Newsletter Archives

  • Master patch list for August 30, 2022

    I’ve updated the Master Patch List today for the preview releases as well as clarifying a couple of items.

    Two concerning issues are still being tracked. First audio issues in some (not a lot, but some) computers with Windows 10 KB5016616. If you are impacted, uninstall the update and put yourself back on hold. In a network setting the known issue rollback will kick in. In a consumer setting, I have yet to figure out how the chicken will fix the egg.  The Known issue rollback fix is offered up from Microsoft servers, but the code to trigger the known issue rollback (as I understand it) is only in the August and later updates.  Note that even in the preview updates, this known issue is still being tracked. I still think that the patch will be installed, some small percent may see audio issues and then the known issue rollback will kick in, make sure you reboot a day or two after installing updates, and the problem will go away, but I don’t have a system impacted to test my theory.

    The second issue has to do with Secure boot patch KB5012170 failing to install.

    If you’ve already installed KB5012170, and see no side effects, leave the patch installed and take no action.

    If you haven’t installed KB5012170, first check to see if you have bitlocker enabled. To see if you do, click on start, then on search and type in bitlocker. You will see a “manage bitlocker”. Review that bitlocker is off.  If it’s on and YOU don’t know where that recovery key is, click in this window to turn it off. You can easily turn it off from this interface.

    Note that bitlocker is not bad, in fact my Dad has bitlocker enabled on his computer because he wants to ensure that should someone break into his house and steal his computer his sensitive data won’t be stolen as well. But in some computer systems the “oobe” out of box set up sequence may turn on bitlocker and you don’t know it did, where the bitlocker recovery key is located or anything ABOUT bitlocker. This update on some systems triggers the request for a bitlocker recovery key and if you have no bloody clue….as in the case of Mike and his father-in-law “. This happened to my father-in-law’s laptop and unfortunately the recovery key was not listed in his Microsoft account. His laptop was basically ransomwared without the ability to pay the ransom (luckily his son-in-law knows a thing or two about deploying Windows).” Note I have never seen a windows patch turn on bitlocker. It gets set up via the setup process of a new computer.

    Now then put your machine on metered network connection and use the blockapatch.com tools to block KB5012170.

    Businesses: In a network setting, note that even on virtual machines KB5012170 will be offered up.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Cyber tips for seniors

    Australia often has really good security guidance and other than the recommendation to turn on automatic updates (you know how we feel about that), I find this list to be interesting.

    There’s one tip that I love… talk to others about cyber security.  Do you?  Do you try to inform others while balancing between being informative but not freaking people out too much and unnecessarily so?

    It’s often hard to find this magic spot between informed risk and tin foil. Too often in security headlines there’s a lot of clickbait.

    My best pieces of advice when reading tech headlines? If it sounds too good to be true, it is.  If it sounds like the sky is falling, it probably isn’t. It’s wise to be cautious, but always temper it with a lot of common sense.

  • Master patch list for August 9, 2022

    I’ve updated the Master Patch List tonight for today’s releases.

    So far we’re tracking some side effects with Excel patches. I’ll also have a full write up and details in Monday’s newsletter. I’m not seeing any OTHER major trending issues but it’s still a bit early. 

    Seeing issues with Outlook closing after launch in network settings. Not seeing it in standalone deployments with pop accounts.

    For those of you with Exchange servers, I’ll have a special section on concerns about this month’s updates for Microsoft’s on premises mail server.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • It’s time for those August updates to be deferred

    Annnndddd here we go again….

    It’s Second Tuesday of the Month and Microsoft is releasing their updates:

    Remember first and foremost to always update your browsers so ensure Firefox, Chrome, Brave, Tor, Edge, Safari, whatever you use is up to date.

    Now onto the updates:  https://patchtuesdaydashboard.com/

    21 Critical

    2 already in the wild and exploited

    227 vulnerabilities patched

    The majority are “elevation of privilege” — translation the attackers want to get inside the office.

    I’ll link up more as we know it and in the meantime I’ll keep an eye out for side effects.

    Dustin Child’s zero day write up – https://www.zerodayinitiative.com/blog/2022/8/9/the-august-2022-security-update-review

    Dogwalk Zero day (the OTHER Microsoft support tool bug) got fixed

    There is a “Secure boot patch” I’ll be recommending you defer at least until we know more about it. Impacting all the way back to Windows 8.1.

