alert banner

ISSUE 19.44.1 • 2022-11-03

MS-DEFCON 2: More “dribbled” changes coming
MS-DEFCON 2

By Susan Bradley

Defer them.

Microsoft’s incremental protocol for bringing new features to Windows has its good and bad sides. To the good, one or two new features is better than 50 delivered all at once. To the bad, we must study the safety of such updates every month, not every year.

In effect, “dribbling” requires a heightened state of awareness because we’re not dealing just with bug fixes — we must deal with new stuff as well. That increased awareness is reflected in my raising of the MS-DEFCON level to 2.

It’s frustrating that I can report upcoming changes today but cannot tell you exactly when you’ll see them. For example, the November 8 updates will include changes to Task Manager, but Microsoft says, “Some features might be available for en-us initially with a gradual rollout to other markets.” Those “other markets” mean countries other than the US. Even in the US, feature availability may be staggered.

Next week, Windows 11 will get what some are referring to as “part two of Windows 11 22H2.” I’ll be discussing what to expect for Windows 11 22H2 in next week’s newsletter.

Consumer and home users

Unless you want to live on the edge, I don’t recommend rolling out the 22H2 versions for either Windows 10 or 11. Although the Windows 10 22H2 release has hardly any noticeable changes, wait and see — don’t install a new feature soon after it’s been released, to ensure there are no unknown issues.

Here are my current recommendations with respect to Windows:

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Not recommended
  • Windows 10 21H2: Recommended

This month, the second Tuesday comes as early as is possible, on November 8. That doesn’t leave a big gap since my previous alert on October 25 — all the more reason to recommend that you use your favorite deferral methodology to push off updates until the end of the month. I most often use Start | Settings | Update & Security | Windows Update | Advanced options to choose a specific deferral date.

For Apple users, go ahead and update your iPhone to iOS 16.1 for newer phones. I’m not recommending that iPads get the new update just yet because this is the first time the update has been offered; I’m saying (of course) “wait and see.”

I continue to recommend that you hold back on macOS Ventura. So far, Apple will only offer, not push, the new version. The reason is that we’re still seeing some performance issues — so wait for the “dot one” release.

Business users

Prepare yourself to review DCOM changes that will be rolling out with the November 8 updates. As noted by Microsoft, it will begin enforcing changes that may impact your older line-of-business applications. With the November release, you can still adjust the DCOM hardening back to prepatch, but you’ll need to set a registry key. I’ll go into details next week.

On November 1, the OpenSSL Project will be releasing a security update. We don’t know how extensive the update might be. The best we have at the moment is:

OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700 UTC. Does not affect versions before 3.0.

I hate it when things are this vague. It’s hard to figure out whether to panic, or when.

Experts advise us to be ready to take things offline as needed. How do you know whether you have OpenSSL installed? If you are not an OpenSSL expert, you probably must depend on your vendors to tell you whether you are impacted and what to do to protect yourself. As noted by Wikipedia:

OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

I’ll be watching this one very closely.

References

MS-DEFCON 2

Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.


The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, AskWoody.com, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.