|
There are isolated problems with current patches, but they are well-known and documented on this site. |
Newsletter Archives
-
MS-DEFCON 4: Install or defer updates? Your choice.
ISSUE 19.43.1 • 2022-10-25 
By Susan Bradley
I’ve got a slightly mixed message about the latest round of updates.
In the most general terms, updates this month have proven safe and unlikely to cause many problems. It is for that reason I am lowering the MS-DEFCON level to 4. But there’s a grain of salt to go along with that recommendation.
I continue to recommend that you not install the feature-release updates for Windows 10 or Windows 11 version 22H2. But I do recommend that you allow the rest of the updates to install. That’s the mixed message.
Anyone can read the full MS-DEFCON Alert (19.43.1, 2022-10-25).
-
MS-DEFCON 2: Windows 10 22H2 expected this month
ISSUE 19.40.1 • 2022-10-06 
By Susan Bradley
We originally had the impression that Windows 10 and 11 updates would appear simultaneously, but — for this time at least — it looks like Windows 10 22H2 will be here in October, a month after Windows 11 2022 (22H2).
As with Windows 11 2022, I am not expecting a major release. As per my usual recommendation, don’t accept the Windows 10 22H2 update right away. Instead, defer it until I’ve had a chance to test and review. That advice also comes with an elevation of the MS-DEFCON level to 2.
Anyone can read the full MS-DEFCON Alert (19.40.1, 2022-10-06).
-
Microsoft email zero day
What is it? Microsoft is investigating targeted attacks on their on premises Email servers. Attackers have found a way into servers that are already fully patched.
If we have online email with Microsoft, are we at risk? No.
Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.
If you are an Exchange admin and need help, pile on here
(note I am sending this out as a defcon text alert but not an email alert)
Follow the guidance in the MSRC post to protect your on premise email servers:
The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns
Note:
If you don’t run Microsoft Exchange on premise, and don’t have Outlook Web App facing the internet, you are not impacted.
-
MS-DEFCON 4: A well-behaved September
ISSUE 19.39.1 • 2022-09-27 By Susan Bradley
September updates have few side effects.
It’s always nice when the monthly update process is calm, with no storms. But due to a few snags, the best I can do is lower the MS-DEFCON level to 4.
These side effects are limited to issues seen in businesses; we ordinary, consumer mortals are not much affected.
Anyone can read the full MS-DEFCON Alert (19.39.1, 2022-09-27).
-
MS-DEFCON 3: Issues with bootloader patches
ISSUE 19.34.1 • 2022-08-23 
By Susan Bradley
This month’s updates are a great example of why my patching advice differs for consumers and businesses.
For consumer patchers, whether using Windows 10 Home or Professional, I’m not convinced that you need to install KB5012170, Microsoft’s security update for Secure Boot DBX (the Secure Boot Forbidden Signature Database). Unless, that is, you think you will be targeted by an overseas attacker with a malicious bootloader installer. If your computer holds the keys to the nuclear codes, then by all means install this update instantly. The fact that this isn’t clear-cut is the reason I can lower the MS-DEFCON only to 3 this time around.
But if you are a normal user, with normal levels of paranoia to get you through the normal security risks of daily life, I’m not convinced that this update is mandatory. In fact, I think it often causes more pain than benefit. Just read through the threads of many a forum poster trying to get this update installed.
Anyone can read the full MS-DEFCON Alert (19.34.1, 2022-08-23).
-
MS-DEFCON 4: A mixed bag for May
ISSUE 19.21.1 • 2022-05-24 By Susan Bradley
Good news! Most consumer and home users should be just fine after installing this month’s updates.
I’m not seeing any major, trending issues with patches for the bulk of users, so I’m lowering the MS-DEFCON level to 4.
But there’s a “but”: I’m still seeing some corner-case oddities and just can’t quite put my finger on the root cause. For example, reader Ray G reports:
… after the updates are installed, I still have a black screen and have to wait for about 5 minutes for the desktop to appear.
Anyone can read the full MS-DEFCON Alert (19.21.1, 2022-05-24).
-
MS-DEFCON 4: Protect yourself with patches
ISSUE 19.17.1 • 2022-04-26 By Susan Bradley
I’ve been holding my breath.
For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.
CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.
Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).
-
Ensuring your safety
ISSUE 19.14.1 • 2022-04-05 
By Susan Bradley
MailChimp was compromised by attackers. Here’s what you should know.
This is breaking news.
An article at BleepingComputer on Monday, April 4, 2022, revealed the news that the MailChimp email and marketing service had been breached. The report has also been picked up by many different online services and will probably hit the bigger publishers by tomorrow. The attack focused on MailChimp’s internal tools, which allowed the bad guys to steal audience data and launch phishing attacks.
Read the full Plus Alert (19.14.1, 2022-04-05).
-
MS-DEFCON 4: March madness? Mostly quiet
ISSUE 19.12.1 • 2022-03-22 By Susan Bradley
For the majority of computer users, it’s time to get the updates rolled out.
I’m tracking some issues this month, but not so many as for a typical March. Thus I’m lowering the MS-DEFCON level to 4.
An unusual occurrence is a problem with a Windows 8.1 update.
Anyone can read the full AskWoody Plus Alert 19.12.1 (2022-03-22).
