• The case of the missing Registry key

    Home » Forums » Newsletter and Homepage topics » The case of the missing Registry key

    Author
    Topic
    #2567070

    PATCH WATCH By Susan Bradley Microsoft leaves it up to us to finish its job. Once upon a time, there was a company that cared equally about the impact
    [See the full post at: The case of the missing Registry key]

    Susan Bradley Patch Lady/Prudent patcher

    6 users thanked author for this post.
    Viewing 9 reply threads
    Author
    Replies
    • #2567080

      Microsoft’s
      compatibility updates for Windows 10,11 are missing too and must be installed manually if one knows they exist.
      https://www.askwoody.com/forums/topic/ready-for-june-updates/#post-2566402

    • #2567140

      Finally, if you have deployed Windows Hello, your users may see an additional prompt this month. You can click Next and continue, but it will be confusing for end users.

      It’s a clear question with a simple Yes/No answer. There’s no reason any user should be confused (by what may be a legal requirement in some localities):

      Your biometric data will remain on your device until you remove it. However, after a significant period of Windows Hello inactivity, you will be prompted to confirm that you want to continue to store your biometric data.

      Windows sign-in options and account protection — Windows Hello

    • #2567161

      Are there [simple?] instructions for specifying which updates to install and which to skip?  All I’ve ever done was wait for the all-clear from you and then do an update — I’ve never done an update omitting one item.

      • #2567168

        Susan’s Master Patch List provides a spreadsheet/PDF (your choice) list of patches with their recommendation for install (or not) monthly.

        See the “Master Patch List” button at the top of the site main page.

        • #2567176

          I know about the master patch list.. what I don’t know is how to *use* it.  The only updates I’ve ever done have been via clicking on “Download” on the Windows update page.  I don’t know how to get windows update to show me all the individual updates and select which ones to install

          • #2567177

            All I’ve ever done was wait for the all-clear from you and then do an update — I’ve never done an update omitting one item.

            Why are you considering anything different now?

          • #2567398

            For consumer and home users, Susan’s original newsletter article simply recommends holding off for a while on June’s updates – until she gives the green light later in the month.

            The issue with  CVE-2023-24932 is only about the manual changes to the registry that are needed to activate the protections for that vulnerability. She recommends not undertaking those at this point – at least for consumers.

            As for your general question about how to manage updates in general, see this page that Susan created for methods that you could use: https://blockapatch.com/  You could also search here on AskWoody about those specific tools.

            Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

            1 user thanked author for this post.
    • #2567186

      This is one case regarding patching where I completely agree. A patch without implementation is worthless! Why bother. I guess we now have a lot of computer staged for a fix, but until the likelihood of a problem increases, the cost to implement this one is much too high. Businesses can’t be expected to go around manually installing things anymore.

    • #2567202

      Once upon a time, there was a company that cared equally about the impact

      My thoughts shifted immediately to “Microsoft has realized that it is in “swan song” times, that it isn’t going to be the “ALL” for the world for very much longer, that it can only make so much money on it, and it is moving on.”

      Yay, but worrisome for the folks that have to find an alternative over the next 10 years?

      - Thinkpad P15s Gen1 20T4-002KUS, i7-10510U, UEFI/GPT, 16GB, Sammy 500GB M.2. others. Mint 21.2 Xfce w Vbox-win10. Mint 21.2 Cinn Edge w wine. Win 11 Pro 23H2 WU(local, no Copilot, no Edge). HP laserjets M254dw & P1606dn, Epson 2480 scanner. External monitor Dell S3221QS.

    • #2567203

      It’s pretty simple, actually.  Create the .reg file, open regedit.exe with elevated privileges, click File > Import, navigate to and select the .reg file, click OK.  The following is the content of the .reg file:

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides]
      “4237806220”=dword:00000001

      Sign out and then sign back in, and it’s a done deal.

      This is the .reg file:

      Overrides

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

      • #2567247

        It’s pretty simple, actually.

        For you maybe. But the average Users that I work with have no clue what a Registry is, much less how to find it, open it. or operations with it such as import/add/export/save.
        They take whatever Microsoft drops on them and have no clue even how to deal with it.

        You are NOT the average User (or anywhere near it).

        2 users thanked author for this post.
      • #2567277

        Now multiply this by gazillons of desktops with various versions.

        Susan Bradley Patch Lady/Prudent patcher

        2 users thanked author for this post.
      • #2567294

        Any hint of what this registry edit will fix? Thanks.

        • #2567299

          It’s supposed to provide protection from “The attacker who successfully exploits this vulnerability could view heap memory from a privileged process that is running on the server.”  Translation the attacker could view secrets in memory that may contain passwords is my take on this.  But it’s not easy to use this vulnerability and it has to be combined with another vulnerability.  So the likelihood of actual attack is low.

