• MS-DEFCON 3: Issues with domains

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 3: Issues with domains

    Author
    Topic
    #2500167

    ISSUE 19.47.1 • 2022-11-22 By Susan Bradley November updates lead to side effects My usual advice regarding updates with known side effects is to wait
    [See the full post at: MS-DEFCON 3: Issues with domains]

    Susan Bradley Patch Lady

    6 users thanked author for this post.
    Viewing 14 reply threads
    Author
    Replies
    • #2500229

      Susan –

      So from your alert does this mean you recommend installing Windows 10 22H2 for Home/Consumers? I’m currently on Windows 10 22H1.

      I wish you would have stuck with your previous simple and clear warning/instruction:

      • Windows 11 22H2: Not recommended
      • Windows 11 21H2: If you have a Windows 11 PC, recommended
      • Windows 10 22H2: Not recommended
      • Windows 10 21H2: Recommended

      Thanks

      Custom Build
      Windows 10 Home 21H2 OS Build 19044.2006
      Intel i5 9400 5 Core CPU
      ASUS TUF Z390 Plus Motherboard

      • #2500238

        Same recommendations as in yesterday’s Newsletter.

      • #2500277

        Master Patch List @ AskWoody

        I put the current recommendations at the top of the master patch list so there’s no misunderstanding.  Does that help?

        Because I know some around here have moved to Win 10 22H2 that’s merely a comment that it’s a minor update and not as disruptive as Window 11 22H2.

         

        Susan Bradley Patch Lady

    • #2500240

      @PKCano – Yesterday’s newsletter was about Apple iOS and the MS-Defcon was 2 not 3.

      Custom Build
      Windows 10 Home 21H2 OS Build 19044.2006
      Intel i5 9400 5 Core CPU
      ASUS TUF Z390 Plus Motherboard

      • #2500243

        Yeah, my bad. It was the Nov 14th Newsletter. Did it get mentioned in this morning’s DEFCON alert?

    • #2500246

      I, also, am unclear.  Ok to install win10 22H2?    or wait till defcon number gets to 4 or 5?

      1 user thanked author for this post.
    • #2500255

      @PKCano – I was quoting the 11/14 newsletter in my original post – but Susan’s 11/21 seems to have changed recommendations and is now quite cryptic – unlike the 11/14 newsletter which was straight to the point.

      Custom Build
      Windows 10 Home 21H2 OS Build 19044.2006
      Intel i5 9400 5 Core CPU
      ASUS TUF Z390 Plus Motherboard

      • #2500259

        Until Susan makes a clear statement that any 22H2 is OK, stay with 21H2.

    • #2500257

      I’m unclear as to when to apply the

      DISM /Online /Set-OSUninstallWindow /Value:60

      command. Should it be done before updating to Win11, or after the update but before the default 10-day uninstall window expires? On my current Win10 22H2 system, I do get the Error 1138 when I attempt to apply it.

      • #2500279

        I would do it before and then check it again if you move to 11.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2500260

      I believe Susan’s recommendations have NOT changed.

      OK as a home/consumer user – Windows 10 22H2 Not recommended.

      But are Windows 10 22H1 updates recommended?

      Like I said Susan’s newsletter this week is quite cryptic.

      Custom Build
      Windows 10 Home 21H2 OS Build 19044.2006
      Intel i5 9400 5 Core CPU
      ASUS TUF Z390 Plus Motherboard

      • #2500278

        I give guidance to both consumers and businesses.

        Businesses – and especially those that patch Domain controllers HAVE to install an out of band manual patch in order to ensure they don’t see side effects.

        Consumers – I’m not seeing major issues.  I try to put the summarized recap on the master patch list page in case I’m a bit more cryptic than I mean to be.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
      • #2500479

        There was no Windows 10 22H1 release.

    • #2500280

      We’re skipping the November updates for our server and workstations and will wait for December updates.

    • #2500284

      4 hours to download all November non-Preview updates with three reboots. Now on Windows Home 10 22H2 OS build 19045.2251 with no problems. Thanks, Susan!

    • #2500292

      The Windows 10, version 22H2 feature update is entering its final rollout phase and is now designated for broad deployment. As part of the broad deployment phase, Microsoft is offering this update to an expanded set of eligible devices running Windows 10, version 20H2 and later versions.

    • #2500367

      Business patcher here. I installed November updates Monday night. No issues reported. Just deployed a script to check these two events in the System log:

      Microsoft-Windows-Kerberos-Key-Distribution-Center – 14 – Error
      Kdcsvc – 42 – Error

      No reports coming back. In fact, on one DC that I checked, Kdcsvc isn’t even registered as an Event Source. I wondered if they meant KdsSvc.

      What I’m unclear on, even if there were issues, would installing the applicable out-of-band updates fix the issues, or do I have to go through all the steps and scripts in those two DirTeam articles to mitigate manually?

      [Insert another gripe about frequent OOB updates and long mitigation articles. How is one supposed to manage a few small servers in this break-now-fix-later environment? Synology? Azure?]

       

      • #2500375

        If you have reset your Kerberos password on a regular basis you may be going “what issues?’   I would recommend reviewing the resources herehere and here.

        Susan Bradley Patch Lady

    • #2500397

      Windows 10 Pro. 21H2 , Home user. Installed  November update no issues.

    • #2500384

      Another Business Patcher here. Have a 2012R2 Domain Controller I need to patch.

      If I have NOT installed the November updates yet have they fixed the updates that are being offered and I can I just install now and not worry about the additional manual update or do they not fix the broken updates that are offered and we just need to do both ??

      Thanks for any feedback.

       

       

    • #2500489

      For what it’s worth I’ve been running Windows 10 22H2 on my powerful development workstation for weeks now and I haven’t had many problems with it. It’s been surprisingly stable and glitch-free, and I’ve been pushing it hard doing business management, code development, engineering builds, product testing, etc. and also benchmarking a lot (heating the CPU way up) to see which performance tweaks are most effective.

      ScreenGrab_NoelC6_2022_11_23_105646

      ScreenGrab_NoelC6_2022_11_23_105839

      -Noel

      Attachments:
      2 users thanked author for this post.
      • #2500550

        In a (multi-OS) homeuser capacity, I’ve also noticed stablity/performance is as good as 21H2 with W10 22H2 since upgrading a day after general release and that’s for both 32bit and 64bit Pro editions.

        Beware! the Louis Cypher is everywhere

        1 user thanked author for this post.
    • #2500983

      With 2 updates remaining after this update of Win 8.1 🙁

      November patches installed with no problems to report on Win 8.1. 🙂

      Installation Successful: Windows successfully installed the following update: 2022-11 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 for x64 (KB5020690)

      Installation Successful: Windows successfully installed the following update: 2022-11 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5020023)

      Group "A"- Win 8.1 x64
      Win 10 ver. 21H2 x64

      1 user thanked author for this post.
    • #2501162

      “Patch reliability is unclear, but widespread attacks make patching prudent”

      I guess I may have missed it, but what widespread attacks are home users with Windows 10 version 21H2 seeing?

      It’s a bit earlier than usual in the monthly cycle to be running the updates, meaning that it could cause a problem next month when the 35 days pause expires earlier than usual.  I appreciate that no major issues have been tracked for such users this month, but what widespread attacks if any are we talking about for such users?

      I’m wondering whether the split between business and home users, and Windows 8.1/10 and 11, not to mention different versions, are making a single DefCon rating problematic these days.

      1 user thanked author for this post.
    Viewing 14 reply threads
    Reply To: MS-DEFCON 3: Issues with domains

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: