Newsletter Archives

  • Master Patch list updated as of January 10, 2023

    #PatchTuesday #DeadBodyWedneday #KeepaneyeoutforissuesThursday

    Consumers:  Defer updates at this time.

    I’ve updated the Master Patch List for Tuesday’s releases.

    It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

    For businesses, the impact to look out for and keep an eye on are any Exchange on premises server you are still patching.

    As a reminder

    • Windows 11 22H2: Not recommended
    • Windows 11 21H2: If you have a Windows 11 PC, recommended
    • Windows 10 22H2: Recommended
    • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
    • Apple Ventura – tentative. Check with the applications you rely on if they recommend this release.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master Patch List as of December 13, 2022

    MS-DEFCON 2

    #PatchTuesday

    Business patchers:  Microsoft has indicated that they fixed the memory issue with the LSASS patch but still waiting for community confirmation.

    Consumers:  Defer updates at this time.  The secure boot patch KB5012170 has been released to apply to Windows 10 and 11 22H2 so be sure to defer it as well.

    I’ve updated the Master Patch List for Tuesday’s releases.

    It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

    For businesses, the impact to look out for and keep an eye on are the Kerberos related patches.  Microsoft has indicated that the memory leak issues introduced in last month’s Kerberos updates have been fixed but I am still waiting for community confirmation.

    As a reminder

    • Windows 11 22H2: Not recommended
    • Windows 11 21H2: If you have a Windows 11 PC, recommended
    • Windows 10 22H2: Recommended
    • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Final patches for 2022

    #PatchTuesday and MicrosoftCentric

    It’s the final patches for 2022 for those of you in the Microsoft centric world

    But don’t just think operating systems….. Firefox is out with Version 108

    Citrix is recommending you update Citrix ADC and Gateway 

    Fortinet is patching a zero day in FortiOS SSL VPNs

    No matter what OS you have, take this week to review your vulnerabilities.

    I’ll link up to the patches once they come out – and remember I’ll have full detailed guidance in the next newsletter.

    Looks like .net security updates this month.

    Our dear dear friend the lovely secure boot patch KB5012170 has been released to apply to Windows 10 22H2.

    PK reports that searching in the Microsoft catalog site appears to be wonky – you can search by KB but searching by 2022-12 gives you results that don’t make sense. Apparently the Outlook search team is branching out to the Catalog site?

  • Got pop ups and ads?

    Someone mentioned the other day “I’m having more and more ads … so many it’s often hard to read anything on a website …”

    Whenever anyone complains about ads that are so annoying to where they interfere with a web site, chances are you don’t need an ad blocker, chances are you have either browser notifications enabled or some sort of advertising software installed on your system that it making your system pop up an ad.

    This is the American holiday of Thanksgiving when I review the health and well being of my computer systems. One key way to review your systems is to literally look in the add/remove programs (or programs and features) section of your computer and sort by date installed. If those annoying pop ups started a month ago, scroll down and review what programs are installed. If you don’t recognize something, ask here in the forums and we can help you figure the good programs from the bad ones.

    Next, see any funky tool bars installed?  Is your search engine not going to what you want it to go to?

    Next open up each browser you have installed. Click on the (typically) the three dots in the upper corner and click on extensions. What do you have installed? Do you personally remember installed each installed extension?

    Go into the settings of the browser and search on notifications. In Chrome it’s chrome://settings/content/notifications?search=notifications, in Firefox it’s about:preferences#searchResults and then search on notifications. Make sure only those sites you WANT to notify you are set to be notified from.

    Especially if you are going to be online shopping this weekend, make sure your browser is up to date, ONLY has the extensions YOU intend to have installed, and ONLY uses the search engine you intend to have.

    If there is something not quite right, ask here in the forums, there are links to the right to get you started!

  • Business patchers alert: Out of band patch expected to fix Domain controller issues

    What is it?  A heads up to business patchers.

    Does it impact consumers?  No. This is only an issue being seen on domain controllers 

    What is it about?  In the November 8th updates (which I haven’t approved yet) installing the updates on your domain controllers could cause authentication issues.

    There will be an out of band update released later on this week to fix issues caused by the November updates on domain controllers.

    If you have been impacted by these updates and have had to roll back the patches on your domain controllers, hang tight.  Help is on the way.  I will update the Master Patch list once this update has been released.

    See also KB5021131 and KB5020805

    Update: Out of band released

    Microsoft is releasing Out-of-band (OOB) security updates today, November 17, 2022 for installation on all the Domain Controllers (DCs) in affected environments. This update addresses a known issue which might cause sign in failures or other Kerberos authentication issues. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.
    To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update CatalogNote The below updates are not available from Windows Update and will not install automatically.
    Cumulative updates:
    Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
    Standalone Updates:
    Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of November 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released November 8, 2022 to receive the quality updates for November 2022. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
  • Getting rid of a pending download

    So the other day I had a computer that had a pending update that I DIDN’T want to install.  While you can use the tools at Blockapatch to block a pending update, if something has already been downloaded and is ready to install when you reboot, what can you do?

