ISSUE 19.51.F • 2022-12-19 • Text Alerts! • Gift Certificates

ADVERTISEMENT
	This year is Atari’s 50th anniversary! Lego has released a set honoring the system that made Atari a household name – the Atari VCS, AKA The Atari 2600. So Auvik decided to make the clickable re-creation play like the real thing. Want to see how we did it!? Check out the step-by-step instructions (including a short video) on our blog now!

PATCH WATCH

By Susan Bradley

Every vendor brought us a lump of coal.

No matter which platform you use, we are closing out a year in which we have been very vulnerable. From Microsoft to Apple to our firewall vendors — and even to Linux distros such as Ubuntu and Mint — just about every vendor has ended the year with patches, vulnerabilities unfixed, and new releases.

The theme of this Patch Watch is 2022, but first we need to look forward for a moment, because there are some significant events headed our way. Do you still love Windows 7? Microsoft’s extended patch-support programs come to an end on January 10, 2023. But if you’re hanging on, 0patch has announced that it will be providing its security micropatch service for both Windows 7 and Server 2008 R2 for two more years (Figure 1).

Figure 1. 0patch support will be available for two more years. Source: ACROS Security

Windows 8.1 will not be so lucky. I hate to tell you this, because Windows 8.1 is younger than Windows 7, but no one — including Microsoft — supports 8.1. If you’re using it, you are in a distinct minority; nearly all vendors are dropping support and will not provide workarounds. The dark news for January is that you must be prepared for applications that will no longer install on Windows 8.1 and for websites that will not run properly. If you have free time over the holidays, use some of it for long-term planning about your continued use of 8.1.

My recommendation, offered with some concern, is to continue using Windows 8.1 if everything you need is working and stable. Third-party apps you are using may still be supported (check with your vendors). Just know that Windows 8.1 can no longer be considered secure. I recommend that you move tasks involving the external world, such as email and Web browsing, to another machine (perhaps a contemporary tablet) that is secured and actively patched.

I’m still not sold on Windows 11 22H2 for new machines (as unfortunate as that may be), yet I’m amazed to see how many Windows 10 laptops remain available from Amazon and other retailers. The official end-of-life for Windows 10 is October 14, 2025. Yes, that is over two years away, but most folks think a new device should last much longer than that. So even now I’m concerned that purchasing such devices risks Windows 11 compatibility issues until the time to upgrade finally rolls around.

Mainstream vendors, such as HP and Dell, still sell systems with Windows 10. But you must look hard for them and specifically request downgrade rights from 11 to 10. There is an element of good news in that — at least you know such machines are compatible with Windows 11.

I don’t recommend updating to Windows 11 for now, but the same is not true for your browser. Keep it up to date at all times, for security.

In addition to security fixes, browsers such as Firefox 108 are acting like Edge and using Windows 11’s efficiency mode to let the operating system throttle the application’s priority in the CPU — to improve energy efficiency and overall performance.

Buying yourself a present for Christmas? Here are a few things to keep in mind.

Watch out for computers with S Mode, whether Windows 11 or 10. S mode was yet another failed Microsoft experiment to provide a locked-down and secure operating environment by allowing only software from the Microsoft Store to install, on the grounds that Microsoft would validate the security of everything in the store. This didn’t prove popular, which means that the price tag for such PCs might now be lower. But then you take it home — and realize you can’t install all the things you expected to run.

You can flip out of S mode. (There’s no charge to do it, but once out of S mode, you’re permanently out.) Microsoft has clear instructions for both Windows 10 and 11 in its support post Switching out of S mode in Windows. Follow those instructions carefully.

If you buy a Windows 11 machine, you can set it up without a Microsoft account. When you get to the “Let’s add your Microsoft account” step in Windows 11 Setup, enter no@thankyou.com plus any password. It will fail and then go around the Microsoft account requirement.

For those of you wanting to take a bit of time during the holiday season to learn something new, remember you can play around with the Linux and Ubuntu command line with Windows subsystem for Linux (WSL). The subsystem provides a shell for Linux. If you have the November updates installed, you already have bits in place for this. If you have any issues installing the distro, check out WSL Something Went Wrong Windows 11 Error: 6 Rigorous Fixes over at Windows Report. In my case, I had to make sure that several Windows features, such as Virtualization and WSL, were installed before it would install Ubuntu. A good step-by-step overview can be found at Install Ubuntu on WSL2 and get started with graphical applications. Mind you, this will not be a full-blown graphical Ubuntu, but it will provide some hours of entertainment if you are so inclined.

Take the end of the year to keep trying new things. You might be surprised.

For those who patch Windows devices, we are once again keeping a keen eye on the side effects relating to Print Spooler patches — we can’t seem to shake these things. USB printers, in particular, have been impacted quite a bit this patching year. I’m hoping we won’t close the patch year with more side effects, but I’ve wished that before.

Microsoft has re-released KB5012170, the security update for Secure Boot DBX, so that it will be offered to PCs running Windows 10 22H2 or Windows 11 22H2. I do not recommend that consumers and home users install KB5012170; if BitLocker encryption is enabled, installing the fix may trigger the request for a BitLocker recovery key.

There have also been some reports (Reddit) of Blue Screens of Death in Windows 10 22H2. This may be related to KB5012170.

Before installing updates, launch File Explorer, right-click the C drive, and look at the context menu (Figure 2).

