Blog Archives

• Patch Lady – I like 1903

  Posted on June 5th, 2019 at 11:25 Susan Bradley Comment on the AskWoody Lounge

  Just the other day on CSOOnline I showcased the new security features in 1903.  I really like 1903 and (fingers crossed) I’m hopeful it will be the one we all soon settle on.  Notice the word soon.  I’m still not ready to install it on the office computers.  Test computers have it now, production machines, not yet.

  Until then keep an eye on the security enhancements and — newsflash – that sandbox feature only needs Pro to be enabled.

  Windows Patches/Security Patch Lady Posts

• MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed

  Posted on June 4th, 2019 at 01:47 woody Comment on the AskWoody Lounge

  If you’re running Windows 7, Vista, or XP — or Server 2003, 2008 or 2008 R2 — you need to get patched now. No, there aren’t any known BlueKeep exploits. But you don’t want to get caught with that ol’ “Kick me” sign stuck to your back. Tell  your friends.

  It’s also time to let nature run its course with the Win10 patches — don’t force anything, and rely on Windows Update to get you sorted out.

  I strongly advise against installing Win10 1903 at this point. It ain’t baked.

  Full step-by-step instructions in Computerworld Woody on Windows.

  Windows Patches/Security May 2019 Black Tuesday, MS-DEFCON 4

• Windows 1903 gets its first update

  Posted on June 3rd, 2019 at 02:19 Tracey Capen Comment on the AskWoody Lounge

  Microsoft’s most recent “feature release,” better known as Version 1903, received its very first patch — and it’s optional!

  What’s apparently fixed is the very thing that blocked my initial install of Version 1903. If an external USB device or SD memory card is plugged in, the device is reassigned to an incorrect drive letter during the installation process.

  See the full story in the June 3, 2019, AskWoody Plus Newsletter (Issue 16.20.0)

  Patch Watch, Windows Patches/Security AskWoody Plus Newsletter, Office, Patch Watch, patching, Windows

• How to move from 1803 to 1809 — and put off the upgrade to 1903 for a bit longer

  Posted on June 3rd, 2019 at 02:15 woody Comment on the AskWoody Lounge

  Good question from DMB:

  Was trying to follow your advice and do an incremental update to Win10 1809 rather than leap-frogging from 1803 to 1903.  Seemed like it was working, got most of the monthly updates, but stalled on what I think was the 1809 feature update at 100% complete. Shut down, updates uninstalled and then went to safe mode, restarted and decided to turn my update settings off again. I’m afraid if I leave it on, it’ll go to 1903, which is what I was trying to avoid. 1803 is fine but I’d still like to try and go to 1809 before 1903. Can I do that on Windows Update page? If so, can I trust them to install 1809 at this late stage?

  I’m not one to dwell on “toldja so,” but if you squirreled away a copy of 1809 when it was easy, you’d be in like Flynn right now.

  I’ve tested the upgrade method specifying “Semi-Annual Channel” with 0 days deferral in 1803, and I think it’ll give you 1809 – just stick that in the Upgrade Options box and click Check for updates. The problem is that I’m on the road, and don’t have my usual array of machines at hand. So I’m not 1000% sure it’ll work that way right now.

  Anybody out there running 1803 and want to confirm?

  UPDATE: @teroalhonen tweets:

  You can still download 1809 (Windows 10 October 2018 Update) ISO https://t.co/ZRdMMfCrUJ pic.twitter.com/RpjRr41F5P

  — Tero Alhonen (@teroalhonen) June 3, 2019

  Windows Patches/Security Upgrade 1803 to 1809

• New Windows 10 Windows Update explained

  Posted on June 1st, 2019 at 14:28 joep517 Comment on the AskWoody Lounge

  Ed Bott of ZDNet has published an article explaining the ins and outs of the new/revised Windows Update debuting with the Windows 10 May update (aka 19H1, version 1903) – Windows 10 version 1903: When will you get the next big feature update?. Don’t pay attention to the title there is an in-depth explanation of the Windows Update changes.

  As usual, Windows 10 Home users come out on the short end. They can not automatically defer any updates. All updates may be paused for a week at a time up to 35 days. On versions that have not yet reached their end-of-service date, feature updates are offered but are not installed automatically.

  Windows 10 Pro users can set deferral policies for both quality and feature updates. You can set these Windows Update for Business policies using the Windows 10 Settings app or by applying Group Policy.