     

  • Master Patch List for July 12, 2022 too early to patch…

    I’ve updated the Master Patch List tonight for today’s releases.

    It includes servicing stack updates for the older versions of Windows along with a security patch for Internet Explorer. Note this is not disabling Internet Explorer, merely patching it for security issues.

    It’s too early to report on any major side effects but I have seen some folks report on major Windows 11 issues after updating (see here and here) so make sure you back up your machine and have a recovery plan.  Mind you two reports is not widespread at all, but Kevin Beaumont is a security researcher who used to work for Microsoft and always has interesting observations regarding security, so seeing him have Patch Tuesday issues causes me to call it out.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • It’s mid year check up time!

    It’s middle of the 2022 year and it’s time to take stock of your computing needs and wants and what might need some upgrades.  Now before you think I’m ready to say let’s all upgrade  to Windows 11, that’s not the upgrade I’m thinking of. Rather I want you to review your existing equipment and specifcally your backups.  Mid year is when I review my backup media and if I’ve been using an external hard drive (like my usual Western Digital USB external hard drives), I consider retiring one that I’m using and buying a new one.  I do this to ensure that my backup is on healthy drives, and then I typically take a mid year backup and store it offsite.  In the case of my office I take backups home, or in the case of home, you may even consider putting a usb external hard drive with critical information into your safety deposit box at the bank.  You may even want to consider adding some cloud service as an additional backup location.

    Next what about the firmware on your computer?  If you have a name brand computer like HP or Dell they have a firmware checking tool that alerts you to firmware updates. Just like windows updates, firmware updates are really important these days to ensure your machine is functioning correctly.

    What about the plug ins in your browser?  I would launch each browser you have on your computer and review what extensions are installed. If you can’t remember why you installed that extension, it’s time to remove it or at least ask in the forums as to why you still might need it.

    What about the driver for your printer? And what about how your printer connects to your computer? Whenever I set up a printer these days, whether it’s at the office or at home I set them up as wired – not wireless connections. Then I print out from the configuration screen of the printer what the print configuration is. It will tell me what IP address the printer has grabbed. I will then go to the computer, add printer, and then add printer via IP address.  After I set up the printer – it will pull down the printer driver it wants – I will go back and ensure that the printer is still set up with an IP address not the WSD printer type that the printer wants it to be, but I don’t want it to be.

    I then go back and set up the IP address that the printer is actually on.

    WSD is one of those technologies that I still stay away from.

    So what do you include in your mid year review of your technology?

  • Windows 8.1 is getting close to the finish line

    I know there are a fair amount of Askwoody readership that are still using Windows 8.1. Microsoft will be including a nag notification soon to indicate that the end of life for Windows 8.1 will be January 10, 2023.

    Now just a reminder, your computer will still work. It just won’t receive security updates. You’ll need to ensure that your antivirus will continue to get dat files, and that browsers are supported. I don’t see Chrome posting any drop dead date at this time. Remember Windows 7 has a drop dead support date for Chrome as of January 15, 2023.

    They are not planning to offer extended support packages for Windows 8.1.

    I will have to investigate if 0patch is going to continue to update after 8.1 drops out of support.

    Bottom line, if you LOVE Windows 8.1, start planning now.

     

     

  • Microsoft is releasing an OOB update to address Arm devices issue

    Microsoft is releasing Out-of-band (OOB) updates today to address an issue with Azure Active Directory services on Arm-based devices. These cumulative updates are available on Windows Update and other channels.

    Consumer impact:  None

    Business impact: Only needed for Arm-based devices

    Microsoft is releasing Out-of-band (OOB) security updates today, June 20, 2022, only for Arm-based Windows devices. This update addresses a known issue that only affects Windows Arm-based devices and might prevent you from signing in using Azure Active Directory (AAD). Apps and services that use AAD to sign in, such as VPN connections, Microsoft Teams, and Microsoft Outlook, might also be affected.
    Important This issue only affects Windows devices that use Arm processors. No other platforms will receive this out-of-band update. This OOB update is cumulative. We recommend that you install this OOB update instead of the June 14, 2022 security update for affected devices.
    All updates listed below are available on Windows UpdateWindows Server Update Services (WSUS), and Microsoft Update Catalog. For instructions, see the release notes for your OS listed below.

    Susan comment:  Reminder This will only offer or install on Windows Arm-based devices.

    Thus for many of us you won’t see it/you won’t care about it.

