News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Yes, you do need to patch sooner or later

    Home Forums AskWoody blog Yes, you do need to patch sooner or later

    Viewing 16 reply threads
    • Author
      Posts
      • #2296487 Reply
        woody
        Da Boss

        You know how I say that there’s no reason to patch as soon as the patches come out — but you need to patch sooner or later? Those of you running Wind
        [See the full post at: Yes, you do need to patch sooner or later]

        2 users thanked author for this post.
      • #2296500 Reply
        pHROZEN gHOST
        AskWoody Lounger

        Yes you do need to start using a newer OS sooner or later.

        People holding out on Windows 7/8 will eventually realize that more and more things get difficult or impossible as more and more vendors drop support for products they use to concentrate on making their products better for Windows 10.

        Are there any people out there still flogging along on CP/M?
        Oh wait, they wouldn’t be able to read this.

        Byte me!

        • #2296524 Reply
          Canadian Tech
          AskWoody_MVP

          PH, of course you are right, but I think that time may be yet a long time off. Today, there are still 100,000,000 Win7 systems using the web. That’s a big market for most of those providers to walk away from.

          The vast majority of home users use their systems for email and occasional web browsing — more often than not prompted by an email. For them, the only software they use is Chrome, their AV and possibly windows Live Mail.

          CT

          5 users thanked author for this post.
          • #2296666 Reply
            doriel
            AskWoody Lounger

            I agree with phrozen_ghost, that this is unavoidable. But for me, internet place is more about HTML, PHP and other communication standards, not about OS – look at myriads of mobile phones and still, all can access world wide web.

            I have an old notebook UMAX from year 2008. I was using WinXP and in 2014 I went to fedora 19. Until today, it still fuctions and I can visit most of websites. Sometimes some certificate is missing and I have to go through “Continue on this site (Not Recommended)” notification in Firefox, but it still works.
            Its not safe for ibanking, but I can play video on Youtube, play mp3 in rythmbox and play Heroes III in Wine, or some DOS game from OlderGeeks 🙂
            I simply love that machine 🙂

            Canadian tech wrote:

            These machines are steady state absolutely predictable machines. They just work like they did the day before. Day after day after day.

            An I second that opinion. Updating havoc is so unscessary. Somehow I feel it lacks elegance, doesnt it..

            Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

            HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

            1 user thanked author for this post.
          • #2296766 Reply
            anonymous
            Guest

            Everything breaks down. That includes computers. Many of the existing computers with older OSes will eventually die. Parts are going to be difficult to obtain.

            Many software vendor HAVE walked away from Windows 7/8.

            Newer technologies are not going to be available on older PCs. I am quite certain there are not a lot of Windows 3.1 machines out there now. They were so limited in functionality.

      • #2296507 Reply
        lurks about
        AskWoody Plus

        Security issues are often over-hyped when the patch is released and the bugs are real, often there is not pressing need to update yesterday before the patches were released. But at some point the system should be patched, maybe a couple of weeks after the patches are released. Susan and Woody try to give advice for business and home users as to when to patch Windows so the system is reasonably up to date and any major security issues are taken care of in a timely manner. While other OSes do not necessarily have someone like Woody and Susan monitoring the patches and reports the same basic rules apply, updates are issued for a reason but patching does not need to be done stat except in rare occasions.

      • #2296508 Reply
        Canadian Tech
        AskWoody_MVP

        My 120 Win7 client systems have not seen a single Microsoft Update since May 2017. That’s 40 months or some 4800 computer use months. Not one single instance of any kind of a problem. Again: these are typical home use computers that use Chrome, not IE, have Bit Defender Antivirus +, and have Flash, Adobe Reader and Java removed. windows Update service disabled. Windows Update set to Never.

        These machines are steady state absolutely predictable machines. They just work like they did the day before. Day after day after day.

        Meanwhile, Microsoft updates all around us are reeking havoc with everyone else’s machines.

        CT

        6 users thanked author for this post.
        • #2297278 Reply
          bbearren
          AskWoody MVP

          Microsoft updates all around us are reeking havoc with everyone else’s machines.