    Plenty.  Remember the Knowledge base section for “how to clear the queue”.

    I like to be even more surgical and I do the following:

    First I click in the search box and type in Services:

    I look for the Windows update services and stop and then turn it to disabled while I do this. You’ll go back in later and reset it to Manual.

    Next open up File Explorer and Find the Windows folder, then find the folder called Software distribution

    I delete all of the folders under this folder. You may need to provide “administrator” approval in order to do this. These folders will all recreate when the Windows update service is turned back on.

    Now go back into Services and turn the Windows update service back to manual

    You can watch a video here about the process.

  • Master Patch List as of November 8, 2022

    #PatchTuesday

    I’ve updated the Master Patch List for Tuesday’s releases.

    It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

    For businesses, the impact to look out for and keep an eye on are the Kerberos related patches.  Already seeing potential issues reported “but we’re seeing reports where certain auths are failing when users have their msDS-SupportedEncryptionTypes attribute explicitly being set to AES only (decimal 24, hex 0x18).”  You may want to do a specific query on your domain controllers to see if you will see impacted — see this KB. Bottom line, be sure you do tests and be aware of authentication issues.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • November updates are here

    It’s DefCon Tuesday again.

    We are still waiting to hear how we are going to control the Windows 10/11 ‘moment’ releases – those incremental dribble updates.

    Links below as they go public…..

    Listing of vulnerabilities

    Dustin Child’s zero day blog

    Ghacks

    SANS Internet Storm Center

    Known issues include:

    Windows 11 22H2 (2022 whatever you want to call it) still has the file copy bug: “Copying large multiple gigabyte (GB) files might take longer than expected to finish on Windows 11, version 22H2. You are more likely to experience this issue copying files to Windows 11, version 22H2 from a network share via Server Message Block (SMB) but local file copy might also be affected.Windows devices used by consumers in their home or small offices are not likely to be affected by this issue”

    Exchange is FINALLY being patched for it’s zero day from a month ago.

    A print spooler patch – aka we watch for printer issues.

  • Master patch list updated for out of band

    Patch Lady Master patch list is being updated AGAIN for an “out of band” release for Windows 10 21H2 to fix an issue with OneDrive. KB5020953 for Windows 10 was released as an “out of band” to fix the issue.  It’s unclear if there will be additional out of band releases for the other platforms to fix this issue. It does not appear to be occuring on Windows 11 platform, only Windows 10.  You’ll need to go to the catalog site to find the exact version you’ll need for your Windows 10 versions.

    • It addresses an issue that causes Microsoft OneDrive to stop working. This occurs after you unlink your device, stop syncing, or sign out of your account.

    Also be aware of an issue that some might see in business deployments where you reuse computer accounts.  See KB5020276. Note this does NOT impact home users.

  • Master Patch List as of October 25, 2022

    #PatchTuesday

    I’ve updated the Master Patch List which now matches the guidance in the alert released today.

    You will note that I recommend that you defer at least temporarily the big releases that Apple came out with yesterday. You’ll want to hold off a bit and ensure there are no major issues.

    I have given the “install” for the major updates released on October 11.  I do not recommend either the Windows 10 22H2 (minor update) or Windows 11 22H2 (larger upgrade).

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master patch list as of October 17, 2022

    #PatchTuesday

    I’ve updated the Master Patch List for today’s out of band release

    Microsoft released an “out of band” that is on the Microsoft Catalog site for Windows 10 and 11 releases only for issues with SSL and TLS.  It’s due to new behavior introduced after the September optional updates rolled into the October cumulative/security updates. See https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e 

    I noted in the newsletter that side effects may be seen on older applications (for example Citrix Workspace does not connect after October 2022 update) so you may wish to see if this out of band update will help.

    Consumer impact:  Not seeing issues with this on consumer devices.

    Business impact:  May see issues with older applications.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Ready for October’s Patches?

    It’s DefCon Tuesday again.  Remember Windows 10 22H2 will be out later this month.

    We have yet to get the details on the Windows 10/11 ‘moment’ releases – those incremental dribble updates. My gut tells me to look for these starting to come out in the preview updates and as I see the details, I’ll alert you about them as well.

    In the meantime for those of you that patch Exchange servers, don’t forget to review the updated guidance regarding those zero day attacks.

    For those on Windows 11 22H2 remember Microsoft warned about a file copy slowdown.

    Links below as they go public…..

    Listing of vulnerabilities

    Dustin Child’s zero day blog

    Ghacks

    SANS Internet Storm Center

    Group policy bug still there and not fixed – impacts business patchers only not home/consumers.

    Exchange mail server bug not fixed even though security updates for Exchange were released today.