Newsletter Archives

  • MS-DEFCON 2: 2004 is out of support

    alert banner

    ISSUE 19.18.1 • 2022-05-05
    MS-DEFCON 2

    By Susan Bradley

    Check your Windows version, then update accordingly.

    I regularly come across PCs that are running old, out-of-support versions of Windows because they aren’t on the Web long enough to be “serviced” by Windows Update. For example, there are two Surface laptops in my office that are used by people on cellular connections. As a result of sporadic use, they never get a feature update.

    Just the other day, I realized they were running Windows 10 2004 and thus no longer were getting security updates, a serious matter.

    Anyone can read the full MS-DEFCON Alert (19.18.1, 2022-05-05).

  • MS-DEFCON 2: Deferring April

    alert banner

    ISSUE 19.14.2 • 2022-04-07

    MS-DEFCON 2

    By Susan Bradley

    Don’t let April showers rain on your PCs.

    I love April. It’s the end of the busy tax season at the office, and it’s spring where I live — the tulips are in bloom. But what I don’t love is updates disrupting my business before the end of the busy season. So I urge you to do what I do at the office: defer those updates.

    Anyone can read the full Plus Alert (19.14.2, 2022-04-07).

  • MS-DEFCON 5: A very quiet February

    alert banner

    ISSUE 19.08.1 • 2022-02-22

    MS-DEFCON 5

    By Susan Bradley

    For the first time in an extremely long time, this month of patching has been so quiet that I’m changing the patching status to the magical level of 5.

    All’s clear. Patch while it’s safe!

    Don’t blink, because it may not happen again. There are so few issues that it feels too quiet, like the calm before the storm. The only thing I’m tracking is a few reports on issues with the 2012 R2 print server, because it broke printing on DataMax label and badge printers. However, I’m not tracking any issues with standalone printers.

    Anyone can read the full AskWoody Plus Alert 19.08.1 (2022-02-22).

  • MS-DEFCON 2: Batten down the hatches again

    AskWoody Plus Alert Logo
    ISSUE 19.05.1 • 2022-02-03
    MS-DEFCON 2

    By Susan Bradley

    It’s time to wrap up updating or feature-release installations and pause as we wait for February’s Patch Tuesday.

    I am recommending that home and consumer users install the regular updates from January 11 and that business users install the out-of-band updates released on January 17. Get these done right away. Skipping them means you are vulnerable to some active attacks, especially CVE-2022-21882.

    Anyone can read the full AskWoody Plus Alert 19.05.1 (2022-02-03).

  • MS-DEFCON 4: A very complicated patching month

    AskWoody Plus Alert Logo
    ISSUE 19.04.1 • 2022-01-25

    MS-DEFCON 4

    By Susan Bradley

    Thanks, Microsoft, for a very messy January.

    This month will be somewhat convoluted for patching, due to the high number of side effects. To make it worse and more complicated, Microsoft has left it up to us to figure out what to install — rather than pushing out the fixed updates via Windows Update or WSUS. The side effects for those with servers are extreme. In some cases, you’ll need to install two updates before rebooting the servers you manage to successfully patch this month.

    I’m lowering the MS-DEFCON level to 4 in spite of these difficulties, but business users must be cautious.

    Anyone can read the full AskWoody Plus Alert 19.04.1 (2022-01-25).

  • MS-DEFCON 1: Business patchers be on alert

    AskWoody Plus Alert Logo
    ISSUE 19.02.1 • 2022-01-12

    MS-DEFCON 1

    By Susan Bradley

    For those running a network with a domain controller, the side effects this month are extreme. Don’t patch.

    MS-DEFCON 1 is a very rare occurrence. When I raise the level that high, it’s because I’m seeing critical issues with patches.

    Microsoft has a technology called Active Directory that allows workstations to authenticate with a “domain controller.” This month’s updates are causing such drastic issues with domain controllers that they can become stuck in a boot loop. That is definitely an MS-DEFCON 1 condition. You should not release patches.

    Anyone can read the full AskWoody Plus Alert 19.02.1 (2022-01-12).

  • MS-DEFCON 2: Batten down the hatches for January

    AskWoody Plus Alert Logo
    ISSUE 19.01.1 • 2022-01-06
    MS-DEFCON 2

    By Susan Bradley

    Microsoft has started off the patching year — and not in a good way.

    Soon after midnight all across the world, mail administrators running Exchange 2013 and Exchange 2016 started noticing that mail was not being delivered in their organizations. Horror of horrors, this has been dubbed the “Y2K22” bug — just what we wanted to hear.

    Anyone can read the full AskWoody Plus Alert 19.01.1 (2022-01-06).

  • A change to Alerts!

    Alert Logo

    Our MS-DEFCON system has proven extremely popular. It’s the reason the banner on our home page is so prominent.

    Early in 2021, we decided to post an abbreviated version of MS-DEFCON alert newsletters in our blog, reserving the full alert for Plus edition members. We’ve been pleased that this change met with general acceptance, but a review of our alerts for 2021 has shown that the difference between our blog post and the full alert is minimal. Therefore, I’ve decided to make a change.

    We publish two kinds of alerts, one for a changed MS-DEFCON level and one for other types of information. Henceforth, all MS-DEFCON alerts will be available to anyone visiting the site. Other alerts will continue as an exclusive benefit of Plus membership, as will emailed alerts and text message alerts.

    I’m happy to bring the MS-DEFCON coverage to a wider audience. It’s my contribution to promoting safe and sensible patching strategies.

