alert banner

ISSUE 19.17.1 • 2022-04-26
MS-DEFCON 4: Protect yourself with patches


By Susan Bradley

I’ve been holding my breath.

For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

Given the knowledge that these attacks are only theoretical and that I do not know of any live attacks, it’s time to install the April Windows updates. I think this is going to turn out to be a stealthy attack used to wiggle into a network without making a splashy event. But I don’t want to get too cocky (“I told you so!”) and then find out the attackers are just wanting to prove a point. So April updates are a go for installation, with the MS-DEFCON level lowered to 4.

Consumer and home users

Apple users should check to make sure all updates are now installed. Remember, sadly, that Apple is borrowing a page from Windows and watching what happens to users before pushing updates widely. While you are getting your device up to date, also review the password for your iCloud backup. As security researcher Marcus Hutchins points out on his Twitter account, if you enable iCloud backup, someone can theoretically phish your iCloud login and clone your entire phone. If you are truly concerned about the security of your phone, he recommends performing an encrypted backup to a computer, using iTunes, and setting up that computer without Internet access.

The tweet ignores the fact that with Apple Face ID or two-factor authentication, which most of us have set up on our iPhones, we would be alerted with a geographic prompt when an attacker phished our password. I think Marcus’s ideas are a bit extreme, but it’s always wise to ensure that your Apple password is strong and you are aware when you log into iCloud on a website. Apple has a good geographic alert mechanism that other vendors are starting to build into their systems.

One thing my friends and I complain about is the number of spam calls and text messages we are getting on our phones. No matter what app we try, it seems like there is nothing to block these messages. My best advice to people who want to call me? Call me! If you’ve called me before, and I have your name in my contacts, I’ll answer the phone. Otherwise, leave a message. I’ll realize who you are and call you back. Simple. Tell your friends.

For Windows users, geekdom’s post in our forum is a nice recap of various tools to confirm which .NET version is installed on your machine. Remember, we have several “end of life” deadlines coming up soon.

  • Windows 20H2 comes to its end of life on May 10, 2022, just two weeks away.
  • .NET Framework versions 4.5.2, 4.6, and 4.6.1 came to the end of support today, April 26, 2022.

I urge you to post in the forum if you need help determining whether you should update the version of .NET on your machine. It’s confusing to everyone!

Business users

I’m still tracking Server 2022 issues with Remote Desktop Connection Broker and Remote Desktop Web Access. After the installation of either the March or April cumulative updates, Server administrators are finding that these roles are removed during the patch install. I have a support case open with Microsoft to see why this is occurring. At this time, Microsoft is not tracking this as a known issue.

If you use Remote Desktop Connection Broker and Remote Desktop Web Access with Server 2022, the only workaround at this time is either to not install the March update KB5011497 and the April update KB5012604 (not ideal at all), or to reinstall these roles after the update is installed. I’ll keep you posted regarding a long-term solution.

Even with such a drastic side effect as this, I recommend installing updates. I’ve seen this impact only Server 2022, not any other platform.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.