Newsletter Archives

• Friday night quick patching recap for business patchers:

  Posted on February 13th, 2021 at 00:03 Susan Bradley Comment on the AskWoody Lounge

  Friday night quick patching recap for business patchers:

  Windows Server 2016 SSU – has been recalled and been replaced with KB5001078.  This fixes the issue where the cumulative update got stuck at 24%.

  Source:  Windows 10, version 1607 and Windows Server 2016 | Microsoft Docs

  1909 received a replaced February release that fixes an issue with Wifi in the form of KB5001028

  Source:  Windows 10, version 1909 and Windows Server, version 1909 | Microsoft Docs

  All .NET updates may trigger issues with applications and games

  Source:  Windows 10, version 1803 | Microsoft Docs

  February updates enforced secure logon for the Zerologon issue.  If you have Windows 7/Server 2008 even without ESUs these still connect to your domain.  Windows server 2003 will probably fail.  You will need to disable signing enforcement if you have any non compliant devices.

  KB: How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (microsoft.com)

   Monitoring script: Script to help in monitoring event IDs related to changes in Netlogon secure channel connections associated with CVE-2020-1472 (microsoft.com)

  All of these issues will be discussed in detail in NEXT week’s patch watch.  I’ll be doing a consumer patching overview this weekend in the newsletter and business patching in the Plus newsletter next week.

  Windows Patches/Security February 2021 Black Tuesday, KB5001078, Patch Lady Posts

• 1909 get out of band KB5001028

  Posted on February 11th, 2021 at 12:09 Susan Bradley Comment on the AskWoody Lounge

  An out-of-band update has been released to address an issue when making WPA3 Wi-Fi connections on a small number of devices on Windows 10, version 1909 and Windows Server, version 1909. More details can be found here: https://t.co/XJY5e2mSTj

  — Windows Update (@WindowsUpdate) February 11, 2021

   

  Well that’s one way to fix the issue where 1909 consumer machines were not seeing that update… it’s now detecting a February release

  

  Windows Patches/Security February 2021 Black Tuesday, Patch Lady Posts

• Server patchers – issues with KB4601318

  Posted on February 11th, 2021 at 08:46 Susan Bradley Comment on the AskWoody Lounge

  KB4601318 fails to update, fails at 24% Windows Server 2016 – Microsoft Q&A

  Just a heads up for those doing patching on Server 2016.  Reports from multiple locations indicate that KB4601318 and possibly KB4535680 get stuck at 24% and won’t install.

  There are some manual workarounds listed in that thread, but you may want to hold back until this installation issue is fixed.

  Edit of 2-12-2021 – Mark Berry reports in the comments:

  “https://support.microsoft.com/en-us/topic/february-9-2021-kb4601318-os-build-14393-4225-c5e3de6c-e3e6-ffb5-6197-48b9ce16446e

  This post now confirms, “KB4601392 has been removed and will no longer be offered to devices. We are working on a resolution and will provide an update in an upcoming release.

  Windows Patches/Security February 2021 Black Tuesday

• Feb 2021 patches so far

  Posted on February 9th, 2021 at 21:51 Susan Bradley Comment on the AskWoody Lounge

  We are still in watch and wait mode for February updates.  I’ll be waiting and testing and let you know what we find.

  So far I don’t see 1909’s being offered up today’s security update. For those of you on 1909 are you seeing that as well?

  For those of you that are business patchers here are some links to follow:

  Microsoft Windows Security Updates February 2021 overview – gHacks Tech News

  Zero Day Initiative — The February 2021 Security Update Review

  Microsoft February 2021 Patch Tuesday (sans.edu)

  The zero day bug that I talked about yesterday is an elevation of privilege bug.

  The other bug that everyone is buzzing about is this one: Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 – Microsoft Security Response Center  “Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic.”

  For you and I, I don’t see this one has being horrific.  Blue screens of death while not something any of us want, doesn’t mean that the attacker has gotten our data. And we normally do not have our machines straight on the Internet but rather behind routers and firewalls. For now, just make sure you have a backup and look for the full analysis in this week’s Plus newsletter.

  Action plan as of right now:

  • Waiting/Backing up mode for home users.
  • Testing mode for business users.

