Newsletter Archives

  • MS-DEFCON 2: Will September updates behave?

    alert banner

    ISSUE 19.36.1 • 2022-09-08
    MS-DEFCON 2

    By Susan Bradley

    Microsoft patches need to go back to school, too.

    Summer vacation is over, which means it’s time for youngsters to return to school. After several years of computer-based, pandemic-induced remote learning, it’s back to the classrooms. Meanwhile, Microsoft is getting ready to roll out the 22H2 releases of Windows 10 and Windows 11.

    I’m hoping that the engineers at Microsoft have had enough vacation, rest, and other downtime to ensure that September’s releases are nice, calm, and — well — boring. Unfortunately, August updates haven’t been quite so boring, and that’s not encouraging. Caution is my watchword, so I’m raising the MS-DEFCON level to 2.

    Anyone can read the full MS-DEFCON Alert (19.36.1, 2022-09-08).

  • Master patch list for August 30, 2022

    I’ve updated the Master Patch List today for the preview releases as well as clarifying a couple of items.

    Two concerning issues are still being tracked. First audio issues in some (not a lot, but some) computers with Windows 10 KB5016616. If you are impacted, uninstall the update and put yourself back on hold. In a network setting the known issue rollback will kick in. In a consumer setting, I have yet to figure out how the chicken will fix the egg.  The Known issue rollback fix is offered up from Microsoft servers, but the code to trigger the known issue rollback (as I understand it) is only in the August and later updates.  Note that even in the preview updates, this known issue is still being tracked. I still think that the patch will be installed, some small percent may see audio issues and then the known issue rollback will kick in, make sure you reboot a day or two after installing updates, and the problem will go away, but I don’t have a system impacted to test my theory.

    The second issue has to do with Secure boot patch KB5012170 failing to install.

    If you’ve already installed KB5012170, and see no side effects, leave the patch installed and take no action.

    If you haven’t installed KB5012170, first check to see if you have bitlocker enabled. To see if you do, click on start, then on search and type in bitlocker. You will see a “manage bitlocker”. Review that bitlocker is off.  If it’s on and YOU don’t know where that recovery key is, click in this window to turn it off. You can easily turn it off from this interface.

    Note that bitlocker is not bad, in fact my Dad has bitlocker enabled on his computer because he wants to ensure that should someone break into his house and steal his computer his sensitive data won’t be stolen as well. But in some computer systems the “oobe” out of box set up sequence may turn on bitlocker and you don’t know it did, where the bitlocker recovery key is located or anything ABOUT bitlocker. This update on some systems triggers the request for a bitlocker recovery key and if you have no bloody clue….as in the case of Mike and his father-in-law “. This happened to my father-in-law’s laptop and unfortunately the recovery key was not listed in his Microsoft account. His laptop was basically ransomwared without the ability to pay the ransom (luckily his son-in-law knows a thing or two about deploying Windows).” Note I have never seen a windows patch turn on bitlocker. It gets set up via the setup process of a new computer.

    Now then put your machine on metered network connection and use the blockapatch.com tools to block KB5012170.

    Businesses: In a network setting, note that even on virtual machines KB5012170 will be offered up.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • MS-DEFCON 3: Issues with bootloader patches

    alert banner

    ISSUE 19.34.1 • 2022-08-23

    MS-DEFCON 3

    By Susan Bradley

    This month’s updates are a great example of why my patching advice differs for consumers and businesses.

    For consumer patchers, whether using Windows 10 Home or Professional, I’m not convinced that you need to install KB5012170, Microsoft’s security update for Secure Boot DBX (the Secure Boot Forbidden Signature Database). Unless, that is, you think you will be targeted by an overseas attacker with a malicious bootloader installer. If your computer holds the keys to the nuclear codes, then by all means install this update instantly. The fact that this isn’t clear-cut is the reason I can lower the MS-DEFCON only to 3 this time around.

    But if you are a normal user, with normal levels of paranoia to get you through the normal security risks of daily life, I’m not convinced that this update is mandatory. In fact, I think it often causes more pain than benefit. Just read through the threads of many a forum poster trying to get this update installed.

    Anyone can read the full MS-DEFCON Alert (19.34.1, 2022-08-23).

  • MS-DEFCON 2: Printing issues, again

    alert banner

    ISSUE 19.31.1 • 2022-08-04
    MS-DEFCON 2

    By Susan Bradley

    This time we’re forewarned, and the problem probably won’t affect many.

    Here we go again. Month after month this year, updates have affected printing in some way, and the side effects have ranged from minor to major (such as printers being completely disabled).

    Fasten your seatbelts anyway, although chances are that many of us won’t notice this side effect at all. In fact, the security fix causing this side effect has actually been installed on our systems for over a year. Starting with the July and August updates, “hardening” is finally being enabled. Still, prudence demands raising the MS-DEFCON level to 2.

    Anyone can read the full MS-DEFCON Alert (19.31.1, 2022-08-04).

  • MS-DEFCON 4: July updates make some hot and bothered

    alert banner

    ISSUE 19.30.1 • 2022-07-26
    MS-DEFCON 4

    By Susan Bradley

    Access bugs ruin a quiet July, but we can still lower MS-DEFCON to 4.