          That statement (particularly the “everyone else’s” part) is simply not true.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

          1 user thanked author for this post.
      • #2296515 Reply
        anonymous
        Guest

        I’d certainly HOPE network admins would know this and also have the knowledge to understand which “security” updates are real and which are meh.  Maybe I assume too much.  At some point, I’d expect long delayed updates to wreak havoc with a network.

        Not the same as what’s described here but I have a home server running Ubuntu that updates constantly and I never even think about it.

        As an individual, I usually choose later, usually based on what is said here and a few other good sites.  A few years ago, I hardly ever installed updates.  Had one XP desktop with two kids pounding on it for year with no AV operating (oops!) and no issues beyond all the junkware they downloaded.

        I still wonder if all the sky is falling stuff about updates and security, for the average user, matters.  It’s definitely a way for MS to collect data and reset machines to forward data on all the Home installs out there.

        Thing is, they don’t seem to have a clue what to do with it!  Windows reality distortion field 🙂

        1 user thanked author for this post.
        • #2296542 Reply
          Charlie
          AskWoody Plus

          A few years ago, I hardly ever installed updates. Had one XP desktop with two kids pounding on it for year with no AV operating (oops!) and no issues beyond all the junkware they downloaded.

          The key words here are Kids and Junkware they downloaded.  In general, kids will click on anything that grabs their attention.  You just can’t do that anymore.  Thanks for bring up a very good point.

          Win 7, Sandy Bridge 3.3GHz, Linux Mint 19.1, Klaatu barada nikto

      • #2296523 Reply
        Geo
        AskWoody Plus

        Besides W7, 0patch pro can also be used for W10 as a second layer of protection with their micro-patches.

      • #2296526 Reply
        Moonbear
        AskWoody Lounger

        Two questions:

        Can this attack effect systems that aren’t running servers or domain controllers at all?

        In the ZDnet article it says that there will be a more complete patch released in February 2021, why is Microsoft waiting so long?

         

        • This reply was modified 1 week, 3 days ago by Moonbear.
        1 user thanked author for this post.
      • #2296527 Reply
        Alex5723
        AskWoody Plus

        Win7 client systems have not seen a single Microsoft Update since May 2017.

        We have a Win7 at home which hasn’t seen Microsoft’s updates since ~2016 after forced upgrade to W10 and reverted to W7.
        This W7 laptop is a work PC connected to the Internet and works as new with 0 problems, bugs, crashed, viruses, slowness… all that time. It will remain in use until a sever hardware crash.

        2 users thanked author for this post.
      • #2296567 Reply
        geekdom
        AskWoody Plus

        If you are a business entity, it is probably required that you patch and remain in compliance with stipulated industry regulations.

        G{ot backup} TestBeta
        offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 WindowsDefender
        online▸ Win10Pro 1909.18363.1082 x64 i5-9400 RAM16GB HDD Firefox82.0b3 WindowsDefender
        TargetReleaseVersion=1909
        WUMgr
      • #2296628 Reply
        anonymous
        Guest

        What’s the name of the update that fixes this vulnerability? (1909)

        • #2296664 Reply
          woody
          Da Boss

          The vuln is fixed by all of the August (and later) Windows Cumulative Updates.

          1 user thanked author for this post.
          • #2296716 Reply
            doriel
            AskWoody Lounger

            https://www.bleepingcomputer.com/news/microsoft/windows-zerologon-poc-exploits-allow-domain-takeover-patch-now/

            CVE-2020-1472 does not seem to be too much difficult for somebody to make it happen. And since this is about domain networks, I consider this as very serious. Why Microsoft hesitates to patch right now? Using some sort of Out-Of-Box update?
            I know admins can (and should) patch manually, but I dont understand. We are fed with security fairy tales every day and then it takes month to patch possibility to takeover whole domain? mmm…

            Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

            HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

            • This reply was modified 1 week, 2 days ago by doriel. Reason: spelling errors
      • #2296639 Reply
        zero2dash
        AskWoody Lounger

        All my Win10 Pro boxes have feature update deferrals set to 120 days and quality update deferrals set for 14 days…. have been this way for over a year, and I have yet to have a problem. Started on 1803, now on 1909 as my time expires here and there. Not a single issue in several years. Win10 runs like a top for me on everything from my monster workstation (R9 3900X / 5700XT / 64GB DDR4) to my weaker desktops (a variety of i5’s and Xeon W3’s).

