|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
A note of caution when using proxies, VPNs or TOR to get to AskWoody
Proxies/VPNs /Tors encrypt the data from the source to the server, but on the other end it’s not encrypted from the server to the destination. That means if you use a VPN to get to AskWoody, which is perfectly fine, the IP address we see here may be from a known-spammy (or known-aggressive) source.
The purpose (for “normal” people) is to disguise the source to avoid tracking, but the “bad guy” use it for the same purpose.
Consequently, the IP addresses issued by the proxies/VPNs /Tors may have a dirty history.
Firewalls and Spam filters (both of which AskWoody has, and employs vigorously) build blacklists of the series of IP addresses used by bots, spammers and hackers for nefarious purposes.
If the proxies/VPNs /Tors connect you to AskWoody with bad IP addresses, you can be rejected/refused connection.
Please be sure your proxies/VPNs /Tors service provides you with “clean” IP addresses because we have no control over the blocking.
-
What is a VPN good for?
Just got this question from reader J:
I need some advice. With all the hacking going on around us (two members of my family received scam emails from friends or relatives whose computers were hacked), I’ve been considering signing up with a VPN service. What’s your take on these? Are they worth it? And, if so, which one would you recommend? If not, is there anything else that would help with cybersafety?
VPNs are good for cloaking your access to web sites, but they won’t do much to help with hacked emails.Best thing to minimize the amount of infected email that you receive is to use a Hotmail or Gmail account. They both devote enormous resources to filtering out bad mail.You’re using Apple’s mail.com, which is well filtered too.None of them are infallible. You have to keep on your toes, and not click anything unless you know what it is, and that the person who sent you the mail knows that they sent it! -
Microsoft posts Fixit for KB 3023607, the POODLE patch that clobbers Cicso’s AnyConnect VPN
Cisco says that Microsoft will release an honest-to-goodness patch on March 10 to roll out the fix automatically
InfoWorld Tech Watch
-
Microsoft’s SSL 3.0 Poodle-busting patch KB 3023607 breaks popular Cisco VPN client AnyConnect
If you use AnyConnect for VPN, and it isn’t working, now you know why
InfoWorld Tech Watch
-
Are you travelling this summer?
(Inspired by this post)
So are you travelling this summer? And if so, what technology are you taking with you? Often one of the most costly part of travel is the connectivity you need. Often the most concerning part of travel is questioning… is it safe? I’ll have a full article about that second topic (is connecting to THAT safe and revisiting the VPN question) in a newsletter in the coming weeks, but tonight I want your opinion about what technology you take with you.
Once upon a time I’d pack a camera, but now with smartphones having such good cameras and taking such good photos I don’t. My sister packs her smallest mini ipad, however I bring my smallest Surface because there are times I do have to connect back to the office and while it’s not impossible to use an ipad to connect to a windows desktop remotely, it’s easier for me to have a true Windows desktop should there be any emergency in the office.
So what about you? What tech do you make sure you ALWAYS take when you travel whether it’s local or abroad?
-
Final patches for 2022
#PatchTuesday and MicrosoftCentric
It’s the final patches for 2022 for those of you in the Microsoft centric world
But don’t just think operating systems….. Firefox is out with Version 108
Citrix is recommending you update Citrix ADC and Gateway
Fortinet is patching a zero day in FortiOS SSL VPNs
No matter what OS you have, take this week to review your vulnerabilities.
I’ll link up to the patches once they come out – and remember I’ll have full detailed guidance in the next newsletter.
Looks like .net security updates this month.
Our dear dear friend the lovely secure boot patch KB5012170 has been released to apply to Windows 10 22H2.
PK reports that searching in the Microsoft catalog site appears to be wonky – you can search by KB but searching by 2022-12 gives you results that don’t make sense. Apparently the Outlook search team is branching out to the Catalog site?
-
Microsoft is releasing an OOB update to address Arm devices issue
Microsoft is releasing Out-of-band (OOB) updates today to address an issue with Azure Active Directory services on Arm-based devices. These cumulative updates are available on Windows Update and other channels.
