchmanagement.org list where everyone is still trying to figure out a solid solution.

    A reminder for home/consumer users: If the patch is installed and you have no issues with printing, leave the patch installed, don’t uninstall it.

  • Print spooler – here we go again

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481

    Just out right now.

    Here we go again: Yes, another Print spooler vulnerability, no patch yet. Not sure which platforms are vulnerable.

    So if you took mitigation such as disabling print spooler – leave it off.

    As we know more, you’ll know more.

    (Susan is saying… really? More Print spooler bugs?  Can’t we get them all fixed at the same time?)

    Edit 7/18:  New Windows print spooler zero day exploitable via remote print servers (bleepingcomputer.com) Even more print spooler bugs.

     

  • EFI Partition issues?

    Passing this along as a heads up… now mind you I have installed this patch on several machines with zero issues.  And point number two – remember ANY issue is recoverable if you have a backup.

    On a reddit thread, a poster is indicating issues with EFI partitions causing a no boot situation after the install of the July updates. An EFI partition is “The EFI partition (similar to the System Reserved partition on drives with the MBR partition table), stores the boot configuration store (BCD) and a number of files required to boot Windows. When the computer boots, the UEFI environment loads the bootloader”.

    Some things to keep in mind that monthly patches don’t move a EFI partition so I don’t think that’s what’s going on. When you have two EFI partitions that typically means you dual boot and I always consider a dual booting machine an advanced setup that you should consider a bit more carefully and ensure it’s backed up.

    I personally don’t dual boot, rather I use virtual machines as I feel it’s safer.

    But bottom line we’ll keep an eye on it and keep you posted.

     

  • July 2021 security updates are out

    Which means we wait and see how the month fares before dipping our toes into the patching waters.

    Remember the Print spooler patch that was released earlier this month is also included in this batch. Microsoft has included the fix for the USB label printers (Zebra/Dymo) but if you have any label printer it would be wise to hold off – or at least prepare yourself to uninstall if you have to.

    Exchange (email server) has another patch so if you are still patching an on premises Email server, heads up!

    As always, holler if you do see issues and report in when you don’t, as it helps to see how many come through okay.

    Windows 7 ESU folks have a servicing stack update.

    Resources to read in the meantime:

    Dustin Childs’ Zero day blog

    Firefox 90 is out

    Security updates for Firefox

    Bleeping Computer – 9 zero days fixed

    Edit 7/14/2021 – added links to Master Patch page (Plus members only)

    So far not seeing anything major trending at this time, keeping an eye on things.

  • Why you don’t want to reboot in the middle of an update

    I spotted this video yesterday – it’s a really good recap of why you don’t want to reboot in the middle of an update . Click on that link and he explains what’s going on behind the scenes.

    Once you watch it, come back and I’ll share some OLD technet blog links that discuss the concept as well.  Back in the days of Vista Microsoft made a major change to how the operation system was built and serviced.  At the time one of Microsoft’ engineers blogged about how some of the guts of the Windows servicing process worked.

    If you haven’t read his blogs, they are a good deep dive on the updating process.

    Servicing windows part one

    Servicing windows part two

    Then for those of you that remember this…. When Windows 7 sp1 first came out it laid a big fat egg when it was released. If you happened to install the service pack using WSUS it would leave your Windows 7 workstation unbootable into a lovely black screen.  A workaround some of us found was to edit the pending.xml file. Long story short this was not a good thing to do. As I recall the underlying trigger was that the service pack was supposed to be installed all by itself and because it was being approved with other updates, it triggered a reboot when it wasn’t supposed to. And for anyone who thinks patching quality has gone down, I honestly didn’t think it was all that great back then.

    Bottom line, it’s a nice reminder that there’s a lot going on under the hood as these patches are installed