alert banner

ISSUE 20.04.1 • 2023-01-24

MS-DEFCON 4: Patching weather is clearing


By Susan Bradley

In general, the January updates have been well behaved.

So far, I’m not seeing any trending issues with them; accordingly, I’m lowering the MS-DEFCON level to 4. But that’s not to say we haven’t seen some other issues related to other types of updates. In addition to describing those, I’ll discuss a vulnerability in a part of your computer you may never think about.

Two issues recently impacted Start menus and shortcuts but were unrelated to one another.

Microsoft caused a great deal of pain for anyone who used a specific Attack Surface Reduction rule to check Office macros. Specifically, if you enabled the rule Block Win32 API calls from Office macros (also known as Rule ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b), the Microsoft Defender updates on January 13 flagged shortcuts on the desktop as malicious links and removed them. That’s a mess. If you had a backup, had synced your desktops with OneDrive, or had any other way to restore your exact desktop, you probably were able to recover. Otherwise, you were looking to resources on the Web to help you recover your desktops. This did not occur on Home or Consumer PCs that had not specifically enabled the blocking rule.

Failing start menus were once again in the news, triggered by the presentation system ClickShare. The vendor says it’s not them, and its KB article on the matter points the finger at Microsoft’s own post on the topic. When the ClickShare app is installed, you may see Start-menu issues. Follow the instructions at the posts linked here to run a script to fix permissions, which should get your shortcuts back.

Consumer and home users

It appears that Microsoft is once again trying to figure out how many older versions of software people are still happily using. KB5021751 is intended to help Microsoft identify the number of users running out-of-support (or soon-to-be-out-of-support) versions of Office, including Office 2013, Office 2010, and Office 2007. This update will run one time — silently — without installing anything on the user’s device. It’s unclear how, when, or where this update will be offered because I’ve yet to see it on a home PC that is still running Word 2010. That might be because the PC also has Microsoft 365 installed, so Microsoft might be assuming that the newest version of Office trumps old versions. If you are using any of the BlockAPatch tools to help you hide or block updates, keep an eye on this.

For the other updates released in January, it’s now time to install them on your PCs running Windows 7 and 8.1 (for the last time) — as well as Windows 10 and Windows 11.

Sometimes, I see issues that affect a handful of people who have installed Windows updates but are otherwise not widespread. If you’re among those affected, the problems can be very disruptive. And because such problems are not widespread, they won’t quickly attract Microsoft’s attention, and automatic fixes will not be forthcoming — at least not promptly.

For example, after updates you may find that a printer or mouse doesn’t work, or a wireless modem fails. This is often a driver issue. Absent help from Microsoft, start by going to the manufacturer’s site to obtain and install the latest driver. I wish I could say these kinds of problems are rare, but over the last year, I’ve probably had to reinstall every printer driver on every computer in the office — and at home — at least once. During the same period, Microsoft has been fixing print-spooler issues, which have also caused printing problems.

Finally, one of the security issues patched in January wasn’t completely patched after all. If you’re using Windows 10 Home, you can ignore this one — you’re not affected. It affects only users of Windows 10 Pro and relates to the BitLocker Security Feature Bypass Vulnerability CVE-2022-41099, which I’ve discussed before. For home users running Windows 10 Pro, the risk of this is exceedingly low, so don’t worry about it unless you see something untoward.

For business users however, read on.

Business users

For businesses with individuals targeted by threat actors, or required by external policies (for example, a governmental agency required to install all updates regardless of risk), two actions are possible.

  1. Disable the Windows Recovery Environment (WinRE) partition, on the assumption that you probably have a recovery technique that includes reimaging and thus don’t rely on the recovery partition in the first place, or
  2. Use a GitHub Script that pulls the January cumulative update for each build, mounts WinRE, updates it, saves WinRE, then verifies the build number to match what the January cumulative update is — as a check that it’s patched the hidden recovery partition.

For those of you who were holding back patching Domain controllers due to issues in November and December, I urge you to install those updates now. However, ensure you monitor for Kerberos events, as noted in this blog. Microsoft is enforcing auditing only at the moment, but in the near future it will be installing additional changes to Kerberos to harden this often-abused authentication. It is used and abused by attackers and often leads to ransomware attacks.

Apple users

Printers are often the bane of our existence. There are some hardy souls who try to stay paperless, but the printer market is quite vital — most of us have one. I have several.

The problem is that new operating-system versions sometimes don’t work with older printers. I’m concerned about Ventura in this regard, so before taking the leap to Ventura, check to see that the manufacturer of your printer has updated drivers. If new drivers aren’t available or expected, defer your move to Ventura. Or buy a new printer.

Of course, you may have an older Mac that won’t run Ventura at all. Apple has a list of compatible hardware, which you should check.

iOS/iPadOS 16.3 came out just yesterday, but you may find that your iPhone or iPad has yet to update to its immediate predecessor, iOS/iPadOS 16.2. Although it was available back in December, Apple has been slow to push 16.2; I’ve seen it show up on my devices only recently.

Beyond the feature changes in 16.2, 16.3 addresses many security fixes. It also adds the option to add a third-party token or security key to one’s Apple account. I’ll be discussing the use of these with password managers in next week’s newsletter.

Here are some of the new features in 16.2.

  • A new cross-platform Freeform app for both iOS and Ventura. Designed for collaboration, Freeform can be used for jotting down notes, sketching, drawing, saving links, and more.
  • Apple Music Sing, which provides real-time lyrics that iPhone, iPad, and Apple TV users can sing along with. (People talk in public on their phones now, but I’m not looking forward to people breaking out in song when I’m in the checkout line at the grocery store. Hey, I’m not against singing — I was in my high school’s choir!)
  • One can opt in to Advanced Data Protection, which can be used to encrypt iCloud backups, message backups, iCloud drive content, notes, photos, reminders, voice memos, Safari bookmarks, Siri shortcuts, and Wallet passes. I’m excited about this and will be discussing it more in a future newsletter.

In addition, Apple is putting in “plumbing” for a better Home app architecture that comes following the addition of the Matter smarthome standard. In a sign we’re all getting older, there is a new Medications widget that will alert you to pills you’ve missed.

A new iCloud Private Relay setting allows you to hide your IP address temporarily for a specific Safari site. On my phones with this update installed, I have not noted any problems. Some are complaining that gapless playback isn’t working after this update. You may be annoyed or not even notice the issue. As with any technology, ensure that your device is backed up, either to your computer or to the cloud.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2023 AskWoody Tech LLC. All rights reserved.