    To any reader of this alert who is sweltering in a heat wave, my sincere condolences. I can slightly relate, as I’m having the normal July heat wave in my neck of the woods.

    The big difference is that my area of the country is used to this weather. Thus I’m inside an air-conditioned home, remotely accessing office workstations and servers to perform the monthly maintenance tasks while some of you are … well … just really hot and really uncomfortable. Fortunately for us, this month’s Windows and Office updates were mostly well behaved.

    Anyone can read the full MS-DEFCON Alert (19.30.1, 2022-07-25).

  • July Windows security updates are out

    Here we go again where we sit on the sidelines and watch the carnage…. excuse me review for side effects.

    In the meantime check out some of the Amazon prime day deals on computers, HP computers and Chromebooks and most importantly for today, external harddrives you can use for backup. While I wouldn’t mind if you bought your way into Windows 11 (after installing start11), I’m still not giving it the all clear for those of you on Windows 10.

    Also remember iOS has a beta out for version 16, so for those of you in the Apple ecosystem, expect some changes (more on that in the newsletter)

    In the meantime here’s what I’m looking at in terms of security updates (more links as the analysis web pages go live, remember my post dead body recap in Monday’s newsletter:

    9:58 am. – Patch Day Dashboard goes live 86 vulnerabilities, 4 critical.

    Dustin Child’s write up.

  • MS-DEFCON 2: Pause to review

    alert banner

    ISSUE 19.27.1 • 2022-07-07

    MS-DEFCON 2

    By Susan Bradley

    We’re halfway through the patching year.

    It seems like just yesterday when I lowered the MS-DEFCON level to allow a cautious breather so we could apply critical patches. Oh, wait — that’s right, it was just last week.

    In June, Patch Tuesday fell on the latest day of the month possible: the 14th. It takes all of us patch watchers a little bit of time to assess the safety of the last round of updates — and before you know it, the next Tuesday is upon us. So after little more than a week, it’s time to pause updates again. Accordingly, I am raising the MS-DEFCON level to 2.

    Anyone can read the full MS-DEFCON Alert (19.27.1, 2022-07-07).

  • MS-DEFCON 3: Should we patch?

    alert banner

    ISSUE 19.26.1 • 2022-06-28

    MS-DEFCON 3

    By Susan Bradley

    I have good news and bad news.

    Some of you will install the June updates and see absolutely no issues whatsoever. Others have tried to install the June updates and experienced side effects. Microsoft has acknowledged some, but not all, of the issues. This makes it a hard month. I don’t like to let people get to the end of the month and not install updates, but at the same time there are some bugs that are deeply impactful to both consumers and businesses.

    Based upon my recommendations below, I am lowering the MS-DEFCON level to 3. I commonly set the level to 4 after giving the month’s updates a chance to settle, but this time greater caution is warranted.

    Anyone can read the full MS-DEFCON Alert (19.26.1, 2022-06-28).

  • MS-DEFCON 2: Zero days unpatched

    alert banner

    ISSUE 19.23.1 • 2022-06-09

    MS-DEFCON 2

    By Susan Bradley

    Once again, we are faced with several zero days that are plaguing Office and Windows.

    Accordingly, I am raising the MS-DEFCON alert level to 2.

    At this time, the vulnerabilities are being used in targeted attacks and ones that are more probing in nature (probes test the ability of the attack to get in but don’t take action). So far, we have not seen widespread attacks, but there are some ways you can proactively protect yourself.

    Anyone can read the full MS-DEFCON Alert (19.23.1, 2022-06-09).

  • MS-DEFCON 4: A mixed bag for May

    alert banner

    ISSUE 19.21.1 • 2022-05-24
    MS-DEFCON 4

    By Susan Bradley

    Good news! Most consumer and home users should be just fine after installing this month’s updates.

    I’m not seeing any major, trending issues with patches for the bulk of users, so I’m lowering the MS-DEFCON level to 4.

    But there’s a “but”: I’m still seeing some corner-case oddities and just can’t quite put my finger on the root cause. For example, reader Ray G reports:

    … after the updates are installed, I still have a black screen and have to wait for about 5 minutes for the desktop to appear.

    Anyone can read the full MS-DEFCON Alert (19.21.1, 2022-05-24).

  • MS-DEFCON 4: Protect yourself with patches

    alert banner

    ISSUE 19.17.1 • 2022-04-26

    MS-DEFCON 4

    By Susan Bradley

    I’ve been holding my breath.

    For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

    CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

    Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  • MS-DEFCON 2: Deferring April

    alert banner

    ISSUE 19.14.2 • 2022-04-07

    MS-DEFCON 2

    By Susan Bradley

    Don’t let April showers rain on your PCs.

    I love April. It’s the end of the busy tax season at the office, and it’s spring where I live — the tulips are in bloom. But what I don’t love is updates disrupting my business before the end of the busy season. So I urge you to do what I do at the office: defer those updates.

    Anyone can read the full Plus Alert (19.14.2, 2022-04-07).