The case of the missing Registry key

Topic

New Reply

PATCH WATCH By Susan Bradley Microsoft leaves it up to us to finish its job. Once upon a time, there was a company that cared equally about the impact
[See the full post at: The case of the missing Registry key]

Susan Bradley Patch Lady/Prudent patcher

6 users thanked author for this post.

Norio, geekdom, lmacri, DLivesInTexas, abbodi86, Alex5723

Reply | Quote

Replies

Microsoft’s
compatibility updates for Windows 10,11 are missing too and must be installed manually if one knows they exist.
https://www.askwoody.com/forums/topic/ready-for-june-updates/#post-2566402

Reply | Quote

Susan Bradley wrote:

Finally, if you have deployed Windows Hello, your users may see an additional prompt this month. You can click Next and continue, but it will be confusing for end users.

It’s a clear question with a simple Yes/No answer. There’s no reason any user should be confused (by what may be a legal requirement in some localities):

Your biometric data will remain on your device until you remove it. However, after a significant period of Windows Hello inactivity, you will be prompted to confirm that you want to continue to store your biometric data.

Windows sign-in options and account protection — Windows Hello

Reply | Quote

In a network setting where it’s been set up for you any new screen is confusing.

@b have you been a help desk person?

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

ChemE75

Reply | Quote

Susan Bradley wrote:

In a network setting where it’s been set up for you any new screen is confusing.

No one can have a face or fingerprint set up for them by anyone else.

Susan Bradley wrote:

@b have you been a help desk person?

Yes. Lots. You?

Reply | Quote

Monday through Friday and some weekends .  This is happening on systems already set up triggering unnecessary help desk calls.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Windows 10 only?

KB5027215 Issue with Windows Hello Popup Message

It doesn’t appear unless the user has stored biometric data.

Reply | Quote

Are there [simple?] instructions for specifying which updates to install and which to skip?  All I’ve ever done was wait for the all-clear from you and then do an update — I’ve never done an update omitting one item.

Reply | Quote

Susan’s Master Patch List provides a spreadsheet/PDF (your choice) list of patches with their recommendation for install (or not) monthly.

See the “Master Patch List” button at the top of the site main page.

Reply | Quote

I know about the master patch list.. what I don’t know is how to *use* it.  The only updates I’ve ever done have been via clicking on “Download” on the Windows update page.  I don’t know how to get windows update to show me all the individual updates and select which ones to install

Reply | Quote

berniec wrote:

All I’ve ever done was wait for the all-clear from you and then do an update — I’ve never done an update omitting one item.

Why are you considering anything different now?

Reply | Quote

For consumer and home users, Susan’s original newsletter article simply recommends holding off for a while on June’s updates – until she gives the green light later in the month.

The issue with  CVE-2023-24932 is only about the manual changes to the registry that are needed to activate the protections for that vulnerability. She recommends not undertaking those at this point – at least for consumers.

As for your general question about how to manage updates in general, see this page that Susan created for methods that you could use: https://blockapatch.com/  You could also search here on AskWoody about those specific tools.

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

1 user thanked author for this post.

Cybertooth

Reply | Quote

This is one case regarding patching where I completely agree. A patch without implementation is worthless! Why bother. I guess we now have a lot of computer staged for a fix, but until the likelihood of a problem increases, the cost to implement this one is much too high. Businesses can’t be expected to go around manually installing things anymore.

Reply | Quote

Susan Bradley wrote:

Once upon a time, there was a company that cared equally about the impact

My thoughts shifted immediately to “Microsoft has realized that it is in “swan song” times, that it isn’t going to be the “ALL” for the world for very much longer, that it can only make so much money on it, and it is moving on.”

Yay, but worrisome for the folks that have to find an alternative over the next 10 years?

- Thinkpad P15s Gen1 20T4-002KUS, i7-10510U, UEFI/GPT, 16GB, Sammy 500GB M.2. others. - Mint 21.2 Xfce w Vbox-win10 for most, Mint 21.2 Cinn Edge w wine for games, Win 11 Pro 23H2 WU. HP laserjets M254dw & P1606dn, Epson 2480 scanner. External monitor Dell S3221QS.

Reply | Quote

It’s pretty simple, actually.  Create the .reg file, open regedit.exe with elevated privileges, click File > Import, navigate to and select the .reg file, click OK.  The following is the content of the .reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides]
“4237806220”=dword:00000001

Sign out and then sign back in, and it’s a done deal.

This is the .reg file:

Overrides

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

bbearren wrote:

It’s pretty simple, actually.

For you maybe. But the average Users that I work with have no clue what a Registry is, much less how to find it, open it. or operations with it such as import/add/export/save.
They take whatever Microsoft drops on them and have no clue even how to deal with it.

