alert banner

ISSUE 19.09.1 • 2022-03-03
MS-DEFCON 2: Is it still safe to defer?

MS-DEFCON 2

By Susan Bradley

Global troubles lead to patching worries.

Even with all the heightened concerns regarding cybersecurity, my deferral strategy and recommendations for patching will not change. Use the time between now and next Tuesday (Wednesday for those of you outside the northern hemisphere) to wrap up whatever patching and updating you are doing, and get ready to defer updates. Hopefully, a window will open toward the end of the month, when we can have high confidence that applying patches and updates will be safe.

Keep an eye on the Master Patch List, where I will report the latest status of patching and deferrals.

For most users, I think an end-of-month window will present itself. However, my advice may change for any business with ties to Ukraine because of global tensions and uncertainty in the region. There are many firms using Ukrainian programmers as part of their software-development team (and you know who you are). It is possible that I may — and probably will — suggest updating sooner than I normally would, to make the deferral period shorter than usual.

I’m still recommending 21H2 as the recommended Windows 10 version even though some recent bugs regarding resetting a PC have come to light. As noted by Microsoft:

When attempting to reset a Windows device with apps which have folders with reparse data, such as OneDrive or OneDrive for Business, files which have been downloaded or synced locally from OneDrive might not be deleted when selecting the “Remove everything” option.

I have never depended on resetting a device as a means of removing data. Instead, I always fully wipe the drive and redeploy the operating system before moving a computer to a new user. Too many years of using forensic tools to recover supposedly removed data have taught me to never trust reset applications that don’t do a good job of truly wiping a drive.

In fact, when I’m completely retiring a system, I remove the hard drive completely and take a hammer or a drill to destroy the hard-drive contents completely. Trust me: destroying old-fashioned hard drives not only relieves stress but also provides you with the strongest magnets you have ever had. Solid-state hard drives are not as much fun to destroy, nor do they provide the same level of magnet entertainment for your refrigerator.

Consumer and home users

For consumer and home users, I recommend using deferral tools such as WUMgr — or merely setting the date, as shown here (YouTube), to defer updates in your Windows 10 or 11 machine.

Also remember that, if you do not want to move to Windows 11 just yet, there are various ways to block it from being offered to your system. Even though I still cannot categorically state that Windows users are being pushed to Windows 11, I’ve received enough credible reports that users end up on Windows 11 — without affirmatively approving the update — to make me urge you to use this proactive blocking approach.

I still consider Windows 11 not fully baked and still in a beta state; thus I suggest you adopt the same stance. If you are purchasing a new computer with Windows 11, there are far fewer concerns. But if an older machine shipped with Windows 10, it’s too soon — Microsoft is still responding to a lot of user feedback.

Thanks to Plus member Netdef, who provided the instructions, we know that we are still able to get around the requirement to have a Microsoft account to install Windows 11 Professional. I’m still hoping that Microsoft listens to the feedback and removes this requirement.

For those of you who have purchased a Windows 11 machine, my recommendation is to either move the menu to the left in the settings or, better yet, to download and use the various third-party menu programs that give your options back to you. This will allow you to complete necessary tasks while Microsoft figures out its long-term plans for the centered menu.

Business users

The upheaval in Ukraine has already seen cyberattacks on social sites in Russia as well as ransomware vendors threatening to retaliate.

I cannot stress enough how important it is to ensure that, if you are impacted in any way by a ransomware event, you do not pay the attackers. Bitcoin is one of the few financial platforms still open to Russia, and I’d much rather you spend the money and energy ensuring you have an offline backup rather than pay funds to attackers.

It already appears that the ransomware groups are experiencing a bit of infighting. Someone leaked internal messages from one such group. Thirteen months of conversations have exposed some of the inner workings of the group.

Needless to say, I’ll be testing the patches once they come out next week. As soon as I feel that it’s safe, I’ll let you know. This may happen earlier than my normal deferral period allows, given the potential for increased attacks.

Stay tuned!

References

MS-DEFCON 2

Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.


The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, AskWoody.com, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.