Consumer impact: None
Business impact: Only needed for Arm-based devices
Microsoft is releasing Out-of-band (OOB) security updates today, June 20, 2022, only for Arm-based Windows devices. This update addresses a known issue that only affects Windows Arm-based devices and might prevent you from signing in using Azure Active Directory (AAD). Apps and services that use AAD to sign in, such as VPN connections, Microsoft Teams, and Microsoft Outlook, might also be affected.Important This issue only affects Windows devices that use Arm processors. No other platforms will receive this out-of-band update. This OOB update is cumulative. We recommend that you install this OOB update instead of the June 14, 2022 security update for affected devices.All updates listed below are available on Windows Update, Windows Server Update Services (WSUS), and Microsoft Update Catalog. For instructions, see the release notes for your OS listed below.- Windows 11, version 21H2: KB5016138
- Windows 10, version 21H2: KB5016139
- Windows 10, version 21H1: KB5016139
- Windows 10, version 20H2: KB5016139
Susan comment: Reminder This will only offer or install on Windows Arm-based devices.
Thus for many of us you won’t see it/you won’t care about it.
We are still tracking an issue where Internet connection sharing /being able to surf at the same time is impacted. No ETA of a fix at this time but Microsoft has acknowledged the issue. Also tracking issues with RRAS and VPN but not sure if something third party vpn is triggering the problem?
-
Are you prepared?
It’s Saturday night or Sunday morning where you are and I’d like to challenge you to test that you can restore a file that has been damaged, deleted or removed or worse yet, you got hit by ransomware.
So first step is to move a file to a different location on your computer. Next launch your backup software. Launch the recovery window and see if you can restore that file.
Ransomware is now being used by commercial attackers and they are using zero days to gain access into systems.
One-third of all hacking groups exploiting zero-days in 2021 were financially motivated criminals as opposed to government-backed cyberespionage groups, according to Mandiant’s research. During the last decade, only a very small fraction of zero-days were deployed by cybercriminals. Experts believe the rapid change has to do with the illicit, multibillion-dollar ransomware industry.
For businesses, they are going after VPN software, Exchange on premises software among other vulnerabilities.
So I challenge you tonight/tomorrow to test a backup and restoration process.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Return Full Context Menus to File Explorer
by 2 hours, 55 minutes ago
-
Unusual Activity on Startup
by 3 hours, 37 minutes ago
-
Windows Backup – incremental possible?
by 1 hour, 49 minutes ago
-
New HD addition??
by 7 hours, 32 minutes ago
-
Defcon 4 and Windows 11
by 8 hours, 36 minutes ago
-
Add-ins keep disappearing
by 6 hours, 1 minute ago
-
MS-DEFCON 4: Is Windows 11 really a disaster?
by 2 hours, 17 minutes ago
-
The Takahē is not extinct afterall
by 17 hours, 26 minutes ago
-
How to unbloc W10pro from moving to W11
by 1 day, 7 hours ago
-
Windows 11, Surface, and Windows Copilot
by 10 hours, 24 minutes ago
-
Why File Explorer keeps me on Windows
by 2 hours, 40 minutes ago
-
Uninstalr — “World’s best cup of coffee”
by 58 minutes ago
-
Locked out of your refurbished computer?
by 1 hour, 18 minutes ago
-
Thunderbird 115: Changing font size in the Message Panel
by 1 day, 5 hours ago
-
Lenovo ThinkPad not updating to Windows 11 22H2
by 5 hours, 22 minutes ago
-
Android Security
by 1 day, 8 hours ago
-
What happened to the manual?
by 22 hours, 56 minutes ago
-
OK to Restore Files From a Possibly Hacked Computer?
by 1 day, 21 hours ago
-
Startup loop after adding new user and installing File Explore Patch
by 2 days, 23 hours ago
-
RoboCops comes to NYPD. You have the right to remain cyborg
by 3 days, 4 hours ago
-
iOS 17 : New Safari Privat Search Engines
by 3 days, 5 hours ago
-
Photos App running in background
by 2 days, 1 hour ago
-
IPV6 Issue Win10 22H2 August Update
by 3 days, 3 hours ago
-
Windows 11 Insider Preview build 23550 released to DEV
by 4 days, 3 hours ago
-
Windows 11 Build 22621.2361 (22H2) released to Release Preview
by 4 days, 3 hours ago
-
Lately I’ve been getting qr code spam attacks
by 4 days, 7 hours ago
-
ghacks Wants Edge – FF Browser Update to View – hack/redirect
by 3 days, 5 hours ago
-
iOS 17 : If your new iPhone gets stuck on the Apple logo when you transfer…
by 4 days, 15 hours ago
-
Apple zero days out – September 2023
by 3 hours, 6 minutes ago
-
No shortcuts to files on Taskbar in Win11
by 4 days, 6 hours ago
