Newsletter Archives

• Master Patch List as of May 9, 2023

  Posted on May 10, 2023 at 22:41 CDT by Susan Bradley • Comment in the Forums

  I’ve updated the Master Patch list for the May releases.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.

  So far trending issues are:

  Business patchers – In order to fully patch systems for potential UEFI/Secure Boot there are a series of manual steps. I am NOT convinced that this is needed for anyone other than targeted nation state organizations. I’ll have exact instructions and a video should you want more information.

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level

  Windows Security Master Patch List, Patch Lady Posts

• It’s May updating time!

  Posted on May 9, 2023 at 10:45 CDT by Susan Bradley • Comment in the Forums

  It’s that time of the month that I’ll urge you to pause your updates on your Windows platforms, but review any pending updates on your Apple platforms.  Recently Apple’s “Rapid response” patches weren’t quite as “rapid” as we would all like.  In fact on my iPhone iOS 16.4.1 is still pending even though I have auto updates enabled.

  

  I’ll be discussing what SHOULD have occurred in Sunday’s newsletter.  In the meantime, let’s keep an eye out for this month’s Windows releases:

  49 vulnerabilities if the count here is correct

  Windows 11 22H2 has a new toggle button

  • New! This update adds a new toggle control on the Settings > Windows Update page. When you turn it on, we will prioritize your device to get the latest non-security updates and enhancements when they are available for your device. For managed devices, the toggle is disabled by default. For more information, see Get Windows updates as soon as they’re available for your device.

  As well as fixing issues in both Windows 11 22H2 and 21H2 as well as Windows 10  in the newly released Windows Local Administrator Password Solution

  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.

  Remember if you aren’t on Windows 10 22H2 at this time, I’ll want you to move to 22H2 as June 13, 2023 is the last time Windows 10 home and Pro 21H2 get updates. Windows 10 Enterprise and Education, Windows 10 IoT Enterprise, and Windows 10 Enterprise multi-session will still be serviced (apologies had that backwards). 20H2 is now fully out of support.

  Ugh.  There is a secure boot vulnerability that is being “fixed” with code in the May updates, but not fully implemented.  Because you need PHYSICAL access or administrative rights to install code, this is yet another of those updates that will need to be “risk” rated for additional action.  I’ll go into this more in the newsletter.

  Windows Security May 2023 Black Tuesday, Patch Lady Posts

• Master Patch List April 11, 2023

  Posted on April 13, 2023 at 15:05 CDT by Susan Bradley • Comment in the Forums

  I’ve updated the Master Patch list for the April releases.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.

  So far trending issues are:

  Business patchers – weird Google chrome issue after installing kb5025221 if your group policy is used to set Chrome as default

  Also I’ll update the list for the SQL updates but I wanted to get the other updates out for you

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Security Master Patch List, Patch Lady Posts

• The patching showers of April

  Posted on April 11, 2023 at 12:14 CDT by Susan Bradley • Comment in the Forums

  Apple did their patching showers yesterday – another zero day fix

  📱 iOS and iPadOS 15.7.5 – 2 bugs fixed
  💻 macOS Monterey 12.6.5 – 1 bug fixed
  💻 macOS Big Sur 11.7.6 – 1 bug fixed

  Now it’s Microsoft’s turn….

  97 vulnerabilities, 7 critical, 1 exploited

  Also out today… The AD team at Microsoft is proud to announce that with today’s Patch Tuesday updates, our new Windows Local Admin Password Solution (aka Windows LAPS) is available in all in-market builds of Windows – Win10 & Win11 clients and Server 2019 & 2022 SKUs!

  As usual, time to sit back, watch the testing occur and see what shakes out this month.

  Note that Windows 10 21H2 drops out of support in June unless you have edu or enterprise – so check what version of Windows 10 you are on. There’s no big changes for Windows 10 so I honestly don’t anticipate seeing any side effects. As always I will keep you up to date on the Master patch listing.

  This is interesting… there is only a security release for Publisher this month.

  No non security Office updates were released either. A VERY light Office release this month.

  Windows Security April 2023 Black Tuesday, Patch Lady Posts

• Are you checking your backup tonight?

  Posted on March 31, 2023 at 21:59 CDT by Susan Bradley • Comment in the Forums

  As Alex pointed out …. today is World Backup day.

  Just a reminder, issues like ransomware can be thwarted by having a backup. Specifically, something that the bad guys can’t touch. So rotate out those hard drives. Have a cloud backup with versioning that is protected from access. Make sure you are protected.

  Now while this is a marketing session that demands you sign up and register – I still enjoy Jessica Payne and her talks how how we can do better against ransomware. From the recent Microsoft Secure session.

  Windows Security Patch Lady Posts

• Master Patch list as of March 15, 2023

  Posted on March 16, 2023 at 00:54 CDT by Susan Bradley • Comment in the Forums

  

  I’ve updated the Master Patch list for the March releases.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.  Right now the big trending issue is the issue where Windows 10 22H2 doesn’t seemingly reboot if you manually check for updates. If you use Start11, StartAllBack, and ExplorerPatcher  make sure you update to the latest on Windows 11.

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Security Master Patch List, Patch Lady Posts

• March madness here we come

  Posted on March 14, 2023 at 12:50 CDT by Susan Bradley • Comment in the Forums

  Ready or not – here comes the March updates. Remember by this time you need to have a backup and defer updates (unless you are one of the souls who like to be the beta testers for the rest of us.

