Newsletter Archives

• MS-DEFCON 3: Ready or not, it’s time to update

  Posted on October 26th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.41.1 • 2021-10-26 By Susan Bradley It’s not exactly an all-clear. Normally, this is the time in the update cycle when I give an all-clear. It’s when most, if not all, of the side effects of patches have been identified. This month, unfortunately, there are still issues. However, that doesn’t mean I don’t want you to install updates. Even though there are documented problems with network printing after the October updates, they are not widespread. Many system administrators report that printing problems most often occur when the operating system of the server hosting the print server is older — and possibly unpatched — while the workstations are newer platforms that are patched. Therefore, after installing the updates in your peer-to-peer network, Make testing printing your first step. If you can print, leave the updates installed and pat yourself on the back — you survived October. If you are impacted by the October updates and do have printing issues, consider your situation carefully before you uninstall and block updates. There are several vulnerabilities included in the October updates, one of which, CVE-2021-40449, has been used in targeted malware attacks to elevate privileges on a system. My ongoing philosophy is that when the risk of being unpatched is higher than the risk of applying a patch, it’s time to install updates. I also don’t want to go a month without installing an update unless the reasons for doing so are very clear. I’ve installed the October updates at my home and office, including a collection of Ricoh network printers as well as stand-alone Brother, HP, Lexmark, and Canon printers (black-and-white as well as color printers). I’ve had no issues printing after installing the October updates, whether at home or office. I have mixtures of server operating systems including Server 2019, Server 2016, and Server 2012 R2 as well as Windows 10, plus a Windows 7 system under extended security patches. In short, just because you read in the headlines that we’re seeing printing issues doesn’t mean that you will have issues. Consumer and home users For those of you in a home setting, install updates now and immediately test for printing issues. My best guess is that you’ll be fine, with no problems. As mentioned above, everything is good at my house. Business users I’m sorry to say that business users must not be so sanguine — you are more likely to experience problems. If you do, there are several options. The first (which I’d rather you not do) is to uninstall the updates and block them (pause updates) until next month. The second is to install one of the preview updates that Microsoft will be releasing soon, especially if you are having issues deploying printers using Internet Printing Protocol. Microsoft has already released KB5006744 for Windows 10 1809, which includes a fix for: Addresses a known issue that might prevent the successful installation of printers using the Internet Printing Protocol (IPP). This month, there’s no clear resolution. You may have no issues at all with the October updates. You may have issues printing. If you are required to patch, and you end up having issues printing, I’d urge you to install the preview updates that I’ll be listing in the Master Patch List. If that doesn’t work, ensure that you understand the risks involved in not being patched this month. *Edit 10/26/2021 – Microsoft released KB5006738 for 21H1, 20H2 and 2004. It includes printing fixes that may help the issue. If you are impacted, install it and see if it helps. Bottom line: install the updates, see whether you can print. If you can, pat yourself on the back. If you can’t, prepare yourself for a bit of testing and hassle. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.41.1 (2021-10-26).

  AskWoody Plus Alert, AskWoody Plus Newsletter, MS-DEFCON AskWoody Plus Newsletter, MS-DEFCON, MS-DEFCON 3, Patch Lady Posts

• October Patch Day – MS DEFCON 2 – here comes Win 11

  Posted on October 12th, 2021 at 12:36 Susan Bradley Comment on the AskWoody Lounge

  Dustin Childs is first of the block with his October 2021 security update review.

  And yes Virginia, we have security updates for Windows 11.

  There is one bug that is reported as being used in targeted attacks, however it did not impact Windows 11.

  Microsoft is already fixing some bugs in Windows 11:

  “Compatibility issues have been found between some Intel “Killer” and “SmartByte” networking software and Windows 11. Devices with the affected software might drop User Datagram Protocol (UDP) packets under certain conditions. This creates performance and other problems for protocols based on UDP. For example, some websites might load slower than others in affected devices, with videos streaming slower in certain resolutions. VPN solutions based on UDP might also be slower.”

  That should be fixed in today’s release.

  As usual – we are at MS DEFCON – 2 – meaning that “Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it”.  We’ll be watching for side effects in the meantime.

  Edit 10-12-2021:  Starting to see smatterings of printer issues again. One thing to keep in mind, make sure all servers and workstations get updates and are rebooted at the same time.

  Edit: 10-15-2021:  Seeing more than “smatterings” of issues with printers.  <sigh> Hang loose as we figure out workarounds.

  A reminder — You can be alerted automatically when the MS-DEFCON level changes, in one of two ways.

  Twitter:  Sign up for Twitter and follow the defconpatch account. Then set up notifications in your Twitter app so that you get alerted when the account tweets a change.

  Cell phone notifications via text: If you are a Plus Member, you can sign up for our SMS text alert service. To cover the extra costs associated with the hosting and SMS service for this exclusive benefit, we ask for a small fee of your choosing. One you have signed up you’ll get a text message whenever the MS-DEFCON level changes.

  MS-DEFCON, Windows 11, Windows Security Patch Lady Posts

• MS-DEFCON 2: October updates right around the corner

  Posted on October 8th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.38.1 • 2021-10-08 By Susan Bradley Enjoy the fall season — take a break from patching! With the October updates bearing down upon us, it’s time to take a break. Wrap up patching and updating from September, and prepare your PC to delay the upcoming patches. For those of you still on Windows 10 2004, this is an excellent time to upgrade to 21H1 and let it settle in. As for Windows 10 21H2, we still don’t have a definite date. Windows 10 will be fully supported until 2025, but it’s still unclear whether Microsoft will be switching to an annual feature-release schedule, as with Windows 11, or keeping the twice-per-year cadence we’ve had for the past five years. Consumer and home users Based on the information I have now, I will probably sound the all-clear for consumers to install this round of updates on or after October 26. Go into Start, Settings, Update and Security, and Advanced options. In the Pause Updates section, pick October 26 from the drop-down menu. If you’ve installed the September updates for Windows 10 2004, 20H2, or 21H1, including KB5005565, you can turn your print spooler service back on and use your printer normally — Microsoft has finally fixed its Print Nightmare bugs. It’s safe to turn it on and leave it on (we hope). Business users For businesses, I’ll urge you to unofficially shoot for deploying updates a week earlier on October 19. Every time I’ve tried to urge businesses to patch earlier than consumers, we’ve hit side effects and needed to wait for workarounds. This is also the time to be testing — but not deploying — Windows 11. Microsoft started releasing Windows 11 as it became Tuesday, October 5, in each time zone around the world. All the tools that help us control, patch, and deploy Windows 10 will also be used to control, patch, and deploy Windows 11. Microsoft is releasing much of its Windows 11 content and will be updating it as more information comes out. Tuesday marked the start of the 36-month servicing-support lifecycle for Enterprise and Education editions of Windows 11. The Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 will receive 24 months of servicing support. But I see no need to rush into Windows 11 — it’s a time to watch for side effects and issues. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.38.1 (2021-10-08).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Windows 10, Windows 11

• MS-DEFCON 4: The printing issues continue

  Posted on September 28th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.37.1 • 2021-09-28 By Susan Bradley Printing or security — you decide We’re back to reasonable levels of safety and of understanding the nature of recent updates, so I’m recommending the resumption of update installation — but not without some major caveats. Sadly, there are still some side effects with printing, which is getting to be an annoying trend. It’s been months now. These updates also include new and expanded categories plus registry keys that allow you to officially defer Windows 11 and then choose to push off the upcoming 21H2 release. More about that later. Consumer and home users I haven’t seen printing problems with directly attached printers, the most likely scenario for home users. Therefore, I recommend applying the September updates now. The reason is that this month’s updates include expanded sections to choose various versions of Windows 10 or Windows 11 and specifically block what you don’t want. For those of you on Windows 10 Professional, after installing the September updates you’ll be able to click on the search box and type in “edit group policy.” Next, scroll down to Computer Configuration, Administrative Templates, Windows Components, Windows Update, and Windows Update for Business. Find the setting for Select the target Feature Update version. Click on Enabled, fill in the product version in the first box (“Windows 10”), and then the feature release version you want to keep. Of course, Windows 10 Home can’t do group policy. Instead, use registry keys to defer Windows 11 and stay on the version of Windows 10 you want. You’ll be adding a value under HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate Manually add the values “TargetReleaseVersion”=dword:00000001, “ProductVersion”=”Windows 10”, and “TargetReleaseVersionInfo”=”21H1”. I’ve made it easier for you by including links to download these registry keys. If you want to stay on 21H1, click on this link and install it on your system. If you plan to let your machine upgrade to 21H2, click on this link. And if you leave the setting alone and do nothing, and your computer does not have the hardware capabilities for Windows 11, you will not be offered the upgrade. If you do have hardware that can handle Windows 11, you’ll be offered — but not pushed to — Windows 11. Business users First the good news: Microsoft has finally acknowledged what we’ve known for weeks now — its updates trigger issues if your users do not have administrator rights. The bad news is that it hasn’t yet acknowledged the issues we’ve seen this month, nor are any fixes planned. Microsoft will only urge us to Verify that you are using the latest drivers for all your printing devices and where possible, use the same version of the print driver on the print client and print server. Microsoft indicates that the trigger is … caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file. But here’s the problem: We never installed a newer driver on the server. We did nothing but install the software update to the server. I know that many of these notifications are triggered by the use of v3 (older) printer drivers versus v4 printer drivers. If you cannot upgrade to v4 drivers, you have a couple of options to “re-push” out drivers to fix this issue. Unfortunately, in this era of cumulative updates you can’t break out the parts of the update you want from the parts you don’t want. So if you don’t install this update this month, you put your business at risk from MSHTML-based ransomware attacks (CVE-2021-40444).  If you make the decision to not install these updates, make sure you use the registry keys I wrote about earlier to block the MSHTML vulnerabilities. Don’t go unpatched and unprotected. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.37.1 (2021-09-28).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Newsletter, MS-DEFCON 4, Patch Lady Posts, printing

