Newsletter Archives
-
Patch your humans
PATCH WATCH
By Susan Bradley
The September updates for Windows appear to be better behaved than those in other recent months.
Gone is the notation that Windows 10 or Windows 11 will trigger audio issues when the updates are installed. Also, thankfully, it appears that the problems with USB printers have been resolved.
Read the full story in our Plus Newsletter (19.38.0, 2022-09-19).
-
Windows 11’s unique bug
PATCH WATCH
By Susan Bradley
Whenever Microsoft releases a new version of Windows, it invariably introduces new bugs as a side effect.
KB5016629 includes a fix for a server message-block (file-sharing) bug that is unique to Windows 11. In a peer-to-peer network, an attacker could trick you by using web-based sharing links such as Azure or other data centers. Windows 10 and earlier are not affected.
This month’s Windows 11 updates also include fixes for issues where File Explorer fails to work when you use the Star menu’s context menu and an external monitor, or when you use the Play and Pause keyboard buttons.
Not to be outdone, the Windows 10 security update this month, KB5016616, includes fixes for an issue that affects printing. Let’s hope it fixes those problems we’ve been seeing with USB-based printers.
Read the full story in our Plus Newsletter (19.33.0, 2022-08-15).
-
Printer bugs squashed this month
PATCH WATCH
By Susan Bradley
If you are like me, you still print. A lot.
Just this week, I was fighting a Lexmark printer that no longer would recognize “Tray 1” and refused to print. To get someone to look at the printer is going to cost nearly as much as it did to purchase the printer.
But we’re not here to hear about my printer woes — we’re here to discuss potential side effects due to July’s updates. In yet another chapter of this sad story, we’re once again patching Print Spooler elevation of privileges. That means, once again, I’ll be keeping a very sharp eye out for printing side effects. And my sharp eye will also be on label printers, because those have been impacted by previous patches. (This has been going on for a really long time.)
Read the full story in our Plus Newsletter (19.29.0, 2022-07-18).
-
Dealing with DCOM
PATCH WATCH
By Susan Bradley
In the June updates, Microsoft continues its journey to harden the Distributed Component Object Model (DCOM), with the goal of making it more resilient to attack.
DCOM is a proprietary Microsoft software component that allows COM objects to communicate with each other over a network. Network OLE was the precursor to DCOM (remember Windows 3.1.1?). Because DCOM can run programs on other computers, hackers can leverage it for lateral-movement attacks through your network, gaining access to more data. This activity can be difficult to detect because it’s not malware or hacker tools — all it takes to access DCOM is PowerShell.
Read the full story in our Plus Newsletter (19.26.0, 2022-06-27).
-
The end of the road for Internet Explorer
PATCH WATCH
By Susan Bradley
Well, not quite. Sort of. Maybe. Partially.
Over a year ago, Microsoft published the Internet Explorer 11 desktop app retirement FAQ, announcing that IE11 would be retired on June 15, 2022. (That’s last Wednesday, in case you missed it.) Retirement means the end of support. The FAQ is full of details, confusing and self-contradictory.
So what does this really mean?
Read the full story in our Plus Newsletter (19.25.0, 2022-06-20).
-
Debugging feature-update failures
PATCH WATCH
By Susan Bradley
A long-time reader recently got in touch to mention his difficulty in getting a PC update past Windows 10 version 1909.
Plus member Lee Gruenfeld indicated that he had worked with several Microsoft support agents to get a more contemporary version installed, a process that lasted several months and resulted in continued failure.
Read the full story in our Plus Newsletter (19.21.0, 2022-05-23).
-
May updates fix risks to networks
PATCH WATCH
By Susan Bradley
It’s looking like consumers may have an issue-free month — if they don’t run Windows 11 machines — and businesses will have to decide whether they want to patch sooner versus later.
Once again, we have a vulnerability that has already been used and abused, but the good news for home and consumer users is that the vulnerability under fire is seen only in Active Directory domains.
Read the full story in our Plus Newsletter (19.20.0, 2022-05-16).
-
Drenched in patches
PATCH WATCH
By Susan Bradley
As is typical for this time of year, Microsoft is releasing a deluge of security patches for our Windows machines.
One threat has already been used in the wild. CVE-2022-24521 is a vulnerability in the Windows Common Log File System Driver and can lead to elevation of privileges on a system. Troubling to me is CVE-2022-26809, which is a potentially wormable remote code vulnerability that could be especially damaging if the attacker gets inside your firewall or network.
Read the full story in our Plus Newsletter (19.16.0, 2022-04-18).
-
Why can’t search just search?
PATCH WATCH
By Susan Bradley
Microsoft introduces “search highlights,” another feature we probably don’t want and didn’t ask for.
In the April cumulative updates for Windows 10 and Windows 11, Microsoft will be bringing some changes to Windows’ desktop search. Unfortunately, it won’t fix what we really want fixed. Instead, it will be adding another feature we don’t want. The feature, called “search highlights,” began to roll out on March 22 to Windows 10 users who had installed the March 2022 preview update (KB5011543).
Read the full story in our Plus Newsletter (19.14.0, 2022-04-04).
-
How Windows feature releases have changed
PATCH WATCH
By Susan Bradley
There’s a reason why you don’t see “service pack” updates any longer.
I am often asked why I recommend 21H2 when there are other releases of Windows still under support. The concern stems from the not unreasonable sense that a feature update is massively disruptive and from the reasonable desire to put off that pain as long as possible.
But after so many years of updates that represented total swaps of Windows for a new version (remember service packs?), Windows 10 has brought welcome changes.
Read the full story in our Plus Newsletter (19.13.0, 2022-03-28).
-
The madness of releases
PATCH WATCH
By Susan Bradley
This month’s security updates for Windows 11 include some major changes. Alas, they don’t include one major wish item that everyone wants back: thumbnail views on folder contents.
Microsoft does appear to have heard that feedback; starting with Windows 11 Build 22557, Microsoft is testing folder thumbnails again. But even in the March release of Build 22000.556, it is already moving items around.
Read the full story in the AskWoody Plus Newsletter 19.11.0 (2022-03-14).
-
Understanding the zero days
PATCH WATCH
By Susan Bradley
What do attackers go after?
If you take a look at the known, exploited vulnerability listing as put out by the Cybersecurity & Infrastructure Security Agency, you’ll find that the list is long and confusing. Even if you cut it down to just Microsoft and Apple, it’s still a bit overwhelming, to say the least.
I’m going to focus on two bugs, to showcase differences in how the attacks occur on Windows and Apple and what the attackers are going after.
Read the full story in the AskWoody Plus Newsletter 19.10.0 (2022-03-07).