Newsletter Archives

• Out of band .NET update?

  Posted on October 25, 2023 at 14:51 CDT by Susan Bradley • Comment in the Forums

  This time of the week and month we normally get the optional Windows updates to Windows 11 and 10. So far this week, I’ve yet to see the optional updates, however we got two interesting updates that were a re-release of some of the security updates released earlier in the month.

  https://support.microsoft.com/en-us/topic/-net-6-0-update-october-24-2023-kb5032874-c7206ee0-8768-496c-a122-eac43b8b85c9

  https://support.microsoft.com/en-au/topic/-net-7-0-update-october-24-2023-kb5032875-1c20c4da-3b7e-414f-b7e7-5947358c33d9

  Apparently they forgot to include the September fixes in their October releases.  “Microsoft is releasing an update to October 10, 2023 security release.  The .NET 6.0.24 release contain the security fixes from our previous September release that were missing in the October release.” Now not all machines may see this, you typically only get .NET 6 and 7 updates if something has installed these .NET versions on your machines.  I have not seen side effects, but anytime I see a re-release with a kinda dumb reason like this that showcases once again a lack of testing and follow up,  come on Microsoft you can do better.
  Bottom line if you got a restart this morning (and why a person in the office couldn’t connect to cellular on his Surface with LTE and called me this morning and I had him reboot and sure enough a .NET patch got installed), well there is your answer.
  Windows Patches/Security Master Patch List, Patch Lady Posts

• Master Patch List for 10-10-2023

  Posted on October 12, 2023 at 14:56 CDT by Susan Bradley • Comment in the Forums

  
  I’ve updated the Master Patch list for the October updates.  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.  This month the .NET 4.x updates do not have new security patches so it’s not mandatory to install them. That said .NET has been well behaved. I AM seeing KB5011048 .NET 4.8.1 being pushed to machines. Note this is a bit confusing and it’s making me scratch my head as well.  It was originally placed on Windows update back in June.  But clearly it’s been refreshed as of 10/10/2023.  As noted below it’s triggering multiple reboots.

  Windows 11 22H2 changes:  Rolled into the October updates as noted in September 26, 2023—KB5030310 (OS Build 22621.2361) Preview – Microsoft Support

  • New! This update introduces websites to the Recommended section of the Start menu. These websites will be personalized for you and come from your browsing history. This gives you quick access to the websites that are important to you. You can remove any website URL from the Recommended section using the shortcut menu. To turn off the feature, go to Settings > Personalization > Start. You can adjust settings for all recommended content on the Start menu on this Settings page. Commercial customers can manage this feature using a policy.

  Windows 10 22H2 if you made search smaller or got rid of it, this reintroduces the bigger search box.

  • From https://support.microsoft.com/en-us/topic/september-26-2023-kb5030300-os-build-19045-3516-preview-9d43fdfb-71a1-4a40-b217-4a43d4bd84db.  “New! This update brings back an improved search box experience on the taskbar. If you have a top, bottom, regular, or small icons taskbar, you will see the search box appear. You can use it to easily access apps, files, settings, and more from Windows and the web. You will also have access to the latest search updates, such as search highlights. If you want to restore your previous search experience, you can do that easily. Use the taskbar shortcut menu or respond to a dialog that appears when you use search.”  You can use group policy or set a registry key  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search to 0 in a GPO if you want to kill it off.

  Windows 10/11 may see multiple reboots this month.  Workstations are being pushed .NET 4.8.1 KB5011048 in addition to the other updates triggering a multi-reboot month.

  Issues installing update on Windows 10 — see Here

  Server 2022 adds Azure Arc server setup – see here.

  WSUS appears to not be detecting that Windows 11 machines need updates.  Still investigating this to see what’s going on.

  Windows 11 22H unmanaged PCs may start to see Copilot.  To disable this use Download reg file to disable Windows Copilot  I’ve seen it dribbled on some, but not all machines.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.  More details in Monday’s newsletter.  You are missing out if you don’t sign up. All content is human made with our own blood, sweat, tears, fingers and brain power and 100% AI free.  Therefore, if I’ve fat fingered any KB numbers or if you have any questions, as always post in the forums and I’ll follow up!

  Windows Patches/Security Master Patch List, Patch Lady Posts

• October updates – here comes Copilot

  Posted on October 10, 2023 at 12:21 CDT by Susan Bradley • Comment in the Forums

  

  Here we go again with the monthly updates for Windows.

  Just a reminder that end of life for Server 2012 and 2012r2 is hitting. You can opt for 0Patch, or plan on upgrading and migration.  See resources at this page.

  Already I’ve seen a “what the?”  In the notes of this patch it has   “To protect against CVE-2023-44487, you should install the latest Windows update. Based on your use case, you can also set the limit of the RST_STREAMS per minute using the new registry keys in this update.”

  This is related to that DDOS attacks vulnerability that has been discussed.  First off for consumers, this is NOT an issue. But for those in businesses, I’m going to have to digest this a bit and see if we can get a consensus as to when and where we might want to use these settings.

  IF you plan to be part of the patch Tuesday install today crowd (which I don’t recommend but I know that we do have beta tester folks) ALWAYS insure that you have a full backup BEFORE you install updates. Remember this October updates in the Windows 11 22H2 has the copilot code. Remember we CAN remove the icon from our computers – even Windows 11 Home machines.  I’ll be keeping track of the side effects on the Master Patch List page and start recapping the issues tonight as the reports come in.

  .NET only has security updates for core 6 and 7 , all others (4.81, 3.5 etc etc) have non security updates being released.

  Exchange is getting updates today – if you still do on premises email with an Exchange server you’ll want to read this post.

  Dustin Childs Zero day initiative blog

  Windows Patches/Security Patch Lady Posts

• Got a Windows configuration update?

  Posted on September 15, 2023 at 22:31 CDT by Susan Bradley • Comment in the Forums

  Did you receive a Windows configuration update that demanded a reboot?

  I got it at the office where my patches are normally controlled and I’m not 100% sure what the “configuration” was updating.

  I believe – but I’m not sure – it was a Moments release as the update history points to this page.

   

  

  If so, it really was not a great experience. No notification, just an alert I needed to reboot and not a great deal of information about exactly what was installed. Furthermore in my LONG experience with Windows, machines do weird things if patches are installed and machines are not rebooted so I really don’t like to see machines with pending updates.

  So did you receive this as well on your Windows 11 22H2? Let me know in the comments.  Needless to say I’ll be investigating as to why Microsoft handled this like this.

  Windows Patches/Security Patch Lady Posts

• Master Patch List for September 12, 2023

  Posted on September 13, 2023 at 23:22 CDT by Susan Bradley • Comment in the Forums

  
  I’ve updated the Master Patch list for the September updates.  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

  The updates are taking longer than normal to install. Many are reporting this, but it doesn’t mean anything bad is happening to your machine.

  Consumer tip:  If you are on Windows 11 and have any sort of third party menu or file explorer program, ensure that it’s up to date. If the start menu won’t launch be prepared to remove it. While I haven’t seen issues in my testing, it’s still too soon to be installing updates.

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Recommended
  • Windows 11 21H2: Will be recommended these get updated to 22H2 at the end of the month.
  • Windows 10 22H2: Recommended
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Patches/Security Master Patch List, Patch Lady Posts

• September patches, Apple headlines and Browsers!

  Posted on September 12, 2023 at 12:05 CDT by Susan Bradley • Comment in the Forums

  
  Lots of headlines today. Today is the day they hold their event to announce new product releases. Rumor has it that iPhone 15 will be announced.

  Next up is our usual release of security patches from Microsoft.  Remember today is the day that I start testing, and the rest of you hold back. We have adventurous souls on the site that also test and report back (and for that thank you!) .  In early review we have for Windows 11 in addition to security patches additional “enhancements” (annoyances?) such as “new hover behavior for the search box gleam, fixes an issue that impacts the search box size. It also “This update removes a blank menu item from the Sticky Keys menu. This issue occurs after you install KB5029351.”

  Remember for businesses, you need to be aware of the full enforcement phase for updates that impact Kerberos protocol changes. Before you install updates this month ensure you have reviewed your Domain controller event logs looking for Event 43 with the text “The Key Distribution Center (KDC) encountered a ticket that it could not validate the
  full PAC Signature. See https://go.microsoft.com/fwlink/?linkid=2210019 to learn more. Client : <realm>/<Name>” in the System law.

  Finally and in my mind, more importantly as an action item that I DO want you to do, is to launch each browser you have on any device and review that it’s up to date. Chrome has a zero day out and just released a fix for it. Firefox is out with 117.0.1 today. So regardless if you patch your operating system – whether that’s Windows, Mac, or various flavors of Linux, DO launch your browser, to into the settings and then about to make it ‘kick’ a self update.  Make sure you do this on all browsers today.

  Dustin Child’s zero day blog

  As a reminder I’ll be watching for bugs and side effects and will call them out on the Master Patch List page.

   

  Windows Patches/Security Patch Lady Posts, September 2023 Black Tuesday

• Master Patch List for August 8, 2023

  Posted on August 10, 2023 at 07:22 CDT by Susan Bradley • Comment in the Forums

  

  I’ve updated the Master Patch list for the August updates.  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

  So far trending issues are:

  8/8/2023:  Still in the process of testing and evaluating updates but be aware that I am seeing failures to install the Exchange server updates for Microsoft’s mail server see this post. Microsoft has pulled the update at this time.

  Consumer tip:  If you are on Windows 11 and have any sort of third party menu or file explorer program, ensure that it’s up to date. If the start menu won’t launch be prepared to remove it. While I haven’t seen issues in my testing, it’s still too soon to be installing updates.