Figure 2. The context menu for the C drive

If the menu item reads, “Turn on BitLocker,” as it does above, then you know BitLocker is not enabled for the drive. But if it says, “Turn off BitLocker,” ask yourself where your backup BitLocker recovery key is. If you have no idea what I’m talking about, and you keep your computer safely in your house, click to turn off BitLocker. You won’t have to worry any longer about your system being inadvertently bricked because you have no idea what your BitLocker recovery key is.

Microsoft is still making incremental improvements in Windows 11 22H2, but it has yet to fully document how IT pros can control “Moment” or incremental releases. Quite honestly, I’m confused as to whether these controls are still coming or have been shelved for later. Windows 11 22H2 changes this month include new features for Microsoft OneDrive subscribers, who will now see storage alerts in Settings | System. The alerts appear when you are close to your storage limit. You can also manage your storage and purchase more storage if needed. Needless to say, I’ll be keeping a lookout for any guidance on controlling changes. I hope that Microsoft will come back to this topic in 2023.

For Windows 11 21H2, the December update makes Quick Assist available to machines. Quick Assist is actually a nice remote-access tool, easily used if both PCs are logged in with Microsoft accounts. It works well in a pinch, with excellent performance. For details on how to use Quick Assist, see Will’s article from 2020 or Microsoft’s documentation article Use Quick Assist to help users.

If you are running Windows 10 21H1, it’s also the end of the line for that platform, and you’ll need to update it to a later feature release. As I noted recently, Windows 10 22H2 is very stable, so I recommend you upgrade to it once I give the go-ahead to install updates later this month.

Apple released updates for nearly all its platforms, including iOS 15.7.2 and iOS 16.2 (depending on what you have installed on your iPhone or iPad). Also, Mac Ventura 13.1 was finally released, fixing several lingering bugs as well as containing security fixes (no details at this time as to exactly which security fixes are included). For those of you already using Ventura, I’m recommending that you install this update after a few days to ensure there are no side effects.

If you are dipping your toes into the Linux pool, remember to ensure your version is up to date as well. Linux Mint 21.1 “Vera” Cinnamon released a beta on December 6. So far, some of the biggest feedback has addressed the color scheme chosen. You can choose legacy colors by going into System | Themes, clicking the Icon tab, and selecingt Mint-Y-Legacy.

November was a bumpy patching month for those in charge of patching domain controllers. It remains to be seen whether December’s updates will be better behaved. If you recall, Microsoft released the November patches with fixes for Kerberos authentication vulnerabilities, but the patches caused authentication problems. When the out-of-band fix was released, it caused a memory leak. Some administrators skipped patching in November altogether. I will keep you informed if we see additional side effects in this month’s releases. Microsoft indicates that this has been fixed in the December updates, but ultimately we need to test and confirm.

For those of you with on-premises Exchange Server deployments, you were probably expecting updates this month. Well, Microsoft is changing its servicing plans again. Back on November 15, Microsoft indicated that the next cumulative update for Exchange Server will be the H1 2023 CU (aka Exchange Server 2019 CU13). At the time, the company blogged that, because there were only two weeks remaining in November, and because — based on customer feedback — it did not want to release CUs in December, there won’t be an H2 2022 CU. The H1 2023 CU will be for Exchange Server 2019 only, because it is the only version of Exchange Server in Mainstream Support. Exchange Server 2016 and Exchange Server 2013 are in Extended support, and there will be no more CUs for those versions.

If you’ve ever come across a website that has informed you that a driver was out of date and offered to fix it for you, or if you’ve ever searched for a missing driver and come across a slightly questionable site, you probably know better than to download that driver. But recently, a malicious developer sneaked into the Windows Hardware development program and got drivers certified by Microsoft itself! As noted in this security advisory, Microsoft will be revoking the certificates for these drivers, and updates will be made to the Microsoft recommended block list. Mind you, that process was just recently fixed (because it wasn’t automatically updating, as it should have), so you may want to review and test to ensure that the rules are being updated as expected in your network.

As always, I’ll keep an eye out — and keep you up to date on the Master Patch List.

References

Join the conversation! Your questions, comments, and feedback about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

FROM THE FORUMS

Lance Whitney’s article last week, Is it time to move to Windows 11?, set off a minor firestorm in the forums.

It’s understandable that folks might have different thoughts about Windows 11. We’ve been fairly steady in our recommendations for caution, with Susan Bradley continuing to recommend sticking with Windows 10 unless you’re buying a new machine.

Here’s a tiny sampling of the comments.

Microsoft’s egregious pressure to mount their own hegemony against end-users’ rights is unacceptable.

I’ll do my best to wait until 2025 …

Win 11 offers nothing of interest to me.

The problem is [that Windows 11’s best and brightest ideas] are far outweighed by the worst and dumbest ideas that reduce my productivity.

Where are the fundamental improvements?

Check out the topic and share your own thoughts! And remember to sign in to your account before posting!

ADVERTISEMENT

Enjoying the newsletter? Become a PLUS member and get it all!
	Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice. PLUS, these exclusive benefits: Every article, delivered to your inbox Four bonus issues per year, with original content MS-DEFCON Alerts, delivered to your inbox MS-DEFCON Alerts available via TEXT message Plus Alerts, delivered only to your inbox Access to the complete archive of nearly two decades of newsletters Identification as a Plus member in our popular forums No ads We’re supported by donations — choose any amount of $6 or more for a one-year membership.