  Note:  They’ve released the .NET patch with a known crashing issue February 9, 2021-KB4601050 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2 (microsoft.com) that impacts Visual Studio 

  Windows Patches/Security, Windows Security February 2021 Black Tuesday, Patch Lady Posts

• MS-DEFCON 2: Time to make sure you are pausing Patches

  Posted on February 8th, 2021 at 19:47 Susan Bradley Comment on the AskWoody Lounge

  It’s that time again. Tomorrow is Patch Tuesday (*) and it’s time to pause updates.

  There’s no reason to rush out updates this week.  Make sure your computer is set to pause updates or have set a date for deferred installs. If you are unsure how to do a deferral I have a post and a video with instructions. Also make sure you have a backup. I’ll be posting up a video how to next weekend.

  I’ve been warned that there is a zero day to be patched in tomorrow’s updates, but that’s all the information I have at this time. As always, visit us here and we’ll keep you informed.

  (*) Yes I realize that for some of you it’s Patch Wednesday but the ‘slang’ for the day when patches come out normally ties it to the Redmond time zone.  Patches normally start getting published around 10 to 11 a.m pacific time.

  Windows 10, Windows Patches/Security February 2021 Black Tuesday, MS-DEFCON 2

• Barb Bowman reports preview NET kicks reboot

  Posted on February 3rd, 2021 at 08:57 Susan Bradley Comment on the AskWoody Lounge

  .@WindowsUpdate why did this preview .NET update install automatically (and requires a reboot)?  – @SBSDiva pic.twitter.com/DOqieUVaKu

  — Barb Bowman 🌷 (@barbbowman) February 3, 2021

  Barb Bowman reports that on her 20H2 that she received the preview .NET update KB4598299 and it kicked a reboot.

  (In other news the OTHER C/D patches for 2004 and 2oH2 KB4598291 came out yesterday as well.

  Barb reports she’s seeing this on multiple PCs.  Are you?  I’m not yet on this one.  Remember don’t click on “check for updates”, merely just go view the windows update section.

  Windows 10, Windows Patches/Security .NET preview, KB 4598291, KB 4598299, Patch Lady Posts, Win10 20H2

• MS-DEFCON 4 – Make sure January updates are installed

  Posted on January 31st, 2021 at 10:15 Susan Bradley Comment on the AskWoody Lounge

  It’s time to make sure January updates are installed. More details are in the AskWoody Plus newsletter out  tonight/tomorrow (sign up for it here).

  I’m recommending that Win10 Home and Pro users move to version 2004 (or 20H2) if you haven’t already done so.  Remember you can set the Targetreleaseversion setting and make sure you only get to the version you want.

  I also have advice and information about the supposed NTFS “bug” upcoming Computerworld.  Stay tuned!

  Windows Patches/Security January 2021 Black Tuesday, MS-DEFCON 4

• Zero day Windows 10 bug

  Posted on January 16th, 2021 at 18:48 Susan Bradley Comment on the AskWoody Lounge

  Topic: A Zero-day Windows 10 bug corrupts your hard drive on seeing this file’s icon @ AskWoody

  This is one of those … okay let’s be careful out there…. bugs.

  Alex points to a Windows 10 bug that is triggered by merely extract the zip file or look at a folder that contains the malicious shortcut.

  Remember whenever you get something via email that you didn’t expect, don’t open it.  If you are really curious, check out the file or link on www.virustotal.com or www.reverse.it

  Security researcher Jonas L first warned about the bug earlier this week, describing it as a “nasty vulnerability.” Attackers can hide a specially crafted line inside a ZIP file, folder, or even a simple Windows shortcut. All a Windows 10 user needs to do is extract the ZIP file or simply look at a folder that contains a malicious shortcut and it will automatically trigger hard drive corruption.

   

  Edit:  I spotted on Windows 10 NTFS $i30 File Corruption | AttackerKB

  Attackers can remotely exploit this vulnerability to make Windows think a drive is corrupted even though it is not. Successfully resolving this issue will require users to reboot Windows and run a disk check on the corrupted drive, after which Windows will be convinced that the drive is no longer corrupted.

  It’s not really corrupted after all.

  Windows 10, Windows Patches/Security Patch Lady Posts

• Security update for Secure Boot DBX can be skipped (KB4535680)

  Posted on January 16th, 2021 at 11:32 Susan Bradley Comment on the AskWoody Lounge

  Security update for Secure Boot DBX can be skipped (KB4535680)

  Just a heads up – this  will be in the Plus newsletter later on this weekend but due to the severe impact it had on my Saturday morning for one of my HyperV servers I’m going to post it here as an advanced heads up:  the KB4535680 causes a “double reboot” on machines and for those folks that manage HyperV servers this has a VERY nasty side effect:

  It puts your HyperV machines in “saved” state.  In order to recover I had to reboot the host an additional time – even had to hard reboot it as it was stuck on shutting down the HyperV management services.  Once it rebooted it let me restart the virtual machines but then I had to reboot the VMs to get them back behaving.

  “If you have Windows Defender Credential Guard (Virtual Secure Mode) enabled, your device will restart two times.”

  

  I don’t have that enabled.  I DO have HyperV.  I’m also recommending that you skip it on consumer machines as well.  If you are in charge of nuclear weopons or state secrets, then maybe install it.  For us mere mortals. it’s a skip.  If you ended up installing it anyway and had no issues, don’t remove the update.  But for us that patch HyperV (servers that host other servers) this one is VERY disruptive.  BornCity has a write up on it as well.

   

   

  Windows Patches/Security KB 4535680, Patch Lady Posts

• Windows 7 ESU year two oddities

  Posted on January 15th, 2021 at 21:45 Susan Bradley Comment on the AskWoody Lounge

  According to the thread in the Microsoft Tech Community:

  Year two: Extended Security Updates for Windows 7 and Windows Server 2008 – Microsoft Tech Community

  Here are some interesting things about the Year 2 ESU license.

  Oddity number 1:  While you can’t buy year 2 of the ESU without having an existing (or new) order for year 1 on your account, you can install the year 2 ESU without and having the year 1 ESU installed.  I guess you’d have this situation if you were reinstalling/rebuilding a Windows 7 machine.

  Oddity number 2:  We don’t think there is a “test” update like last year.

  Overall, I have less clients this year asking for these ESUs as they’ve replaced many of their machines with Windows 10 in the past year.

  Windows 7, Windows Patches/Security Patch Lady Posts, Win7 ESU

• January 2021 updates are here

  Posted on January 12th, 2021 at 13:07 Susan Bradley Comment on the AskWoody Lounge

  So this is the time of the Patch Tuesday that I call “Reading time”.  I start reading all the security blogs about patching and start seeing if there are side effects.

  Ghacks is here.

  ZDnet is here

  Zeroday is here

  I don’t see an official listing for Office patches at this time, I’ll post that when I see it.

  So far the items of interest are Defender having a bug that was probably already fixed on your machine.

  The .NET patches that really only include optional updates and not NEW security updates which means they may be offered up to you but you don’t have to install them (making them somewhat confusing).

  Of more concern to me is once again we have to dig into the details… as Dustin Childs said… ” Again, without executive summaries, we can only speculate the true severity of these bypasses.”

  Edit:  I STILL see Office 2010 updates out today.

  https://support.microsoft.com/en-us/help/4493186/security-update-for-excel-2010-january-12-2021

  https://support.microsoft.com/en-us/help/4493143/security-update-for-office-2010-january-12-2021

  https://support.microsoft.com/en-us/help/4493142/security-update-for-office-2010-january-12-2021

  https://support.microsoft.com/en-us/help/4493181/security-update-for-office-2010-january-12-2021

  https://support.microsoft.com/en-us/help/4493145/security-update-for-word-2010-january-12-2021

  Edit: Updates are now also available for Office 2013 and Office 2016.

   

  Windows Patches/Security January 2021 Black Tuesday, Patch Lady Posts

• MS-DEFCON 2 – Get ready for January updates

  Posted on January 11th, 2021 at 10:33 Susan Bradley Comment on the AskWoody Lounge

  Remember it’s time to prepare for January updates by delaying /or pausing updates.  Also I’m ready to give the all clear to 2004 if you want to do it before tomorrow’s patch Tuesday (or later on in the month).

  More in Computerworld.

  Windows Patches/Security January 2021 Black Tuesday, MS-DEFCON 2
• « Older Entries

  Newer Entries »