    We are still tracking an issue where Internet connection sharing /being able to surf at the same time is impacted.  No ETA of a fix at this time but Microsoft has acknowledged the issue. Also tracking issues with RRAS and VPN but not sure if something third party vpn is triggering the problem?

  • Master Patch List for June 14, 2022 too early to patch… yet

    I’ve updated the Master Patch List tonight for today’s releases.

    Key items to keep in mind – you’ll see .NET patches listed but they are not security updates. As I see issues and side effects I’ll be updating the Master Patch List page to accumulate the issues.

    … so far in my early testing I’m not seeing issues but it’s early and we normally don’t start seeing trending issues until tomorrow.

    6/15/2022 edit:  Possible wifi connectivity issues  after June patches installed on Windows 10 and Windows 11 — link here.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • June updates are out

    Where I live it’s stone fruit season – Peaches and plums are sweet and ripe.

    Where we ALL live around the world, it’s that time of the month where Redmond releases Windows updates. Even if you don’t use Windows anymore it’s the day I always review browsers on all of my devices to ensure they are up to date.

    And here we go… https://patchtuesdaydashboard.com/

    Remember today is not the day to be installing updates unless you are one of those kind people that LIKE to be our beta testers and have a backup. The rest of us have deferrals in place.  I’ll be updating this post during the day with early trends, and keep an eye on the Master Patch list that I will update at the end of the date and consistently after that with info.  The full report will come out in next Monday’s newsletter.

    60 vulnerabilities

    3 critical

    0 under active attack.

    Unsure if the zero day has been fixed, hang loose.

    Zero day Follina and Dogpatch has been fixed, if you used the group policy workaround you can decide if you want to leave it or not, I would leave the Attack surface reduction rules in place.  If you are using 0Patch it will leave resident memory once you’ve installed the update. Dogpatch has not bee fixed, but I honestly don’t see as much concern on that one – more about this in the newsletter.

    IE drops out of support BUT not removed from your computer. More on this in the newsletter.

    SQL server has security updates – haven’t seen that in a long time https://www.catalog.update.microsoft.com/Search.aspx?q=Security+Update+for+SQL+Server

    6/15/2022 edit:  Possible wifi connectivity issues  after June patches installed on Windows 10 and Windows 11 — link here.

  • Zero day in office – but don’t panic

    Microsoft Releases Workaround Guidance for MSDT “Follina”; Vulnerability

    05/31/2022 11:11 AM EDT

    Original release date: May 31, 2022

    Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.

    CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.


    Here at Askwoody we are a bit more savvy.  WE DON’T OPEN THINGS WE AREN’T EXPECTING.  That said if you do want to proactively protect yourself ….

    Group policy fix – Just disable “Troubleshooting wizards” by GPO  see the location here:

    Registry fix:

    click on the search box, type in cmd

    Right mouse click on cmd in the menu bar to RUN AS ADMIN

    type in reg delete HKEY_CLASSES_ROOT\ms-msdt /f

    Click enter

    If you want to restore it back:

    This registry key will restore the troubleshooting wizard – link here

    Click on the downloads, double click to launch, follow the slightly scary instructions to import the registry key back in.

    =================

    Update 6/1/2022

    Now the URI for Search is being abused.

    Once again if you want to proactively protect yourself

    Run Command Prompt as Administrator.

    Execute the command “reg delete HKEY_CLASSES_ROOT\search-ms /f”

    If you want to restore it back, click here

  • Master Patch List as of May 19, 2022 – out of band for server auth issues

    Microsoft has released an out of band update for Servers only to fix the authentication issues with certificates introduced in the May updates. I’ve updated the  Master Patch list  as a result.

    Cumulative updates:
    Note: You do not need to apply any previous update before installing these cumulative updates.
    Standalone Updates:

    Note these are not on Windows update, they are only on the Microsoft Update catalog.  They can be imported into WSUS.

    Note this issue does not impact consumers, only domain controllers in networks with an active directory domain.  So if you are a home or small business with a peer to peer network you will not be impacted.

    The only other fix discussed is to fix installing updates from the Microsoft store.  If you have been impacted by any other Windows 10/11 issues (.net stuff, black monitor, etc) I personally don’t think this out of band will fix those issues.  You certain can back up your system and try it, but I would be surprised/gobsmacked to hear that it actually fixed anything other than the auth problems on the servers and the Microsoft store install.