• MS-DEFCON 3: Side effect with Domain patch

    alert banner

    Special alert

    MS-DEFCON 3

    By Susan Bradley

    November Domain controller update leads to memory leak

    Business patchers only:  Microsoft has posted up a known side effect introduced by the November updates applied to domain controllers.

    As they note in their health release: (with my slight edits for clarification)

    After installing November or later updates on Domain Controllers (DCs), you might experience a memory leak with Local Security Authority Subsystem Service (LSASS,exe). Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart. Note: The out-of-band updates for DCs released November 17, 2022 and November 18, 2022 do not fix the issue and are also affected by this issue.

    Workaround one if you can remove the patch: Uninstall the November 8th updates and out of band updates that are listed here.

    Workaround two if you are mandated to keep the patch installed: To mitigate this issue, open Command Prompt as Administrator and use the following command to set the registry key KrbtgtFullPacSignature to 0:

    • reg add “HKLM\System\CurrentControlSet\services\KDC” -v “KrbtgtFullPacSignature” -d 0 -t REG_DWORD

    Note that this ONLY impacts business patchers and does NOT impact consumers.

  • Happy Thanksgiving to all 2022!

    It’s the American holiday of eating turkey, watching tv and at my house, the annual get the Christmas boxes down and start decorating the tree. Already I’ve prevented a near disaster, when checking the Christmas tree lights (as I am the master light checker), I realized that one of the fuse bulbs was out making an entire string go out. Fortunately, last year I realized that while I still had quite a few replacement bulb, I didn’t have many fuse bulb and ordered replacements.  Notice they are sold out and thus at some point in the future I will have to restring the tree with new lights. Once again proving that with any technology, always make sure you have spare parts.

    Today’s the day I also spend the time reviewing the health and well being of computers in my house as the turkey roasts in the oven. I’ll review hard drive space, make sure that all computers have been updated to SSD drives. I use this time to ensure all of my machines on Windows 10 21H2 are ready to go to 22H2. But don’t just review your computer hardware, also review the speed of your internet. If you have multiple computers, check the speed on all of the devices – including ipads. If you’ve been a customer of your ISP for a long time, consider calling them up and seeing if you can get a cheaper/faster deal. You may not want to call today, as chances are their staffing is lower today and thus you’d have longer wait times.

    So monitor that turkey, and review your technology and have a happy holiday!  Thanks to all of you too!

  • MS-DEFCON 3: Issues with domains

    alert banner

    ISSUE 19.47.1 • 2022-11-22

    MS-DEFCON 3

    By Susan Bradley

    November updates lead to side effects

    My usual advice regarding updates with known side effects is to wait until the problems are resolved. But every so often, the risk of waiting is greater than the risks associated with the side effects.

    That’s the way I see the situation now. The November updates require you to slog through the issues and deal with the side effects. For that reason, I’m lowering the MS-DEFCON level to 3. I’d really like to go to 4, but I think greater caution is required.

    Anyone can read the full MS-DEFCON Alert (19.47.1, 2022-11-22).

  • When should you retire your Apple device?

    newsletter banner

    ISSUE 19.47 • 2022-11-21
    Look for our BONUS issue on November 28!

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    Apple’s recent releases encourage new hardware.

    There are several people at my office who constantly purchase the latest iPhone or iPad, turning in their old devices in the process. I’m not that adventurous — I don’t recommend updating quite that fast.

    However, I do recommend an upgrade if your phone is an older model, such as iPhone 8. Why? Because the best security is provided on the newest hardware, and because Apple has become more like Microsoft in requiring newer hardware to protect against snooping, zero days, and other risks.

    Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).
    This story also appears in our public Newsletter.

  • Be watchful for scams in the forums

    FROM THE FORUMS

    Talk Bubbles

    By Susan Bradley

    Last week, there was an incident in the forums that was unexpected and of some concern.

    Someone (let’s codename the person “Rogue”) signed up for a Plus membership, then used it to send direct messages (DMs) to several other members. The DM contained a solicitation.

    I took immediate action.

    Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).
    This story also appears in our public Newsletter.

  • Will PayPal fine you $2500 for trading artistic nudes?

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    PayPal, the giant online payment-processing service based in San Jose, California, put itself in hot water last month by releasing, and then disavowing, a document that threatened to deduct $2500 or more from PayPal users’ financial accounts if any of their transactions “appear to depict nudity” or “promote misinformation.”

    Setting aside that vague and confusing language for a moment, PayPal’s checkered history with regulators is worth recalling. For instance, the company was recently subjected to a number of actions.

    Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).

  • Why would you use OneNote at all?

    ONENOTE

    Mary Branscombe

    By Mary Branscombe

    If you’ve never seen the point of a digital shoebox for notes, here are some ways of putting OneNote to use that could change your mind.

    From the feedback I get when I talk about OneNote, it’s clear that there are plenty of devoted fans and heavy users out there. But I also get questions asking why you should use OneNote, and what it’s good at.

    Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).

  • Gourmet Recipe Manager — Organizing your stolen recipes

    FREEWARE SPOTLIGHT

    Deanna McElveen

    By Deanna McElveen

    First of all, I’m not a cook. That’s my husband’s job.

    The few things I do cook or bake are from recipes that I nab at family gatherings from my older relatives. I decided I needed to move these recipes out of their old card file boxes, so I went looking for some free software — because I’m cheap that way.

    I tried a few recipe organizers before I found an old program. Released in 2014, Gourmet Recipe Manager by Tom Hinkle may not have had any updates in quite a while, but it was exactly what I was looking for. I went ahead and tested it on Windows 7, 10, and 11; all seems fine.

    Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).

  • Printers are a pain

    Reading one of the “known issues” in Windows 11 22H2 and the side effects with certain printer drivers reminds me of how I have a love hate relationship with printers.

    In the known issues section….while the issue with IPP printers has been resolved and the block from Windows 11 22H2 has been removed, it reminds me that printers can drive us crazy. So here’s some of my tips:

    1. Don’t get so tied to a printer that you aren’t willing to chuck it out the window or send it to e-waste. Often you can buy a new printer that will work with a new computer easier than the hassle of trying to get a really old printer to work.  These days I tend to buy Lexmark printers and Brother printers.  But now that I’ve said “gee buy new”, I’ve also seen where it’s been hard to find printers of a certain type and style. There have been times I’ve purchased refurbished printers on ebay because I couldn’t find it any other way.
    2. Don’t buy inkjet printers. If you don’t print on a regular basis, that ink will get dry and the printer won’t work. Better to stick with a laser jet printer.
    3. If you get stuck, remember you can use the built in “Microsoft print to PDF” and can print something to a pdf in a pinch.
    4. When trying to get a print out of a web site, sometimes you just have to use snipping tool and cut and paste the image to word to get a USEABLE version of the web site. I’ve even tried the “print” button on a web site and it still doesn’t print.
    5. I personally find that connecting a printer via ethernet rather than wireless connection works better. I also make it a point to assign the printer a static IP address (this can normally be done in the setup section) and that works the best.
    6. Always be prepared to turn off and then turn back on a printer. Often they will go “asleep” and turning it back on reconnects it.

    What about you?  What tips and tricks do you recommend for dealing with printers?

  • Business patchers alert: Out of band patch expected to fix Domain controller issues

    What is it?  A heads up to business patchers.

    Does it impact consumers?  No. This is only an issue being seen on domain controllers 

    What is it about?  In the November 8th updates (which I haven’t approved yet) installing the updates on your domain controllers could cause authentication issues.

    There will be an out of band update released later on this week to fix issues caused by the November updates on domain controllers.

    If you have been impacted by these updates and have had to roll back the patches on your domain controllers, hang tight.  Help is on the way.  I will update the Master Patch list once this update has been released.

    See also KB5021131 and KB5020805

    Update: Out of band released

    Microsoft is releasing Out-of-band (OOB) security updates today, November 17, 2022 for installation on all the Domain Controllers (DCs) in affected environments. This update addresses a known issue which might cause sign in failures or other Kerberos authentication issues. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.
    To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update CatalogNote The below updates are not available from Windows Update and will not install automatically.
    Cumulative updates:
    Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
    Standalone Updates:
    Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of November 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released November 8, 2022 to receive the quality updates for November 2022. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
  • Does an old personal computer become useless?

    newsletter banner

    ISSUE 19.46 • 2022-11-14

    HARDWARE

    Ben Myers

    By Ben Myers

    Come take a ride in my souped-up DeLorean for an adventure in the days before Windows.

    You see an old computer and ask, “Why hasn’t it been scrapped?” But don’t look at just the PC — look at what it does within some total system. That’s what this story is about.

    The ride takes many twists and turns on the path to where we are today. Progress over the last 20-plus years is hard to believe.

    Read the full story in our Plus Newsletter (19.46.0, 2022-11-14).
    This story also appears in our public Newsletter.

  • Resolved!

    FROM THE FORUMS

    Susan Bradley

    By Susan Bradley

    We’ve added a much-requested enhancement to the forums.

    Our forums exist not only because technology is annoying at times, but also because it can be very difficult to find the solution to a particular problem.

    We’ve been lacking a feature to guide you in the right direction, and now we’ve added it — the ability to post a response in a forum to indicate that the answer to your question has been found.

    Read the full story in our Plus Newsletter (19.46.0, 2022-11-14).
    This story also appears in our public Newsletter.