You are NOT the average User (or anywhere near it).

2 users thanked author for this post.

samak, Cybertooth

Reply | Quote

Now multiply this by gazillons of desktops with various versions.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

samak, Cybertooth

Reply | Quote

Any hint of what this registry edit will fix? Thanks.

Reply | Quote

It’s supposed to provide protection from “The attacker who successfully exploits this vulnerability could view heap memory from a privileged process that is running on the server.”  Translation the attacker could view secrets in memory that may contain passwords is my take on this.  But it’s not easy to use this vulnerability and it has to be combined with another vulnerability.  So the likelihood of actual attack is low.

That’s the good news.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Exactly, just like synchronizing multiple downdraft carburetors! Folks are born knowing how. Right?

Reply | Quote

How do you create a valid .reg file?  The only thing I can find is a PS1 file on Github posted by a user on Ghacks, and I am not sure how to implement that.

Do you copy the PS1 file from Github,  paste it into an empty PS1 file on your system, then execute it with Powershell?

I haven’t found a .reg file that would work.  Microsoft’s is incomplete.

 

 

Reply | Quote

Mark wrote:

How do you create a valid .reg file?

See post #2567203.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

I see your file, but does it work?  It seems that there should be more to it.

I don’t want to brick my system.

Thanks for your interest.

 

Mark

 

Reply | Quote

Mark wrote:

I see your file, but does it work?

It adds the key and sets the value in accordance with Microsoft’s instructions.

Mark wrote:

I don’t want to brick my system.

Read the red in my signature block, follow that advice, and even if you brick your system (highly unlikely, but it definitely pays to be prepared), you can get it right back to where it was by restoring your fresh drive image.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

I do make backups every week, but I would rather avoid restoring the system if possible.  I have already installed the update (by accident) and there seems to be no ill-effects.  I will further consider whether to use your .reg file.  I am curious to know where you found it, or did you construct it yourself?

Thanks

Mark

 

 

Reply | Quote

Mark wrote:

I am curious to know where you found it, or did you construct it yourself?

I wrote it following Microsoft’s instructions.  I’ve done copious amounts of registry editing through the years, and have no real fear of working in the registry, particularly since I follow my own advice about drive images.  And obviously, I’ve done copious amounts of image restorations, as well.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

From the article:

On June 8, Apple released several big updates that included security fixes.

What are these updates? I can’t see any iOS/iPadOS/macOS/Safari updates since May 18.

Reply | Quote

Shoot I forgot to fix that.  Apple released more CVE detailed info about the May releases and originally I thought we got new Apple updates.  When I was doing the master listing I realized my error and forgot to go back and change the article.  Sorry about that.

They typically wait and don’t release the details until folks have had a chance to patch.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Sky

Reply | Quote

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5027573

The only files I see for KB5027373 are dynamic files with .cab extensions:

As folks say around here: Do what?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

This is one of those optional updates that because I use a third party backup program anyway I don’t see it as a critical need.

Per the KB it will be installed via Windows update.

CAB files have to be installed via DISM so once again this is a totally skip it patch and are not to be handled manually.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Hey Y’all,

Since the Registry entry required varies by Windows Version (10,11) and Update Level (20H2, 21H2, 1809, 1607, etc.) I created a PowerShell which will place the proper entry in the registry based on the the detected version on your computer.

You can download the program from my OneDrive shared folder.

The file you want is: Add-CVE-2023-32019-RegistryEntry
Note: The hashes are located in the HASH file in the same folder.

The program will run giving you messages along the way and prompting if you want it to install the registry entry or not before making any changes.

Here are the messages the program may display:

If your version of Windows is not listed in the advisory you’ll get this:

Prompt for you to verify you want to add the entry or not:

If you Select NO to the above prompt:

If you Select YES:

Note: PowerShell needs to be run as Administrator. If you run it as a user the program will let you know and exit.

[EDIT] Please Note: I tested this the best I could. Full test on Win 11 22H2 & Win 10 22H2 both fully updated. The other versions I plugged data and ran the sections of the code after those that pull the version info from the running computer.
So MAKE SURE YOU HAVE AN IMAGE BACKUP BEFORE RUNNING! At a minimum a Restore Point.

Hope this helps.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

3 users thanked author for this post.

Mark, geekdom, Cybertooth

Reply | Quote

Thanks for your effort.  But it’s kind of scary for non-techies.  I doubt that most of them know what PowerShell is, let alone have used it.

I will reserve my decision on whether to employ the patch until a later date.  I don’t think that there is any hurry.

Mark

Reply | Quote

there’s no need to use Add-CVE-2023-32019-RegistryEntry anymore as the August 2023 & later updates include protections for CVE-2023-32019 which are enabled by default in those new updates.

Reply | Quote