Newsletter Archives

  • November updates are here

    It’s DefCon Tuesday again.

    We are still waiting to hear how we are going to control the Windows 10/11 ‘moment’ releases – those incremental dribble updates.

    Links below as they go public…..

    Listing of vulnerabilities

    Dustin Child’s zero day blog


    SANS Internet Storm Center

    Known issues include:

    Windows 11 22H2 (2022 whatever you want to call it) still has the file copy bug: “Copying large multiple gigabyte (GB) files might take longer than expected to finish on Windows 11, version 22H2. You are more likely to experience this issue copying files to Windows 11, version 22H2 from a network share via Server Message Block (SMB) but local file copy might also be affected.Windows devices used by consumers in their home or small offices are not likely to be affected by this issue”

    Exchange is FINALLY being patched for it’s zero day from a month ago.

    A print spooler patch – aka we watch for printer issues.

  • Master patch list updated for out of band

    Patch Lady Master patch list is being updated AGAIN for an “out of band” release for Windows 10 21H2 to fix an issue with OneDrive. KB5020953 for Windows 10 was released as an “out of band” to fix the issue.  It’s unclear if there will be additional out of band releases for the other platforms to fix this issue. It does not appear to be occuring on Windows 11 platform, only Windows 10.  You’ll need to go to the catalog site to find the exact version you’ll need for your Windows 10 versions.

    • It addresses an issue that causes Microsoft OneDrive to stop working. This occurs after you unlink your device, stop syncing, or sign out of your account.

    Also be aware of an issue that some might see in business deployments where you reuse computer accounts.  See KB5020276. Note this does NOT impact home users.

  • Master Patch List as of October 25, 2022


    I’ve updated the Master Patch List which now matches the guidance in the alert released today.

    You will note that I recommend that you defer at least temporarily the big releases that Apple came out with yesterday. You’ll want to hold off a bit and ensure there are no major issues.

    I have given the “install” for the major updates released on October 11.  I do not recommend either the Windows 10 22H2 (minor update) or Windows 11 22H2 (larger upgrade).

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master patch list as of October 17, 2022


    I’ve updated the Master Patch List for today’s out of band release

    Microsoft released an “out of band” that is on the Microsoft Catalog site for Windows 10 and 11 releases only for issues with SSL and TLS.  It’s due to new behavior introduced after the September optional updates rolled into the October cumulative/security updates. See 

    I noted in the newsletter that side effects may be seen on older applications (for example Citrix Workspace does not connect after October 2022 update) so you may wish to see if this out of band update will help.

    Consumer impact:  Not seeing issues with this on consumer devices.

    Business impact:  May see issues with older applications.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Ready for October’s Patches?

    It’s DefCon Tuesday again.  Remember Windows 10 22H2 will be out later this month.

    We have yet to get the details on the Windows 10/11 ‘moment’ releases – those incremental dribble updates. My gut tells me to look for these starting to come out in the preview updates and as I see the details, I’ll alert you about them as well.

    In the meantime for those of you that patch Exchange servers, don’t forget to review the updated guidance regarding those zero day attacks.

    For those on Windows 11 22H2 remember Microsoft warned about a file copy slowdown.

    Links below as they go public…..

    Listing of vulnerabilities

    Dustin Child’s zero day blog


    SANS Internet Storm Center

    Group policy bug still there and not fixed – impacts business patchers only not home/consumers.

    Exchange mail server bug not fixed even though security updates for Exchange were released today.

  • Microsoft Endpoint Configuration Manager out of band

    What is it? There is an out of band security update for Microsoft Endpoint Configuration Manager. This is a business only tool used to manage computers.

    What’s the risk? An attacker could exploit this vulnerability to obtain sensitive information. It’s a spoofing vulnerability.

    Does it impact consumers or home users?  No.

    Does it impact businesses who only use WSUS or only Intune or even those who have standalone Windows 10 or 11 computers?  No. This is only for those customers running Config manager a separate standalone management tool.

    How can you get the patch?  “The update – KB 15498768 – will be listed in the Updates and Servicing node of the Configuration Manager console for customers running Microsoft Endpoint Configuration Manager, versions 2103 – 2207.

    Environments using versions of Configuration Manager current branch prior to 2103 are encouraged to update to a later supported version. Administrators can also disable use of automatic and manual client push installation methods to remove the risk of exposure to this issue. Refer to Support for Configuration Manager current branch versions.

    Source: CISA alert

    MSRC alert

    I’ll update the master patch list later tonight, but be aware this out of band is for a narrow band of Microsoft customers.

  • September updates get released

    …and here we go again. Remember our mantra, if you care about your machine ensure that you have a full image backup.

    Ensure that you have deferred updates (always check the master patch page for the deferral date) and/or put your computer on “metered” network trick.

    79 vulnerabilities

    2 publicly disclosed

    5 critical

    1 exploited

    Another print spooler (ugh)

    Too soon to tell if the bugs (audio/etc) of last month are included in this update.  More as I digest the details.

    Updates to this post:

    Windows 10 patch does NOT indicate audio issues are triggered in this release.

    Other resources include Dustin Childs’ Zero day blog 

    The one critical bug in TCP/IP impacts IPv6 with IPsec configurations (translations corporations with IPsec so not home and consumer users)

  • Businesses: want to control your browsers a bit more?

    In a recent thread on the site, many got into a discussion about which browser they standardized on. In a business setting, businesses typically want to control what their users do and do not do with a browser.  This post is in direct response to a request for specific resources on using group policy to control browser security.

    Microsoft provides a great deal of tools in group policy and active directory to control various settings. Keep in mind that even if you don’t have Active directory, you can use these same group policy tools with Windows 10 and 11 Professional.

    The ADMX site is an excellent resource of group policy settings.  I’ve linked to the Edge policies you can control. you can also use group policy to control Google Chrome settings as well. To control Chrome, you have to download the admx file from this site and then use group policy management on your domain controller to set the appropriate policies.

    I recommend that always multiple browsers are deployed. I can’t tell you how many times I’ve had issues with one browser, only to have a site work fine in another.

    The key to using group policy is to find what admx file you need to download to add to the group policy store in order to control whatever you have in mind.

    I’ll also recommend reviewing the guidance at the CIS benchmarks on hardening both Edge and Chrome.  You have to enter an email address and name in order to download the guidance.

    Can consumers follow the guidance from Center for Internet Security as well? Yes, but with any hardening guidance I recommend that you back up your computer first, that way if you get yourself into a situation where something doesn’t work, you can restore your system.  Mind you many of these settings are already default for Edge or Chrome, this hardening guidance just showcases how you can enforce the settings so that they aren’t changed.

    And if you note they aren’t just geared towards Windows, they also have hardening guidance for Macs as well.

    So if you need to beef up your browser security, check out those resources from ADMX and from the Center for Internet Security.

  • Master patch list for August 30, 2022

    I’ve updated the Master Patch List today for the preview releases as well as clarifying a couple of items.

    Two concerning issues are still being tracked. First audio issues in some (not a lot, but some) computers with Windows 10 KB5016616. If you are impacted, uninstall the update and put yourself back on hold. In a network setting the known issue rollback will kick in. In a consumer setting, I have yet to figure out how the chicken will fix the egg.  The Known issue rollback fix is offered up from Microsoft servers, but the code to trigger the known issue rollback (as I understand it) is only in the August and later updates.  Note that even in the preview updates, this known issue is still being tracked. I still think that the patch will be installed, some small percent may see audio issues and then the known issue rollback will kick in, make sure you reboot a day or two after installing updates, and the problem will go away, but I don’t have a system impacted to test my theory.

    The second issue has to do with Secure boot patch KB5012170 failing to install.

    If you’ve already installed KB5012170, and see no side effects, leave the patch installed and take no action.

    If you haven’t installed KB5012170, first check to see if you have bitlocker enabled. To see if you do, click on start, then on search and type in bitlocker. You will see a “manage bitlocker”. Review that bitlocker is off.  If it’s on and YOU don’t know where that recovery key is, click in this window to turn it off. You can easily turn it off from this interface.

    Note that bitlocker is not bad, in fact my Dad has bitlocker enabled on his computer because he wants to ensure that should someone break into his house and steal his computer his sensitive data won’t be stolen as well. But in some computer systems the “oobe” out of box set up sequence may turn on bitlocker and you don’t know it did, where the bitlocker recovery key is located or anything ABOUT bitlocker. This update on some systems triggers the request for a bitlocker recovery key and if you have no bloody clue….as in the case of Mike and his father-in-law “. This happened to my father-in-law’s laptop and unfortunately the recovery key was not listed in his Microsoft account. His laptop was basically ransomwared without the ability to pay the ransom (luckily his son-in-law knows a thing or two about deploying Windows).” Note I have never seen a windows patch turn on bitlocker. It gets set up via the setup process of a new computer.

    Now then put your machine on metered network connection and use the tools to block KB5012170.

    Businesses: In a network setting, note that even on virtual machines KB5012170 will be offered up.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Cyber tips for seniors

    Australia often has really good security guidance and other than the recommendation to turn on automatic updates (you know how we feel about that), I find this list to be interesting.

    There’s one tip that I love… talk to others about cyber security.  Do you?  Do you try to inform others while balancing between being informative but not freaking people out too much and unnecessarily so?

    It’s often hard to find this magic spot between informed risk and tin foil. Too often in security headlines there’s a lot of clickbait.

    My best pieces of advice when reading tech headlines? If it sounds too good to be true, it is.  If it sounds like the sky is falling, it probably isn’t. It’s wise to be cautious, but always temper it with a lot of common sense.

  • Master patch list for August 9, 2022

    I’ve updated the Master Patch List tonight for today’s releases.

    So far we’re tracking some side effects with Excel patches. I’ll also have a full write up and details in Monday’s newsletter. I’m not seeing any OTHER major trending issues but it’s still a bit early. 

    Seeing issues with Outlook closing after launch in network settings. Not seeing it in standalone deployments with pop accounts.

    For those of you with Exchange servers, I’ll have a special section on concerns about this month’s updates for Microsoft’s on premises mail server.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • It’s time for those August updates to be deferred

    Annnndddd here we go again….

    It’s Second Tuesday of the Month and Microsoft is releasing their updates:

    Remember first and foremost to always update your browsers so ensure Firefox, Chrome, Brave, Tor, Edge, Safari, whatever you use is up to date.

    Now onto the updates:

    21 Critical

    2 already in the wild and exploited

    227 vulnerabilities patched

    The majority are “elevation of privilege” — translation the attackers want to get inside the office.

    I’ll link up more as we know it and in the meantime I’ll keep an eye out for side effects.

    Dustin Child’s zero day write up –

    Dogwalk Zero day (the OTHER Microsoft support tool bug) got fixed

    There is a “Secure boot patch” I’ll be recommending you defer at least until we know more about it. Impacting all the way back to Windows 8.1.