      • #2296654 Reply
        Paul T
        AskWoody MVP

        Two questions:

        Can this attack effect systems that aren’t running servers or domain controllers at all?

        In the ZDnet article it says that there will be a more complete patch released in February 2021, why is Microsoft waiting so long?

         

        • This reply was modified 1 week, 3 days ago by Moonbear.

        As it requires physical access it doesn’t matter if it affects non-domain PCs. If you let dodgy people access your PC…

        MS are wise to take their time to release a patch that has no in-the-wild attacks. We know the mess they can create with W10 patches, imagine that on a domain controller with thousands of clients.

        cheers, Paul

        1 user thanked author for this post.
      • #2296783 Reply
        Alex5723
        AskWoody Plus

        Many software vendor HAVE walked away from Windows 7/8.

        On the other hand Windows 10 doesn’t run many Windows 7 applications and buying new/comparable software may cost $thousands.

        • This reply was modified 1 week, 2 days ago by Alex5723.
        1 user thanked author for this post.
        • #2296792 Reply
          PKCano
          Da Boss

          Win10 runs ALL of the Win7 applications I use. I haven’t had to buy “new/comparable software may cost $thousands.”

      • #2296791 Reply
        anonymous
        Guest

        My experience today – I installed update for fixing vulnerability CVE-2020-1472 on the domain controller and we were stuck in an infinitebloop of restarting and safe mode. Luckylly, our second DC did all the job. Restoring from VEEAM backup did not help, primary DC remained stuck. That was the last time, Ineas hurry.

        Server was Windows Server 20

        Paul_T: words of wisdom indeed!

        • #2296942 Reply
          Paul T
          AskWoody MVP

          Restoring DCs is not normally a place I’d go, unless it was the last DC left.

          I’d rebuild the DC and then add it to the domain. Once it is running OK you can try the patch again – after checking for updates from others with similar issues.

          cheers, Paul

      • #2296795 Reply
        Alex5723
        AskWoody Plus

        Win10 runs ALL of the Win7 applications I use. I haven’t had to buy “new/comparable software may cost $thousands.”

        Not the software we use on a W7 so we blocked W10 for eternity.

      • #2297248 Reply
        SuperMJT
        AskWoody Plus

        Woody:  Do you happen to know if and where small businesses can purchase Extended Security Updates (ESU) for Windows Server 2008 R2?  It seems that ESU is only available under Enterprise Agreements or other license agreements with significant minimum quantities required.  ESU for Windows 7 is available from Cloud Solution Providers at low quantities, but what about for Windows Server 2008 R2?  Given the potential severity of this vulnerability, it seems that Microsoft needs to provide some option to small businesses to acquire ESU, so they can patch legacy domain controllers immediately.  I suspect we aren’t the only small business with few IT staff who have limited time to implement significant migrations, such as upgrading one or more Active Directory domains.  Not to mention the increase in demands on IT staff associated with work at home requirements due to the pandemic.  We need access to the patches now, to buy more time to complete the Active Directory migrations!

        • #2297259 Reply
          PKCano
          Da Boss

          This is old, but see the link in #6. Amy (Harbor Computer Services) has been handling ESUs for many of our readers. The email address is at the top of the form.

          1 user thanked author for this post.
          • #2297371 Reply
            SuperMJT
            AskWoody Plus

            Thank you for providing that link.  I remember seeing that post a while back, but I could not find it when I searched early this morning.  Unfortunately, the post states “Remember as a small business you can purchase for $61(US) the first year of extended security updates for Windows 7 (Amy’s form to request more info here).  However this will not protect your Server.”  Thus, I think I’m still probably out of luck since I need ESU specifically for Windows Server 2008 R2.  I’ll check with Amy nevertheless.  Thanks.  🙂

      • #2297626 Reply
        JNP
        AskWoody Plus

        0patch has developed a micropath: https://blog.0patch.com/ .

        Moderator note: Please do not post the same content in multiple threads.

    Viewing 16 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Yes, you do need to patch sooner or later

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.