  Business tip: On August 8, 2023, Windows Updates for Server 2022 will add options for administrators to audit client machines that cannot utilize LDAP channel binding tokens via events on Active Directory domain controllers.  (more info in the master patch list)

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Recommended
  • Windows 11 21H2: If you have a Windows 11 PC and are a gamer, recommended
  • Windows 10 22H2: Recommended
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Patches/Security Master Patch List

• August 2023 updates are out

  Posted on August 8, 2023 at 12:44 CDT by Susan Bradley • Comment in the Forums

  For Apple devices, while 16.6 was released back on July 24, your device may not have received them yet – or will be installing it shortly. As always, if you see any weirdness try turning the device off and then back on again.

  August is BlackHat and Defcon – the big security conferences held in Las Vegas and this month is a BIG release for security patches as well.

  We STILL do not have a patch for all affected version of Office/wordpad for last month’s security vulnerability in Office/html (if you remember it was patched in the M365 versions but not all) instead we have an advisory.

  Exchange mail servers have a patch.

  .NET’s have security updates.

  More in next weeks newsletters.  For now I start testing on my canary machines and you – you just hang tight and defer those updates.

  Windows Patches/Security August 2023 Black Tuesday, Patch Lady Posts

• Are you seeing multiple reboots?

  Posted on July 15, 2023 at 23:14 CDT by Susan Bradley • Comment in the Forums

  For those running Windows – if you’ve gone ahead and installed the July updates, are you seeing more than one reboot?

  (Note I am not recommending that you install the updates at this time, I’m just noting something I’ve seen and wanting to know if those of you that HAVE installed updates have seen this behavior?) Because the .NET updates do not include any new security patches but do fix an issue with X509 certificates, I think what is going on is that the reboot sequence isn’t set up correctly by Microsoft and it will want to reboot after the cumulative update and then again when the .NET updates are installed.

  Note in a corporate setting where you may not approve the .NET patches, you should only see a single reboot.

  Note it doesn’t hurt anything, just slightly annoying and causing you to have to be more patient this month.

  So are you seeing this?

  Windows Patches/Security Patch Lady Posts

• Master Patch List as of July 11, 2023

  Posted on July 12, 2023 at 22:36 CDT by Susan Bradley • Comment in the Forums

  I’ve updated the Master Patch list for the July  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

  So far trending issues are:

  Consumers:

  Windows 11 updates include fixes for gaming quality mice.

  Business side effects:
  

  If you have external email banners set up for Outlook clients that are suddenly missing after the last update to Outlook. try adjusting the colors .
  Manual registry keys have to be deployed to be fully patched. Testing the impact and will report back. I do not see this as a concern for consumers just potentially targeted businesses.

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Recommended
  • Windows 11 21H2: If you have a Windows 11 PC and are a gamer, recommended
  • Windows 10 22H2: Recommended
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Patches/Security Master Patch List, Patch Lady Posts

• Attack surface reduction rule triggers a mess on Friday the 13

  Posted on January 13, 2023 at 09:00 CST by Susan Bradley • Comment in the Forums

  

  #Fridaythethirteenthmess

  Microsoft 365 Status on Twitter: “The revert is in progress and may take several hours to complete. We recommend placing the offending ASR rule into Audit Mode to prevent further impact until the deployment has completed. For more details and instructions, please follow the SI MO497128 in your admin center.” / Twitter

  If you set up the Attack surface reduction rule to check Office macros, you have woken up to missing shortcuts. It appears to have been triggered after a defender update. Note this will only occur IF you have attack surface reduction rule enabled. On machines where this is not set, no issues will be seen using Defender.  It is just those with ASR rules enabled.

  The specific rule causing this is

  Block Win32 API calls from Office macros

  Rule-ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b

  In Intune or group policy set the rule to audit if Microsoft hasn’t done it for you already.  Now how to deal with the missing shortcuts?

  Emin reports that “If you’ve volume shadow copy enabled, you can find these shorcuts in a VSS snapshot. I still use nowadays this code whenever I’ve to mount/dismount VSS snapshots. https://p0w3rsh3ll.wordpress.com/2014/06/21/mount-and-dismount-volume-shadow-copies/

  Alternatively you can get the shortcuts from Onedrive if the Desktop synchronization was enabled.

  Microsoft’s guidance here:

  I’ll also note this on the Master Patch list – but it’s NOT exactly patch related side effect.

  Windows Patches/Security Master Patch List, Patch Lady Posts

• So how do you get to 21H2 without 22H2?

  Posted on November 4, 2022 at 21:26 CDT by Susan Bradley • Comment in the Forums
  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Not recommended
  • Windows 10 21H2: Recommended

  That’s my current recommended versions of Windows 10 and Windows 11.  But how do you get to just 21H2 without installing 22H2?

  Easy. EITHER use the registry keys/group policy showcased here:

  Or use the tool at Incontrol. I consider this a bit easier to use.

  

  You download the tool and choose the version and release you want.  It will keep your machine at just that version and Microsoft won’t push you to 22H2.

  Now right now before next Tuesday, if you get offered 21H2 in the update window go ahead and install it and then set your deferral window to push off updates.

  If you purchased a Windows 11 computer and want to keep it on 21H2, use the same tool and pick version Windows 11 and then Version 21H2.

  Windows 10, Windows Patches/Security Patch Lady Posts
• « Older Entries

  Newer Entries »