Microsoft’s announcements this week

Topic

New Reply

Q: So Susan, I see that Microsoft held this event this week to make announcements regarding hybrid work, what are your thoughts about what was discuss
[See the full post at: Microsoft’s announcements this week]

Susan Bradley Patch Lady/Prudent patcher

16 users thanked author for this post.

AlexEiffel, Steve, SueW, Steve S., Still Anonymous, Kathy Stevens, Dave, David F, fk5353, oldfry, Alex5723, Ricard, wdburt1, NetDef, DrBonzo, Lars220

Reply | Quote

Replies

This could be the best post you have ever written. No one else has been willing to address the elephant in the room – the balkanization of Windows into the enterprise users versus everyone else. Small business users (10 to 50 workstations)  are being squeezed out.

2 users thanked author for this post.

AlexEiffel, oldfry

Reply | Quote

This is all too true let alone the fact that there are significant numbers of machines that may never benefit from these security features since they can’t run Win 11. Thanks for the “rant” although I fear all of us complaining is pretty much equivalent to spitting into the wind.

Reply | Quote

We are “normal users” operating a small fleet of Windows 10 Pro 64-bit Version: 19043.1586 workstations. Some of our PCs will support Windows 11 others will not. But we do not plan on moving to Windows 11 until Windows 10 reaches its end of life during October 2025.

At present, we do not use the Microsoft cloud or other services covered by Microsoft subscription enterprise licenses.

Our practice is to install and run only a predefined set of applications all of which were developed by recognizes organizations and purchased from reputable dealers.

So:

• Are we OK if we continue to rile on Microsoft Defender and an anti-malware program such as Bitdefender Internet Security, AVG Internet Security, ESET Internet Security, F-Secure SAFE, Norton 360 Deluxe, or Avast Premium Security?
• Or should we accelerate our transition to Windows 11 so that we can take advantage of Microsoft’s new and growing list of security features and forgetting about using third-party anti-malware software?

Reply | Quote

Only thing I’ll say is the recent system I was dealing with with Phobos ransomware had Defender and MBAM. Didn’t pick it up, even after a fresh install on a new HDD and scanning the files on usb. ESET flagged the infected files immediately.

Never Say Never

2 users thanked author for this post.

Alex5723, Kathy Stevens

Reply | Quote

I fully agree.   For anything that Microsoft announces in this context, as far as I’m concerned, it’s a big “meh”.  Realistically, it seems that all they really care about are the customers that generate big $$$ via subscriptions, as well as a measure of what can be sold directly to consumer/home users.  For those of us in the Small-and-Medium Business sector, we’re not big enough to care about, one way or the other.

Disrespect of SMB is mostly nothing new in the computer industry, and I have plenty of experience over multiple decades of trying to make things work between stripped-down Enterprise-grade stuff, or creative expansion of stuff designed for consumers, where neither fits especially well. Microsoft has always had some measure of that, but their antipathy to SMB does seem to be growing, or at least, where they no longer even bother to pretend to care.

Somewhere along, it’s not beyond the realm of possibility (perhaps when Windows 12 comes along?) that Microsoft eventually abandons Pro versions of Windows, and where the only choice we have is either Home or Enterprise versions.

The promotion that we’ve seen with Win 11 has been illustrative.  Besides the rework of the Win UI, most of Microsoft’s presented rationale of “security” has been focused on stuff that may be useful for Enterprises, but mostly irrelevant in the SMB sector.

Reply | Quote

Susan Bradley wrote:

It PAINS me every time someone in the forum talks about how they still run Windows XP and they consider it secure (If you still are using it and it’s connected to the Internet and not isolated, it’s honestly not, you can’t install a modern browser on it) or love Windows 7 (I’ll be covering Windows 7 and the future in this week’s newsletter — stay tuned).

Seems my post did not make moderation. Time to try again.

 

Yes. I still use Windows Xp. It is best OS ever made. It does not have all rubbish and sypware that Windows 10 and the worse OS Windows 11 has.  Even have Windows 7 that might finally be safe to use now that MS is not forcing Windows 10 our throats. Finally might be able to plug the network cable back…May will still use Xp until it fails or start using my other backup Xp if need. Plus there are people that still use Windows 98 on internet…I was one of those until power supply a few years back. Some of us are not rich billionares like MS to keep buy new stuff. Some have to use the stuff that others throw out.