          That’s the good news.

          Susan Bradley Patch Lady/Prudent patcher

      • #2567325

        Exactly, just like synchronizing multiple downdraft carburetors! Folks are born knowing how. Right?

      • #2567508

        How do you create a valid .reg file?  The only thing I can find is a PS1 file on Github posted by a user on Ghacks, and I am not sure how to implement that.

        Do you copy the PS1 file from Github,  paste it into an empty PS1 file on your system, then execute it with Powershell?

        I haven’t found a .reg file that would work.  Microsoft’s is incomplete.

         

         

        • #2567510

          How do you create a valid .reg file?

          See post #2567203.

          Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
          We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

          • #2567516

            I see your file, but does it work?  It seems that there should be more to it.

            I don’t want to brick my system.

            Thanks for your interest.

             

            Mark

             

            • #2567535

              I see your file, but does it work?

              It adds the key and sets the value in accordance with Microsoft’s instructions.

              I don’t want to brick my system.

              Read the red in my signature block, follow that advice, and even if you brick your system (highly unlikely, but it definitely pays to be prepared), you can get it right back to where it was by restoring your fresh drive image.

              Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
              We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

            • #2567559

              I do make backups every week, but I would rather avoid restoring the system if possible.  I have already installed the update (by accident) and there seems to be no ill-effects.  I will further consider whether to use your .reg file.  I am curious to know where you found it, or did you construct it yourself?

              Thanks

              Mark

               

               

            • #2567563

              I am curious to know where you found it, or did you construct it yourself?

              I wrote it following Microsoft’s instructions.  I’ve done copious amounts of registry editing through the years, and have no real fear of working in the registry, particularly since I follow my own advice about drive images.  And obviously, I’ve done copious amounts of image restorations, as well.

              Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
              We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2567261

      From the article:

      On June 8, Apple released several big updates that included security fixes.

      What are these updates? I can’t see any iOS/iPadOS/macOS/Safari updates since May 18.

      • #2567278

        Shoot I forgot to fix that.  Apple released more CVE detailed info about the May releases and originally I thought we got new Apple updates.  When I was doing the master listing I realized my error and forgot to go back and change the article.  Sorry about that.

        They typically wait and don’t release the details until folks have had a chance to patch.

        Susan Bradley Patch Lady/Prudent patcher

        1 user thanked author for this post.
        Sky
    • #2567284

      https://www.catalog.update.microsoft.com/Search.aspx?q=KB5027573

      The only files I see for KB5027373 are dynamic files with .cab extensions:
      cab-1

      As folks say around here: Do what?

      On permanent hiatus {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
      • #2567289

        This is one of those optional updates that because I use a third party backup program anyway I don’t see it as a critical need.

        Per the KB it will be installed via Windows update.

        CAB files have to be installed via DISM so once again this is a totally skip it patch and are not to be handled manually.

        Susan Bradley Patch Lady/Prudent patcher

    • #2567525

      Hey Y’all,

      Since the Registry entry required varies by Windows Version (10,11) and Update Level (20H2, 21H2, 1809, 1607, etc.) I created a PowerShell which will place the proper entry in the registry based on the the detected version on your computer.

      You can download the program from my OneDrive shared folder.

      The file you want is: Add-CVE-2023-32019-RegistryEntry
      Note: The hashes are located in the HASH file in the same folder.

      The program will run giving you messages along the way and prompting if you want it to install the registry entry or not before making any changes.

      Here are the messages the program may display:

      If your version of Windows is not listed in the advisory you’ll get this:
      Unsupported-Windows-Version

      Prompt for you to verify you want to add the entry or not:
      Grant-Permission-to-change-registry

      If you Select NO to the above prompt:
      Operation-Aborted

      If you Select YES:
      Operation-Completed

      Note: PowerShell needs to be run as Administrator. If you run it as a user the program will let you know and exit.
      RunAsAdmin

      [EDIT] Please Note: I tested this the best I could. Full test on Win 11 22H2 & Win 10 22H2 both fully updated. The other versions I plugged data and ran the sections of the code after those that pull the version info from the running computer.
      So MAKE SURE YOU HAVE AN IMAGE BACKUP BEFORE RUNNING! At a minimum a Restore Point.

      Hope this helps.

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      3 users thanked author for this post.
      • #2567747

        Thanks for your effort.  But it’s kind of scary for non-techies.  I doubt that most of them know what PowerShell is, let alone have used it.

        I will reserve my decision on whether to employ the patch until a later date.  I don’t think that there is any hurry.

        Mark

    • #2580143

      there’s no need to use Add-CVE-2023-32019-RegistryEntry anymore as the August 2023 & later updates include protections for CVE-2023-32019 which are enabled by default in those new updates.

    Viewing 9 reply threads
    Reply To: The case of the missing Registry key

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: