Newsletter Archives

  • MS-DEFCON 4: Protect yourself with patches

    alert banner

    ISSUE 19.17.1 • 2022-04-26

    MS-DEFCON 4

    By Susan Bradley

    I’ve been holding my breath.

    For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

    CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

    Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  • MS-DEFCON 2: Deferring April

    alert banner

    ISSUE 19.14.2 • 2022-04-07

    MS-DEFCON 2

    By Susan Bradley

    Don’t let April showers rain on your PCs.

    I love April. It’s the end of the busy tax season at the office, and it’s spring where I live — the tulips are in bloom. But what I don’t love is updates disrupting my business before the end of the busy season. So I urge you to do what I do at the office: defer those updates.

    Anyone can read the full Plus Alert (19.14.2, 2022-04-07).

  • MS-DEFCON 4: March madness? Mostly quiet

    alert banner

    ISSUE 19.12.1 • 2022-03-22

    MS-DEFCON 4

    By Susan Bradley

    For the majority of computer users, it’s time to get the updates rolled out.

    I’m tracking some issues this month, but not so many as for a typical March. Thus I’m lowering the MS-DEFCON level to 4.

    An unusual occurrence is a problem with a Windows 8.1 update.

    Anyone can read the full AskWoody Plus Alert 19.12.1 (2022-03-22).

  • MS-DEFCON 2: Is it still safe to defer?

    alert banner

    ISSUE 19.09.1 • 2022-03-03
    MS-DEFCON 2

    By Susan Bradley

    Global troubles lead to patching worries.

    Even with all the heightened concerns regarding cybersecurity, my deferral strategy and recommendations for patching will not change. Use the time between now and next Tuesday (Wednesday for those of you outside the northern hemisphere) to wrap up whatever patching and updating you are doing, and get ready to defer updates. Hopefully, a window will open toward the end of the month, when we can have high confidence that applying patches and updates will be safe.

    Anyone can read the full AskWoody Plus Alert 19.09.1 (2022-03-03).

  • MS-DEFCON 2: Batten down the hatches again

    AskWoody Plus Alert Logo
    ISSUE 19.05.1 • 2022-02-03
    MS-DEFCON 2

    By Susan Bradley

    It’s time to wrap up updating or feature-release installations and pause as we wait for February’s Patch Tuesday.

    I am recommending that home and consumer users install the regular updates from January 11 and that business users install the out-of-band updates released on January 17. Get these done right away. Skipping them means you are vulnerable to some active attacks, especially CVE-2022-21882.

    Anyone can read the full AskWoody Plus Alert 19.05.1 (2022-02-03).

  • MS-DEFCON 4: A very complicated patching month

    AskWoody Plus Alert Logo
    ISSUE 19.04.1 • 2022-01-25

    MS-DEFCON 4

    By Susan Bradley

    Thanks, Microsoft, for a very messy January.

    This month will be somewhat convoluted for patching, due to the high number of side effects. To make it worse and more complicated, Microsoft has left it up to us to figure out what to install — rather than pushing out the fixed updates via Windows Update or WSUS. The side effects for those with servers are extreme. In some cases, you’ll need to install two updates before rebooting the servers you manage to successfully patch this month.

    I’m lowering the MS-DEFCON level to 4 in spite of these difficulties, but business users must be cautious.

    Anyone can read the full AskWoody Plus Alert 19.04.1 (2022-01-25).

  • Various out of band updates out to fix January patch issues

    When Microsoft has issues with updates, it normally takes until Fridayish before they identify a root cause and then it’s Mondayish of the following week that fixes get released. And here we are with out of band updates to fix the various issues that were triggered by the January updates. Now I STILL am not budging from my MS-DEFCON 1 stance of don’t patch. But if you are in a situation were you are mandated to patch, at least you can grab a fix.

    Updates a known issue that affects VPN connections.

    Updates a known issue that causes unexpected restarts on Windows Server domain controllers.  Should be “offered up” on Windows update but not pushed

    https://support.microsoft.com/en-us/topic/january-17-2022-kb5010795-os-build-22000-438-out-of-band-2d2b9310-d845-41c4-9907-aeea24f36a63  Fixes to Windows 11 for VPN issues – should be “offered up” on Windows update but not pushed

    Fixes to Server 2012 R2 HyperV issues – only on the Microsoft catalog site. You’ll need to manually download it and apply, note it’s a security only update, not a monthly rollup.

    Bottom line, out of band updates are out to fix various issues seen in the January updates.  Note that not all are out on Windows update, but rather on the catalog site.
  • MS-DEFCON 1: Business patchers be on alert

    AskWoody Plus Alert Logo
    ISSUE 19.02.1 • 2022-01-12

    MS-DEFCON 1

    By Susan Bradley

    For those running a network with a domain controller, the side effects this month are extreme. Don’t patch.

    MS-DEFCON 1 is a very rare occurrence. When I raise the level that high, it’s because I’m seeing critical issues with patches.

    Microsoft has a technology called Active Directory that allows workstations to authenticate with a “domain controller.” This month’s updates are causing such drastic issues with domain controllers that they can become stuck in a boot loop. That is definitely an MS-DEFCON 1 condition. You should not release patches.

    Anyone can read the full AskWoody Plus Alert 19.02.1 (2022-01-12).