 

Hopefully this is less critical of MS and will get posted… I was too critical it seems last time.

[Moderator edit] removed swearing

Reply | Quote

There is no spyware in W10/11 and you have always been able to stop the upgrade from 7 to 10.

A firewall does not stop viruses / browser vulnerabilities. These threats are real and without updated OS, AV and browser you are at risk.
These risks can be mitigated by making regular system backups and being careful on the web.

cheers, Paul

Reply | Quote

Susan,

Can you please explain to me how Windows 7 is insecure?  And I don’t mean in theory.  I mean in real live actual usage.  Most Windows 7 computers are behind a firewall so right off the bat any invulnerabilities they might have can’t be attacked from the internet.

And brain dead users on any platform that click on something they should not will be compromised regardless of operating system, so let’s discard that vector.

I’ve got Windows 7 computer in use on my network and I don’t consider them a threat, but I am open minded and want to understand what the real vulnerabilities might be.

2 users thanked author for this post.

AlexEiffel, Fred

Reply | Quote

Windows 7 supports older unsecure protocols.

SMBv1 is probably still active on that system.

NTLM is still probably active.

LanMan is probably active

Digest authentication – where passwords may be stored on the device and you aren’t aware of it

Passwords stored in the browser can be more easily cracked in 7 versus 10

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/retire-those-old-legacy-protocols/ba-p/259396

These days you can’t ensure that you won’t be nailed by phishing and once the bad guys are in, the easier they can do lateral movement/steal passwords that are stored in hash values, the faster they can nail you.

ASLR is also better in 10 than it is in 7.  https://www.mandiant.com/resources/six-facts-about-address-space-layout-randomization-on-windows

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Unsupported Windows 7 has an unpatched print spooler vulnerability that is very bad.

If your browser doesn’t get updated anymore on Windows 7, a vulnerability in it could enable a drive-by download that could have a bigger impact on Windows 7 by exploiting known unpatched flaws in it. You never know when browsing even if you are careful that you won’t stumble by mistake on a bad web site. It happened to me while researching cars before. There was an article on a legitimate web site referring to another source that I clicked and that didn’t exist anymore and had been replaced by a drive-by malware.

Reply | Quote

Microsoft announced Windows Autopatch for enterprise

As IT departments are being asked to do more with less, Microsoft is pleased to introduce[1] Windows Autopatch as a feature of Windows Enterprise E3[2], enabling IT pros to do more for less. This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost. IT admins can gain time and resources to drive value. The second Tuesday of every month will be ‘just another Tuesday’.…

So, according to Microsoft, IT doesn’t need to test monthly updates before patching hundreds/thousands.. PCs, and no deferrals.
Trust Microsoft’s Updates.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

E3 and above.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

.NET Automatic Updates for Server Operating Systems

We’re excited to announce that starting April 2022, we will be making monthly updates for modern .NET (.NET Core) available for server operating systems via Microsoft Update (MU) on an opt-in basis.

If you do not want to have your servers updated automatically for you no action is required. If on the other hand you do want to leverage this for your servers review continue reading below.

There is no change for client operating systems which will continue to receive updates via Automatic Updates, WSUS, and MU Catalog as earlier…

Reply | Quote

Windows Autopatch FAQ

When will Windows Autopatch be available?

Windows Autopatch will be released in July 2022. Stay up to date by bookmarking the Windows IT Pro Blog.

What systems does Windows Autopatch update?

Windows Autopatch manages all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates.

Does Windows Autopatch affect Patch Tuesday?

Do I have to change the way I manage updates for the devices in my organization? (New: April 29, 2022)
Monthly security and quality updates for supported versions of the Windows and Windows Server operating systems will continue to be delivered on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date.

Organizations can continue to use the same processes and tools they use today—such as Microsoft Endpoint Manager, Windows Update for Business, and Windows Server Update Services (WSUS)—to manage and deploy these updates…

Reply | Quote

Susan Bradley wrote:

E3 and above.

E3+ doesn’t need to test patches and fully trust Microsoft updates ?

Reply | Quote