Newsletter Archives
-
Zeroing in on zero days
PATCH WATCH
By Susan Bradley
September’s updates are out, with several zero days and several interesting vulnerabilities.
The good news is that for consumers and home users, many of these are unique to a business network and won’t be seen in a home network.
What will be seen this month is that the update installation and reboot process will take longer. I’m not sure what is triggering the slowness, but note that this month’s updates also include .NET updates. Patience.
Read the full story in our Plus Newsletter (20.38.0, 2023-09-18).
-
Vulnerabilities everywhere
ISSUE 20.33 • 2023-08-14 PATCH WATCH
By Susan Bradley
Another month, another series of updates for seemingly everything on the Windows platform.
But this isn’t just any month. Patch Tuesday once again coincided with the week of the annual security conference, Black Hat. The Windows-based topics range from “Hacking Bing.com (and much much more) with Azure Active Directory” to a briefing titled “Defender-Pretender: When Windows Defender Updates Become a Security Risk.”
In addition, there is a talk called “Single Instruction Multiple Data Leaks in Cutting edge CPUs aka Downfall.” Better known as CVE-2022-40982, the flaw is a transient execution side-channel issue and impacts all processors based on Intel microarchitectures from Skylake through Ice Lake. Not to be left out, Apple and Android bugs have their own talks.
Read the full story in our Plus Newsletter (20.33.0, 2023-08-14).
This story also appears in our public Newsletter. -
Wrapping up July’s updates
PATCH WATCH
By Susan Bradley
We’re at the dividing line. We are working on getting July’s updates installed and reviewing whether we have Windows 10 22H2 installed. Meanwhile, that window of opportunity for installing updates is closing soon.
But that’s just the Windows side of the patching world. On the Apple side, we’ve had to deal with zero-day patches this month. Not to be left out, Android is doing last-minute beta testing on Android 14 beta 4.1.
Read the full story in our Plus Newsletter (20.32.0, 2023-08-07).
-
Patch testing isn’t easy
PATCH WATCH
By Susan Bradley
No matter who the vendor is, bugs occur.
By the time you read this, Apple will have already re-released its rapid security patches for iOS, iPadOS (16.5.1), and MacOS Ventura (13.4.1). The patches dealt with side effects impacting Facebook, Instagram, WhatsApp, Zoom, and various other websites.
The bug release fixed a WebKit vulnerability that was being exploited in the wild. If you don’t use Safari as your default browser, or if you don’t use the impacted apps, I hope you just did the “sit tight and wait for a re-release” thing.
Read the full story in our Plus Newsletter (20.29.0, 2023-07-17).
-
The case of the missing Registry key
PATCH WATCH
By Susan Bradley
Microsoft leaves it up to us to finish its job.
Once upon a time, there was a company that cared equally about the impact of patches on customers large and small. But in the past two months, something has happened. Some of you would argue that furthermore, Microsoft’s patching guidance has been primarily for the enterprise market segment from the start.
That’s not my experience.
Read the full story in our Plus Newsletter (20.25.0, 2023-06-19).
-
Can we control the changes to our operating systems?
ISSUE 20.23 • 2023-06-05 PATCH WATCH
By Susan Bradley
I grew up on television shows such as Bewitched, in which Samantha, the character played by Elizabeth Montgomery, could just wiggle her nose and things would do what she wanted them to do.
Until something went wrong, that is, and she’d have to explain to Darrin that, well, things didn’t quite go as planned.
Sometimes updating Windows is like that.
Read the full story in our Plus Newsletter (20.23.0, 2023-06-05).
This story also appears in our public Newsletter. -
May’s messy updates
PATCH WATCH
By Susan Bradley
Although the May releases for both Windows and Apple have not introduced side effects or hiccups so far, they haven’t been as problem-free as they should have been.
Apple released the first of its “rapid response” updates, announced last June and supposedly allowing the company to deploy important security-only software updates without demanding a reboot.
Read the full story in our Plus Newsletter (20.20.0, 2023-05-15).
-
Apple and Microsoft fix April zero days
PATCH WATCH
By Susan Bradley
Tomorrow is the tax-filing deadline in the US. It’s not the time to be installing updates, especially since we’re still at MS-DEFCON 2.
In other words, we’re still in deferral mode despite several newsworthy patching headlines and despite my not having noticed any significant side effects. As usual, I suggest patience until we know more.
The majority of the items of concern relate to businesses, not consumers. Here are some highlights.
Read the full story in our Plus Newsletter (20.16.0, 2023-04-17).
-
How do you install and patch your new computer?
PATCH WATCH
By Susan Bradley
I’m doing something vastly different this week.
Right off the bat, you’ll notice that this article is a bit shorter than I usually write. That’s because it describes the actual writing task to which I’ve set myself. I’ve prepared two checklist documents about setting up a Windows PC, one for Windows 10 and one for Windows 11.
Both of these documents are targeted at the ordinary consumer, the home user.
Read the full story in our Plus Newsletter (20.15.0, 2023-04-10).
-
Firmware and drivers
PATCH WATCH
By Susan Bradley
Why are drivers and firmware so important?
Once upon a time, you would set up a computer and any display adapter driver or firmware would be automatically installed to match the hardware. More than likely, you would not install new drivers for a long, long time.
But now with both Windows 10 and 11, I annually review drivers and firmware as the Windows feature releases come out. I go through certain steps and processes to rule out issues that might have been triggered by out-of-date drivers, especially if I’ve encountered side effects that I can’t otherwise explain.
Read the full story in our Plus Newsletter (20.14.0, 2023-04-03).
-
The sky is not falling
PATCH WATCH
By Susan Bradley
You may have seen the headlines: Outlook is getting a patch for a zero-day attack that can’t be fixed just by turning off the preview pane.
Don’t panic. The risk is greatest if you are connecting Outlook to an on-premises Exchange server.
Importantly, the attacks have been seen only in targeted firms. The risk is higher for government agencies. Microsoft has even provided a script to determine whether you are at risk.
Read the full story in our Plus Newsletter (20.12.0, 2023-03-20).
-
Ensuring you can recover
PATCH WATCH
By Susan Bradley
Anyone reading the title of this edition of Patch Watch may think I’m talking about a Windows update issue.
But no matter what your technology, I want to remind you that having a backup means that you will be able to recover.
A good friend of mine, totally ensconced in the Apple world, reported that her older Apple computer running Monterey was not a happy camper. She had been traveling and did not want to install updates. Once at home after her travels, she attempted to update. That’s when the “fun” started.
Read the full story in our Plus Newsletter (20.11.0, 2023-03-13).