  Interesting items of note:  Outlook vulnerability used in TARGETED only attacks and impacting NTLM (translation – businesses with Exchange servers not consumers/home users. If you have click to run Office this will be auto updated.

  There is also a ‘smartscreen’ vulnerability where Edge can be tricked into thinking something isn’t from the web and not scan it. This will be auto updated when Edge updates.  When we finally update Windows the smartscreen as a whole will be updated. But again, we don’t blindly download things do we?

  Both are more business only – not consumer/home targeted so I’m not changing my “hold off and wait to patch” stance in any way.

  Remember Windows 11 22H2 gets “moments” releases – I’ll be reporting if my registry key works on Windows 11 Home computers.

  More links as they come live…..

  Also business impact:

  This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.

  This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’” For more information, see KB5020276.

  Dustin Childs’ zero day blog

  Windows Security March 2023 Black Tuesday, Patch Lady Posts

• Master patch list as of February 14, 2023

  Posted on February 16, 2023 at 04:55 CST by Susan Bradley • Comment in the Forums

  

  I’ve updated the Master Patch list for the February releases. While this month doesn’t have the vulnerability count that many gage a big month by, it has .NET security releases which – on some platforms – add additional patch offerings.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.  Right now the big trending issue is Server 2022 and VMware.

   

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Security Master Patch List, Patch Lady Posts

• Here comes February’s valentines of patches

  Posted on February 14, 2023 at 12:12 CST by Susan Bradley • Comment in the Forums

  Here we go again with a bundle of updates.

  Remember our mantra – to pause, ponder, wait and in general see what the side effects are first.

  Windows servers are still getting Internet Explorer updates!  So IE is not quite dead.  Yet.

  Remember Windows 7 is officially out of support so if you are still using it, please do not be using it to surf, browse, etc ensure that you are using it in isolation away from the Internet. 0Patch is an option for those of you.

  Remember as well that the “disable IE” is only on Windows 10 and comes through an Edge update  NOT an Internet Explorer update.

  Links for discussion on this month’s updates:

  Dustin Childs’ blog

  Ghacks

  Incidents.org

  Trending issues:  Seeing reports that Server 2022 booting issues see https://kb.vmware.com/s/article/90947  “Also having this issue on 2 Win 2022 servers after applying KB5022842. Disabling Secure Boot on the VM “fixed” it for now. ESXi 7.0.3, 20842708″

  I can personally report that the removal of Internet Explorer in Edge is breaking remote deposit with the Bank of America website.  It doesn’t recognize the scanner driver on Edge, it does on Chrome.

  For those of you that are IT admins be aware of:

  Updates released February 14, 2023 or later might not be offered from some Windows Server Update Services (WSUS) servers to Windows 11, version 22H2. The updates will download to the WSUS server but might not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019. This issue is caused by the accidental removal of required Unified Update Platform (UUP) MIME types during the upgrade to Windows Server 2022 from a previous version of Windows Server. This issue might affect security updates or feature updates for Windows 11, version 22H2. Microsoft Configuration Manager is not affected by this issue.

  To mitigate this issue, please see Adding file types for Unified Update Platform on premises. We are working on a resolution and will provide an update in an upcoming release.

  Windows Security February 2023 Black Tuesday, Patch Lady Posts

• Patch list for January 2023 – final update

  Posted on February 8, 2023 at 23:42 CST by Susan Bradley • Comment in the Forums

  

  I realized tonight that I hadn’t done my final recap of the January updates on the Master Patch List page

  We’re just about to get ready for the February updates so stay tuned for advice about February.

  As a reminder – if  you want to keep your computer on Windows 10 but still let it update to the various feature releases – Enter Windows 10 in that upper section of the local group policy and leave the lower portion blank.

  

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – tentative. Check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Be aware that due to a change in twitter possibly as early as next week, the DefCon tweeting may not work automatically.  The texting will continue without fail, but I rely on Zapier who is like everyone else and trying to keep up with what keeps changing. We will keep you posted as we know more.

  Windows Security Master Patch List, Patch Lady Posts

• Master Patch list updated as of January 10, 2023

  Posted on January 12, 2023 at 11:57 CST by Susan Bradley • Comment in the Forums

  #PatchTuesday #DeadBodyWedneday #KeepaneyeoutforissuesThursday

  Consumers:  Defer updates at this time.

  I’ve updated the Master Patch List for Tuesday’s releases.

  It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

  For businesses, the impact to look out for and keep an eye on are any Exchange on premises server you are still patching.

  As a reminder

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – tentative. Check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Apple, Windows Security Master Patch List, Patch Lady Posts

• Master Patch List as of December 13, 2022

  Posted on December 14, 2022 at 15:50 CST by Susan Bradley • Comment in the Forums
  

  #PatchTuesday

  Business patchers:  Microsoft has indicated that they fixed the memory issue with the LSASS patch but still waiting for community confirmation.

  Consumers:  Defer updates at this time.  The secure boot patch KB5012170 has been released to apply to Windows 10 and 11 22H2 so be sure to defer it as well.

  I’ve updated the Master Patch List for Tuesday’s releases.

  It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

  For businesses, the impact to look out for and keep an eye on are the Kerberos related patches.  Microsoft has indicated that the memory leak issues introduced in last month’s Kerberos updates have been fixed but I am still waiting for community confirmation.

  As a reminder

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Apple, Windows Security Master Patch List, Patch Lady Posts
• « Older Entries