Newsletter Archives

  • Patch Tuesday poll – how is the testing going?

    [yop_poll id=”4″]

    Well how is everyone doing the day after in your early testing of the updates?

  • April Patch Tuesday out – Exchange once again

    Patches are just coming out.
    Patch Lady

    Small business guidance up first:

    Exchange (Microsoft’s on premises mail server) has an update. This time I’m ignoring any guidance that might say “targeted attacks only” and saying – if you have on prem Exchange patch TODAY just to be safe. I totally understand that to ask any business large or small to have them take down the mail server on a business day is asking a lot, but I’m not taking chances this time with my small business peeps getting nailed.
    Patch them.
    Do it.
    Reboot that Exchange server ahead of time.
    Ensure you open a command prompt and run as admin to run the commands to update Exchange. Ensure you watch that services fully restarted after the box is rebooted.
    – CVE-2021-28480/28481 – Microsoft Exchange Server Remote Code Execution Vulnerability
    Both of these CVEs are listed at a 9.8 CVSS and have identical write-ups, so they both get listed here. Both code execution bugs are unauthenticated and require no user interaction. Since the attack vector is listed as “Network,” it is likely these bugs are wormable – at least between Exchange servers. The CVSS score for these two bugs is actually higher than the Exchange bugs exploited earlier this year. These bugs were credited to the National Security Agency. Considering the source, and considering these bugs also receive Microsoft’s highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible.
    For consumers and home users, pop that popcorn and we’re going to be in patch testing mode watching for the dead bodies. As usual the full write up will be coming up in Monday’s Plus newsletter.  Biggies to watch out for – old Edge goes, and… for how many months past October end of life for Office 2010 we are STILL patching Office 2010.
  • April 2021 Office non-Security Updates are now available

    The April 2021 Office non-Security updates have been released Tuesday, April 6, 2021. They are not included in the DEFCON-3 approval for the March 2021 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2016
    Update for Microsoft Office 2016 (KB4486672)

    There were no non-security listings for Office 2010 (which reached EOS on October 13, 2020) nor for Office 2013.
    On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support will end for Office 2013 on April 11, 2023.
    Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

    Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).