  Enterprise and Education users have the same deferral policies as Pro users. Additionally, there is a 36-month servicing period for some versions.

  The biggest change though is that if you are running Home or Pro when a version nears its end-of-service date Microsoft will automatically upgrade the machine to the current release. In other words, end-of-service trumps deferral. Also, note that effective June 2019 there is only one servicing channel for Windows 10. That is the semi-annual channel.

  There is much more detail in the article. It behooves every Windows 10 user to read it.

  Windows News, Windows Patches/Security Win10 1903, Windows 10, Windows Update for Business, Windows Updates

• Yes, pirate copies of Win XP and Win7 can install the “wormable” BlueKeep security fixes

  Posted on June 1st, 2019 at 01:45 woody Comment on the AskWoody Lounge

  I’m seeing references to this all over the web, but it looks like pirated copies of Win7 will get the BlueKeep fix through Windows Update, and the XP patch (manually downloaded) will work on pirated XP machines, too.

  All of the articles I’ve seen refer to a statement by Paul Cooke, who used to be Director of Product Marketing for Windows Client at Microsoft. Nowadays, according to his LinkedIn profile, he’s Senior Manager of Identity and Access Management at Providence Health & Services in Renton, but anyway…

  Back in 2009, Cooke, writing on the now-defunct Microsoft Windows Security Blog promised us all:

  There seems to be a myth that Microsoft limits security updates to genuine Windows users.

  Let me be clear: all security updates go to all users.

  I’m not at all comfortable with a promise made by an ex-employee more than a decade ago, but if you’re wondering, that’s the promise everyone’s quoting these days, and that’s where it came from.

  I can find no more-recent corroboration, but I’d welcome anything you can uncover.

  Windows Patches/Security BlueKeep, Pirate Windows

• Where we stand with the May 2019 Windows patches

  Posted on May 30th, 2019 at 03:38 woody Comment on the AskWoody Lounge

  Whotta mess.

  Again.

  I was tempted to come up with a list of the days that we had new patches and patches of patches, and finally gave up. You’d be much better off listing the days that we didn’t have screwy patches.

  Details in Computerworld Woody on Windows.

  I should’ve made this more explicit… I think XP, Vista and Win7 customers (and their related Servers) should patch now, but there’s still no pressing reason to update anything else.

  Give it a few more days.

  Windows Patches/Security May 2019 Black Tuesday

• Update: The “wormable” Win XP/Win7 RDP security hole, BlueKeep, still hasn’t been cracked

  Posted on May 29th, 2019 at 14:32 woody Comment on the AskWoody Lounge

  Forgive me for joining the Chicken Little crowd a couple of weeks ago and recommending that all of you folks running

  • Windows XP (including Embedded)
  • Windows Server 2003, Server 2003 Datacenter Edition
  • Windows 7
  • Windows Server 2008, Server 2008 R2

  install the latest patches for the “wormable” RDP security hole. (Kevin Beaumont has taken to calling the security hole “BlueKeep” and it seems the name has caught on.)

  Fortunately, I’m not aware of any problems arising from installing the patches. Unfortunately (???), the pressing need just wasn’t there.

  Why? Ends up that turning BlueKeep into a real exploit is a very difficult job. According to Beaumont:

  There is no sign the BSOD proof of concept is being used in the wild, nor is there a public remote code execution exploit. (There’s lots, and lots, and lots of fake ones on GitHub).

  — Kevin Beaumont (@GossiTheDog) May 29, 2019

  I’ve asked every expert I can find about an obvious solution — isn’t it sufficient to simply turn off the Remote Desktop Protocol in the user interface? (In Win7, Start > Control Panel > System and Security > System > Remote Settings, in the System Properties dialog box, click Don’t Allow Connections to This Computer.) That, and/or blocking port 3389 (the port RDP uses by default) should be enough to keep any RDP-related malware at bay. At least, it appears that way to me.

  But I haven’t received a positive response from any of those experts. The ones who know ain’t sayin’. And the ones who probably do know aren’t willing to stick their necks out. It’s hard to fault them: Microsoft hasn’t provided any guidance on the matter, one way or another, so if blocking RDP ends up being insufficient — no matter how logical — there’s a lot of exposure to the person making the recommendation.

  I’ll keep you posted as I hear more, but it looks like the Sky Ain’t Fallin’.

  Windows Patches/Security BlueKeep
• « Older Entries

  Newer Entries »