• Real-time MS-DEFCON alerts debut!

  Posted on September 20th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.36 • 2021-09-20

  MS-DEFCON

  

  By Susan Bradley

  The new AskWoody SMS alert system is now available for Plus members.

  The MS-DEFCON system has been a staple of the AskWoody site for many years now. You know it as a visual system of numbers and colors that provides a quick indicator of the relative safety of applying updates (patching) to Windows and other Microsoft apps and services.

  Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).
  This story also appears in the AskWoody Free Newsletter 18.36.F (2021-09-20).

  AskWoody FREE Newsletter, AskWoody Plus Newsletter, MS-DEFCON AskWoody Plus Newsletter, MS-DEFCON, Patch Lady Posts

• MS-DEFCON 4: All clear for consumers, less so for businesses

  Posted on August 25th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.32.1 • 2021-08-25 By Susan Bradley This month has been a bit bumpy for business users needing to print. This month’s change to a technology called “Point and Print” has triggered side effects for information technology professionals who deployed workstations without administrator rights. Although I’m reluctantly recommending installing these updates, because you need to be protected from all the other vulnerabilities this month, I must acknowledge that even after you patch, you still won’t be protected from printer vulnerabilities. There is yet another Print Spooler issue out there. Right now, the only way you can protect yourself from the remote Print Spooler attack described by CVE-2021-36958 is to keep your Print Spooler service disabled unless it is absolutely needed. Consumer and home users Install the August updates. In a change to my past update recommendations regarding .NET, I now recommend installing the .NET updates as well. For the last year, I’ve not experienced any side effects with the nonsecurity .NET updates and feel confident about their safety. I’ve also not been tracking any side effects with Chromebook 92 after its release on August 2. Unlike last month, there’s been no need to roll back this version. Business users For those of you in charge of business patching, there’s no good resolution for the side effects of the August updates, not to mention the risks of the unpatched Print Spooler vulnerability. If you deploy print drivers using group policy and your users do not have administrator rights, they are being prompted to install a printer-driver update even though the printer driver has not changed — the only thing that has occurred is that the patch was installed. You can deploy a registry key to HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint with the name RestrictDriverInstallationToAdministrators and a DWord value of 0, but unfortunately, this opens up your workstations to attack. It’s not a good solution. The root cause appears to be v3 versions of printer drivers. In the short term, I recommend several possible solutions. Temporarily allow administrator rights via group policy to allow your end users to install the updated print driver, and then revert them back to non administrator rights. Use the registry key workaround (above) that will allow printer drivers to be installed, with full knowledge that this opens your machine up to attack. Review the printer drivers you have installed and ensure that they are v4 and not earlier versions. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.32.1 (2021-08-25).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts

• DEFCON 2 – August updates include Print Spooler fixes

  Posted on August 10th, 2021 at 12:12 Susan Bradley Comment on the AskWoody Lounge

  And they are out…..

  August updates include fixes for the Print spooler bug that wasn’t quite fixed last month so if you disabled the print spooler as a precaution you can re-enable it.  (1) For businesses, I’d recommend that you leave it off on your domain controllers and only turn it on machines and servers where you absolutely need it.

  I’ll be researching and reading and testing and as always more details will be in the newsletter this weekend.

  Until then:

  1. Ensure that your backup software is functional and you have a good solid backup. If you have any questions, remember to visit our forums.
  2. For those of you with spare machines, use this time to test the impact. Given that we know it’s fixing issues with the print spooler software – remember specifically to test printing and scanning.

  Resources to read:

  https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-print-spooler-printnightmare-vulnerability/

  https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug

  https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review

  Point and print driver change

  edit 8/12/2021 (1) Leave it disabled or keep your extra paranoid surfing level enabled , it’s still not fixed.

  MS-DEFCON, Windows 10 August 2021 Black Tuesday, MS-DEFCON 2, Patch Lady Posts

• MS-DEFCON 2: Get ready for battle stations

  Posted on August 6th, 2021 at 02:45 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.29.1 • 2021-08-06 By Susan Bradley The annual security conference known as Black Hat is in the bag, and we are (well, I am) anxiously awaiting the next bugs that will rear their heads, based on the headlines that came out of the conference. Topics like Print Spooler bugs, Mac privacy bugs, and encryption platform attacks were just some of the headline topics that I expect to result in a new wave of patches — not just for Windows, but for almost every device. Consumer and home users In preparation for Patch Tuesday, I recommend that you take the usual actions to defer, pause, block, and just avoid updates for the operating system and Office apps. I suggest deferring until at least August 24. As always, we’ll keep an eye on side effects and issues. Remember, there are several ways to defer updates. The easiest way, in my opinion, is to click on Settings, Windows Update, Advanced Options, and then choose August 24 in the “Pause updates” section. When that clock runs out, updates will install automatically. Alternatively, use WuMgr to selectively install updates. Of course, as I always recommend, take the time to back up your system. Chromebooks should have been updated to 92.0.4515.130. It includes an improved version of Zoom as well as several other useful bug fixes. The Apple camp is still in beta testing mode on Monterey, and it’s anticipated that the release will be in September. In the meantime, you can keep up with the latest news on that beta in our forums. Business users What concerns me most is the “Microsoft Won’t-Fix-List (July 2021 Edition)” that a security researcher started in July of 2021 to document all the items that Microsoft hadn’t fixed by the end of July. Note that this list does not include all “won’t fix” items, just the ones that occurred during the month of July. I’m hoping that we see more of these issues fixed, especially those related to Print Spooler bugs. Those bugs keep me nervous about having the Print Spooler service enabled. I continue to recommend that you enable the Print Spooler service only on those computers and servers that absolutely need it for business operations. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.29.1 (2021-08-06).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, Patch Lady Posts, Patch Watch

• MS-DEFCON 4: Get those June updates installed

  Posted on June 24th, 2021 at 02:50 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.23.1 • 2021-06-24 MS-DEFCON 4: Get those June updates installed By Susan Bradley It’s time to deal with “News and Interests.” Consumer and home users If you’ve been procrastinating with the June updates so you didn’t have to deal with the new “News and Interests” feature and its side effects, the time has come. Microsoft has released KB5003698 to fix issues with blurry images in 1909 for Enterprise. Windows 10 2004/20H2 and 21H1 received KB5003690 to fix the blurry text on the News and Interests button for some screen resolutions. KB5003690 also fixes a problem with search box graphics on the Windows taskbar, which occurs if you right-click the taskbar and turn off News and Interests. This graphics issue is especially visible when using dark mode. If it is a problem for you, install this optional update. There are other issues to work out, such as interactions with the desktop if you are using Classic Shell or other menu programs. AskWoody readers have noted cases in which sign in to customize the news selections did not work. If you have problems with the News and interests feature, try setting it to icons only instead of icons and text. For Office updates, open up any Office software application, click on File, Account, Office Updates, and enable updates. Then click on Update Now to trigger their installation. Business users This month’s releases showcase that timing is everything. If you apply updates to workstations before applying them to servers and then attempt to use remote event-log tools, you will find that you cannot access the event logs. As noted by Microsoft, affected apps are using certain legacy Event Logging APIs. Ensure that you apply the updates for both workstations and servers before attempting to use such software. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.23.1 (2021-06-24).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4

• MS-DEFCON 4: It’s quiet out there

  Posted on May 27th, 2021 at 01:00 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.19.1 • 2021-05-27

  

  By Susan Bradley

  This month has been relatively quiet with respect to patching side effects. It’s now time to install the May updates.

  Consumer and home users

  Most of the issues and complaints have not been about the May update. Instead, there has been dissatisfaction with a new feature called News and Interests. As this feature rolls out, more and more people are asking how to remove it. I have provided a registry update file that will automatically disable News and Interests. The only known side effect is audio issues in some machines; these can be bypassed by using stereo settings.

  More details will be provided in my upcoming Patch Watch article.

  Business users

  For small businesses that still have an on-premises Exchange email server, make sure you install this month’s Exchange patches, as described in KB 5003435.

  Note that some users reported issues if they had manually removed the new version of Edge, proving once again that Microsoft doesn’t test the edge cases (pun intended).

  Read the full story in the AskWoody Plus Alert 18.19.1 (2021-05-27).

  AskWoody Plus Alert, MS-DEFCON, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4

• MS-DEFCON 2: Pause on patching

  Posted on May 10th, 2021 at 12:00 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.17.1 • 2021-05-10 By Susan Bradley It’s time for both business users and consumer or home users to pause Windows updates. Accordingly, I’m changing the AskWoody MS-DEFCON level to 2. Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it. Consumer and home users If you are a home/consumer user, I recommend two actions to ensure you do not get inadvertent updates. First, select Start, Settings, Network & Internet, and then Wi-Fi or Ethernet (whichever connection you are using). Next, click Manage known networks; click on the network that you use, click Properties, and turn on Set as metered connection. This “tricks” the computer into thinking that your Internet connection is not unlimited (i.e., you might incur charges) and thus will download patches only after you approve the process. The second action is picking a deferral date after May 11, when Microsoft will push out the next Patch Tuesday security releases. Click on Start, Settings, Update & Security; then click on Advanced Options. Pick a date far enough in the future to give you comfort. I always wait at least a week, usually more. I’ll be re-evaluating the update situation closer to the end of the month, but for now choosing May 28 should be safe enough. For those of you with an Office click-to-run (CTR) edition, I strongly recommend that you change to the semiannual channel rather than the monthly one because it will keep you from the Autocomplete bug. Business users Coming this month in the May Security releases, Microsoft will be including a new “News and Interests” taskbar item featuring items of interest to your users. Remember, if you want to proactively block it, there are registry keys and group policy to control it. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.17.1 (2021-05-10).

  AskWoody Plus Alert, MS-DEFCON, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Windows Update

• MS-DEFCON 4: Patching is approved

  Posted on April 30th, 2021 at 01:02 Susan Bradley Comment on the AskWoody Lounge

  ISSUE 18.15.1 • 2021-04-30

  

  By Susan Bradley

  Proceed to update.

  I’m separating my patching guidance into two categories — one for consumer or home users and one for business users. And I’m changing our MS-DEFCON level to 4. At this time, I’m not seeing major issues with updating.

  Consumer and home users

  The April updates have been much better behaved and I’m not seeing any major issues with the releases. Problems identified in 2004/20H2 as impacting performance in games have been automatically mitigated by Microsoft, using its Known issue rollback process. The April updates also resolved the lingering issues with printing triggered with the March updates. Importantly, the April updates install the new, Chromium-based Edge as the default browser and remove the old, “legacy” Edge. Be aware that this update will reset default programs, such as your PDF reader, to the new Edge; you’ll need to make manual adjustments to restore your preferences.

  Note: Going forward, when AskWoody mentions “Edge,” you should assume we mean the new, Chromium-based Edge. Otherwise, we will refer to legacy Edge.

  If you are still using Windows 10 Home or Pro 1909 you have only until May before that version is no longer supported. If you have not already upgraded to 20H2, I recommend taking this opportunity to do so. Remember, my favorite way to upgrade is to use the Update now button on the Software download page.

  Business users

  Coming with the preview releases for Windows 10, and included in the May Security releases, Microsoft will be including a new “News and Interests” taskbar item that will feature topics of interest to your users. If you want to proactively block it, use the Group Policy editor or adjust registry keys.

  References

  • AskWoody Master Patch List
  • April patch recap from ComputerWorld

  Read the full story in the AskWoody Plus Alert 18.15.1 (2021-04-30).

  AskWoody Plus Newsletter, MS-DEFCON AskWoody Plus Newsletter, MS-DEFCON 4, Patch Lady Posts
• « Older Entries