AskWoody Plus Alert Logo
ISSUE 19.05.1 • 2022-02-03
MS-DEFCON 2: Batten down the hatches again

MS-DEFCON 2

By Susan Bradley

It’s time to wrap up updating or feature-release installations and pause as we wait for February’s Patch Tuesday.

I am recommending that home and consumer users install the regular updates from January 11 and that business users install the out-of-band updates released on January 17. Get these done right away. Skipping them means you are vulnerable to some active attacks, especially CVE-2022-21882.

Some of you have decided to skip the January updates and wait until February. Updates to Windows 10 and 11 as well as to Server 2016, 2019, and 2022 are cumulative, which means all the January updates will be part of the February updates as well.

However, CVE-2022-21882 allows threat actors, even those with limited access to a compromised device, to elevate their privileges and spread the attack laterally within a network, creating new administrative users or executing privileged commands. It means someone could potentially run your entire network. You’re exposed until the January updates are installed, so assess your risk carefully and make an informed decision. (Even though Patch Tuesday is just a few days away, it will take some time to assess the side effects of February’s patches and prepare my recommendations. My best guess is that we’ll know enough by February 22 to change the MS-DEFCON level, but stay tuned.)

Keep in mind that the CVE-2022-21882 threat can sneak in by tricking you into opening malicious attachments to, or clicking links in, phishing emails. It’s always wise to be extremely careful about that, but this is a good time to be even more paranoid than usual.

Consumer and home users

I recommend installing the 21H2 feature release. Microsoft is in the process of pushing Windows 11 to any system that is eligible for the release. Because I don’t yet recommend installing Windows 11, my guidance is to use the registry-key method to defer Windows 11 until a later time. Microsoft tweeted:

The upgrade offer to Windows 11 is entering its final phase of availability and is designated for broad deployment for eligible devices.

This is strange wording. It doesn’t mean that the free offer to upgrade to Windows 11 is being withdrawn, just that the upgrade is now available to anyone whose hardware meets the requirements. (Why didn’t the Windows Update team just say that?) My continuing recommendation is to stick with Windows 10 for the foreseeable future.

Business users

For those of you in business who have opted to skip the January updates, remember that 2012 R2 servers behave differently than Server 2016, 2019, and 2022. If you choose the security updates, and only the security updates, for 2012 R2, you won’t receive the January fixes. If you install the monthly rollup updates for Server 2012 R2, those updates are cumulative — thus you can skip over January and install February updates.

If you plan to patch, give yourself time to test the updates, hopefully on a noncritical system. If you decide to wait, keep an eye on the Master Patch List. I will keep you abreast of any late-breaking issues. As I post updates to that list, I will tweet and post on the AskWoody blog that an update has been made.

References

MS-DEFCON 2

Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.


The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, AskWoody.com, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.