  • MS-DEFCON 2: Batten down the hatches for January

    AskWoody Plus Alert Logo
    ISSUE 19.01.1 • 2022-01-06
    MS-DEFCON 2

    By Susan Bradley

    Microsoft has started off the patching year — and not in a good way.

    Soon after midnight all across the world, mail administrators running Exchange 2013 and Exchange 2016 started noticing that mail was not being delivered in their organizations. Horror of horrors, this has been dubbed the “Y2K22” bug — just what we wanted to hear.

    Anyone can read the full AskWoody Plus Alert 19.01.1 (2022-01-06).

  • We listened, we listened!

    Here’s the thing. Susan and I get a lot of email (we do our best to answer everyone). We grin and light up when complimented; we grit our teeth and bear it when our correspondents are less kind. And we listen.

    Unexpectedly, one of the top complaints we’ve both received has to do with the MS-DEFCON banner images we changed back in May. At the time, we conformed the colors of the levels to the US military DEFCON system, with white (level 1) being the most dangerous condition and blue (5) the safest. I thought that made sense because the origin of this site’s MS-DEFCON system was, in fact, the military’s.

    The question we kept getting, almost daily, was which was worse, one or five, white or blue? It was politely explained to us that we should have used red and green. We thought this would die down, but the tea leaves were speaking to us – change it!

    So we did. We did not quite return to the original colors, which used a shade of green for both levels four and five. Instead, we used blue for level four. What we’ve adopted now is, in effect, the same set of colors used by the US Homeland Security Advisory System (aka terror alert levels). The new images are in effect now, everywhere. They’ll even be updated in older emails if you happen to have saved them.

    Now maybe our inboxes will settle down a bit.

  • December 2021 Patch Tuesday arrives – say goodbye to 2004

    It’s that day of the month again when we turn and look (northward in my case, your location may vary) to Redmond and see what Holiday helpings they are serving this time. For those of you in businesses, you are probably not wanting to see any more patch notifications right now after dealing with all of the Log4shell patching you’ve been having to do lately. What got found in an online gaming platform is now causing patching headaches for many businesses because they all used this code in their logging software.

    Even if you are a gamer, YOU aren’t the patcher in the Log4shell patching situation, it’s the cloud and application vendors. This code is not native to Windows operating systems. You may see a lot of headlines about businesses impacted by coin-mining attacks or ransomware. Reportedly Kronos a payroll company was hit with a Log4shell attack.

    For the windows updates this does have the printing fixes now rolled up in them and here’s hoping no new printer side effects will be introduced.

    https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec

    6 Zero days
    21 Elevation of Privilege Vulnerabilities
    26 Remote Code Execution Vulnerabilities
    10 Information Disclosure Vulnerabilities
    3 Denial of Service Vulnerabilities
    7 Spoofing Vulnerabilities

    And a partridge in a pear tree

    The updates have just started rolling out, again, as per normal rules of Askwoody patching engagement, you the home user want to hold back and wait to see what side effects occur. We’ll keep an eye out for you.

     

  • MS-DEFCON 2: Final patch ever!

    AskWoody Plus Alert Logo
    ISSUE 18.47.1 • 2021-12-09

    MS-DEFCON 2

    By Susan Bradley

    We’ve come to the last patch we ever have to worry about.

    Well — for 2021, anyway. Of course, in January we start the whole patching process all over again. But wait! For those of you with Windows 10 2004, this is really the final update.

    During the month of December, Microsoft takes a break, with only one update planned due to the holiday season. As Microsoft noted in its Windows message center, there will be no preview updates released during the third or fourth week of the month. This also means that, should there be any side effects from this month’s updates, there won’t be optional preview updates to fix any issues. I’ll be paying close attention to side effects of this month’s updates as a result.

    Consumer and home users

    Windows 10 Installer DownloadClick on Start, Settings, System, and then About on your Windows 10 computer to check your version. If you are still on 2004, this is the very last month that you will receive an update. In that case, I recommend that you visit the Windows 10 download page and click on Update now under “Windows 10 November 2021 Update.” This will download the installer for upgrading — Windows10Upgrade9252.exe, as shown to the left above. Follow the prompts to install Windows 10 21H2. I’m comfortable with that version at this time and recommend it.

    Once you get yourself onto Windows 10 21H2, ensure that you are set to defer updates. I recommend you defer until after Christmas. Click Start, Settings, Update and security, Advanced options; choose to defer updates until December 28.

    Printing side effects seem to be on the wane. If you haven’t already installed the November updates, do that now.

    Business users

    For business patchers, if you are still having issues with printing, ensure that you either install the out-of-band updates released at the end of November or test the December releases as soon as they come out — to see whether they fix your issues. For Windows 10 versions 2004, 20H2, 21H1, and 21H2, Microsoft has indicated that Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server.

    I’m seeing this reported most on peer-to-peer shared printers in a business setting. The optional updates released in late November specifically address these issues. For Windows 10 2004, 20H2, 21H1, and 21H2, this update is KB5007253. This fix will also be included in the December updates, so you may wish to wait until that patch is released to see whether this fixes the printing issues you are dealing with.

    References

    Read the full story in the AskWoody Plus Alert 18.47.1 (2021-12-09).