alert banner

ISSUE 19.34.1 • 2022-08-23

MS-DEFCON 3: Issues with bootloader patches


By Susan Bradley

This month’s updates are a great example of why my patching advice differs for consumers and businesses.

For consumer patchers, whether using Windows 10 Home or Professional, I’m not convinced that you need to install KB5012170, Microsoft’s security update for Secure Boot DBX (the Secure Boot Forbidden Signature Database). Unless, that is, you think you will be targeted by an overseas attacker with a malicious bootloader installer. If your computer holds the keys to the nuclear codes, then by all means install this update instantly. The fact that this isn’t clear-cut is the reason I can lower the MS-DEFCON only to 3 this time around.

But if you are a normal user, with normal levels of paranoia to get you through the normal security risks of daily life, I’m not convinced that this update is mandatory. In fact, I think it often causes more pain than benefit. Just read through the threads of many a forum poster trying to get this update installed.

If an update won’t install easily and quickly, demanding that the user go through extraordinary steps, then Microsoft must fix the update to improve ease and clarity of installation. I am reminded of a recent Black Hat presentation by Dustin Childs of Trend Micro’s Zero Day Initiative (see the abbreviated YouTube interview by Intel’s Jerry Bryant) in which he discusses how patch quality has decreased. Dustin also details his concerns in the Zero Day Initiative blog, in which he states that “over the last few years, we’ve noticed a disturbing trend — a decrease in patch quality and a reduction in communications surrounding the patch.”

Note that these guys aren’t just talking about Microsoft quality, but quality across the board. As the software industry has moved to more automation and fewer humans, the quality of updates has gone down. They also see a disturbing pattern where patches keep getting repatched for the same issues. I’m sure many of you reading this alert are nodding your head in agreement. That’s why for this patch, unless desperately needed, I recommend that you take steps to hide it — especially if you have installation problems.

Important: If you’ve already successfully installed KB5012170, do not uninstall the update. You are one of the lucky ones.

Microsoft itself indicates that you may need to update the BIOS and firmware from the manufacturer before installing this update. Consumer users who have been offered this update may wish to use the links at to hide the update., a new website I recently created, provides a single reference to the tools and techniques you can use to control the update process. There’s even a video showing how to use wushowhide, a useful tool that can remind you which updates you’ve hidden. I’m happy to provide this additional source of information, but it’s too bad I found it necessary to do so — Microsoft used to provide more granular control right out of the box.

For business patchers with updating tools such as Windows Server Update Services (WSUS), Intune, or any other third-party patching tool, you have control over which updates get — and do not get — installed. Some firms may want to install this Secure Boot update if they deem their systems at risk of targeted attacks. Otherwise, defer — put it on your long-term to-do list.

Consumer and home users

For those of you with iPads, iPhones, and Mac computers, Apple has released several updates for security vulnerabilities that have been used in targeted attacks. It’s unclear exactly how targeted attacks have been made against Apple devices and how many there might be. Apple released 12.5.1 for macOS Monterey and 15.6.1 for iOS and iPadOS.

When Apple announces that something is under attack, it’s typically being used in specific targeted attacks, often via malicious text messages. I was joking with someone the other day about how the scammers are not only calling us on our iPhones but texting us as well. If you get a text message urging you to click on a link, just don’t. Even if you were expecting something from the sender, take the time to evaluate the link, or check with the sender. Or just ignore it. Those trying to send you something important will get back to you sooner or later.

For those of you with Android devices, Android 13 is now out. Always make sure you have a backup before installing any update.

September looks to be the month in which Microsoft will be rolling out 22H2 both for Windows 11 and Windows 10. In self-defense, I recommend downloading ISOs of 21H2 to ensure that you have copies should you need to perform a repair installation. The official ISO download from Microsoft will switch over to 22H2 when new Windows 10 and 11 releases come out (rumored to be around September 20). So make sure you download your ISO from Microsoft or another trusted site.

Business users

Microsoft is still tracking issues in Excel triggered by KB5002242 for Excel 2013. This is the one involving long file names in either redirected folders or mapped drives, preventing you from opening the file. You can work around it by copying the file to your desktop or shortening the file name. It does not appear to be occurring with KB5002232 for Excel 2016.

Included in all August Excel updates is a security enhancement that blocks add-ins with incorrect or missing file extensions. If you are having issues opening a file and have installed the August updates, and you are receiving an error message stating that “Office has detected a problem with this file. To help protect your computer this file cannot be opened,” use the guidance in KB5017166 to go around the problem and put in place the old behavior.

Go into the registry and add a DWORD registry value. For Office 2013:

  • HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Excel\Security\EnforceXllExtension

For Office 2016, 2019, 2021, or 365:

  • HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\EnforceXllExtension

Set the value to 0 and restart Excel. To re-enable the security fix, delete the registry value above.

For those on the Monthly Enterprise Channel Build 2206, attempting to view contact information via specific Microsoft 365 apps may have been impacted. Microsoft is investigating. If you are still seeing the issue, Microsoft recommends rolling back to a previous version. I recommend switching to the slower Enterprise patching channel, where such side effects are rarely seen.

Stay out of the “Monthly” patching channel. I find it to be more buggy overall.

Keep an eye on the Master Patch List for any late-breaking issues.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.

Audio link here for your convenience