-
MS-DEFCON 2: Is it still safe to defer?
ISSUE 19.09.1 • 2022-03-03 By Susan Bradley
Global troubles lead to patching worries.
Even with all the heightened concerns regarding cybersecurity, my deferral strategy and recommendations for patching will not change. Use the time between now and next Tuesday (Wednesday for those of you outside the northern hemisphere) to wrap up whatever patching and updating you are doing, and get ready to defer updates. Hopefully, a window will open toward the end of the month, when we can have high confidence that applying patches and updates will be safe.
Anyone can read the full AskWoody Plus Alert 19.09.1 (2022-03-03).
-
MS-DEFCON 4: July updates should be installed
ISSUE 18.28.1 • 2021-07-27 PATCH WATCH
By Susan Bradley
July patches have been well behaved.
Consumer and home users
If you’ve used the “pause updates” methodology, now is the time to install the July updates. I’ve not seen any major printing issues introduced with these July updates. However, I still recommend that you keep the Print Spooler service disabled. If you do print, consider turning the spooler off and then back on when you need it. Microsoft fixed the issue with the Print Nightmare bug, but another Print Spooler bug has yet to be fixed and is slated to be discussed at the annual security conference in Las Vegas, better known as the Black Hat Conference.
For Office updates, open up any installed Office application, click on File, then on Account, then on Office Updates and choose to enable updates. Then click on Update Now to trigger the installation of the updates.
Business users
For business users, Microsoft has described only one side effect with printers and the July updates. Printers that rely on smart-card (PIV) authentication may fail to print after the installation of the July patches. This is not a widespread problem, and there is no reason to delay installation of the patches.
References
- AskWoody Master Patch List
Read the full story in the AskWoody Plus Alert 18.28.1 (2021-07-27).
-
AskWoody Alert 16.3.2 just went out
If you’re a Plus member, you should’ve received an AskWoody Plus Alert in the past few minutes. It points you to the change to MS-DEFCON 4, and the associated Computerworld article.
(I’ve wanted to do this for years! Yipppeeee!)
Anyway, if you’re a Plus member,and you don’t get the Alert in the next hour or so, check your spam folder (make sure Editor@AskWoody.com is whitelisted). If you don’t see the email, hit me up on CustomerSupport@AskWoody.com. Our mail delivery system, MailChimp, is very cautious about messages that bounce, for whatever reason. Easier to clean out the pipes from this end….
Have a good weekend, everybody.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
How to change “User Account Control:Run as administrator”
by 2 hours, 3 minutes ago
-
Two monitors, want different “fixed” wallpaper on each one
by 3 hours, 2 minutes ago
-
Microsoft forcing move to Microsoft account?
by 57 minutes ago
-
Event 2545 Device Management – Enterprise – Diagnostics – Provider
by 4 hours, 21 minutes ago
-
QBot malware exploits Windows WordPad EXE to take over
by 23 hours, 57 minutes ago
-
Laptop powers off during KB5026361 update
by 23 hours, 22 minutes ago
-
How to enable Sleep in Shut down menu?
by 1 day, 1 hour ago
-
Beware of Google’s .ZIP domain and password-embedded URLs
by 6 hours, 20 minutes ago
-
Longstanding feature requests, and their status
by 1 day, 9 hours ago
-
Three typing tutors — no more “hunt and peck”
by 1 day, 8 hours ago
-
Is online banking secure?
by 51 minutes ago
-
Bluetooth audio not working on older Lenovo T420 with Win 10
by 14 hours, 41 minutes ago
-
Using wildcards in search and replace
by 1 day, 18 hours ago
-
How is Windows XP an security risk?
by 4 hours, 41 minutes ago
-
Is using VPN a good idea?
by 1 day, 14 hours ago
-
How to prevent/disable Bitlocker Automatic Device Encryption?
by 2 days, 2 hours ago
-
Unexplained aspects of installing the latest update of Office 2021
by 2 days, 1 hour ago
-
Getting started with macOS Disk Utility: RAID, images, and repairs
by 2 days, 10 hours ago
-
Getting started with macOS Disk Utility: Resizing, snapshots, and journaling
by 2 days, 10 hours ago
-
Are you ready for AI?
by 1 day, 18 hours ago
-
Windows 11 Insider Preview build 25375 released to Canary
by 2 days, 13 hours ago
-
Windows 11 Insider Preview Build 22621.1825 and 22624.1825 released to BETA
by 2 days, 13 hours ago
-
Duplicate image name brings up old images
by 3 days, 19 hours ago
-
XP offline activation tool, xp_activate32.exe
by 1 day, 8 hours ago
-
Huge Tesla leak reveals thousands of safety concerns, privacy problems
by 1 day, 21 hours ago
-
Android : iRecorder – Screen Recorder new Android RAT
by 3 days, 23 hours ago
-
HP has found an exciting new way to DRM your printer!
by 3 days, 23 hours ago
-
Outlook 2019 Resend “you do not appear to be the original sender…” msg
by 4 days, 10 hours ago
-
Wine update?
by 3 days, 14 hours ago
-
Issue with \windows\servicing\LCU\Package_for_rollupFix…
by 3 days, 21 hours ago