  • MS-DEFCON 4: Closing out the year of patching

    AskWoody Plus Alert Logo
    ISSUE 18.50.1 • 2021-12-28

    MS-DEFCON 4

    By Susan Bradley

    The end of 2021 brings the final updates for Windows 10 2004. Meanwhile, most of us are planning not to install the new Windows 11.

    The December patching month has been relatively uneventful for Windows Home Edition users. The only major patching side effect I’ve seen came when an Office update prevented multiple users of Access from opening a database on the network. As noted in a Microsoft support page, the Microsoft 365 click-to-run versions listed below have been fixed. If you use Access, close and reopen Office to trigger it to download a new version. The fixed versions are:

    If you have Office 2016, the fix is in KB4484211. You must manually download the patch and install it. We’re still waiting on the fix for Office 2013.

    Consumer and home users

    Now is the time to upgrade Windows 10 2004 to 21H2. If you have not already been offered 21H2, I recommend a visit to the Windows 10 ISO page; click on the Update now button. Of course, be sure you have a backup of your computer first. Also, uninstall any VPN software you use — it’s a bit of overkill, but I have seen cases of VPN software interfering with the update process. Reinstall it after the upgrade is complete.

    If you have any side effects, please visit the forums so we can follow up on any lingering issues. The good news for Windows 10 is that it’s moving to a once-a-year feature-release cadence. Given that Microsoft will be focusing on Windows 11, I anticipate that Windows 10 updates will turn into a nice, boring release process for most of us.

    Business users

    Unless you are running Enterprise versions, I also recommend that businesses move to Windows 10 21H2. The version has been stable in my office. I always make sure that I have all workstations on the same version of Windows 10, to make my life easier.

    Many of us are still trying to chase down the patching we need to do for the Log4j2 vulnerability. It may take time to follow up with all the vendors in your clients’ networks, so be prepared to get updates from vendors as they discover what is and is not vulnerable. For example, I’ve found that my Ricoh printers are not vulnerable in my own network. Going through this listing takes time, and you’ll probably need to work together with each client. Don’t expect to know immediately what is vulnerable.

    Read the full story in the AskWoody Plus Alert 18.50.1 (2021-12-28).

  • MS-DEFCON 2: Final patch ever!

    AskWoody Plus Alert Logo
    ISSUE 18.47.1 • 2021-12-09

    MS-DEFCON 2

    By Susan Bradley

    We’ve come to the last patch we ever have to worry about.

    Well — for 2021, anyway. Of course, in January we start the whole patching process all over again. But wait! For those of you with Windows 10 2004, this is really the final update.

    During the month of December, Microsoft takes a break, with only one update planned due to the holiday season. As Microsoft noted in its Windows message center, there will be no preview updates released during the third or fourth week of the month. This also means that, should there be any side effects from this month’s updates, there won’t be optional preview updates to fix any issues. I’ll be paying close attention to side effects of this month’s updates as a result.

    Consumer and home users

    Windows 10 Installer DownloadClick on Start, Settings, System, and then About on your Windows 10 computer to check your version. If you are still on 2004, this is the very last month that you will receive an update. In that case, I recommend that you visit the Windows 10 download page and click on Update now under “Windows 10 November 2021 Update.” This will download the installer for upgrading — Windows10Upgrade9252.exe, as shown to the left above. Follow the prompts to install Windows 10 21H2. I’m comfortable with that version at this time and recommend it.

    Once you get yourself onto Windows 10 21H2, ensure that you are set to defer updates. I recommend you defer until after Christmas. Click Start, Settings, Update and security, Advanced options; choose to defer updates until December 28.

    Printing side effects seem to be on the wane. If you haven’t already installed the November updates, do that now.

    Business users

    For business patchers, if you are still having issues with printing, ensure that you either install the out-of-band updates released at the end of November or test the December releases as soon as they come out — to see whether they fix your issues. For Windows 10 versions 2004, 20H2, 21H1, and 21H2, Microsoft has indicated that Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server.

    I’m seeing this reported most on peer-to-peer shared printers in a business setting. The optional updates released in late November specifically address these issues. For Windows 10 2004, 20H2, 21H1, and 21H2, this update is KB5007253. This fix will also be included in the December updates, so you may wish to wait until that patch is released to see whether this fixes the printing issues you are dealing with.

    References

    Read the full story in the AskWoody Plus Alert 18.47.1 (2021-12-09).

  • MS-DEFCON 2: October updates right around the corner

    AskWoody Plus Alert Logo
    ISSUE 18.38.1 • 2021-10-08

    MS-DEFCON 2

    By Susan Bradley

    Enjoy the fall season — take a break from patching!

    With the October updates bearing down upon us, it’s time to take a break. Wrap up patching and updating from September, and prepare your PC to delay the upcoming patches.

    For those of you still on Windows 10 2004, this is an excellent time to upgrade to 21H1 and let it settle in. As for Windows 10 21H2, we still don’t have a definite date.

    Windows 10 will be fully supported until 2025, but it’s still unclear whether Microsoft will be switching to an annual feature-release schedule, as with Windows 11, or keeping the twice-per-year cadence we’ve had for the past five years.

    Consumer and home users

    Based on the information I have now, I will probably sound the all-clear for consumers to install this round of updates on or after October 26. Go into Start, Settings, Update and Security, and Advanced options. In the Pause Updates section, pick October 26 from the drop-down menu.

    If you’ve installed the September updates for Windows 10 2004, 20H2, or 21H1, including KB5005565, you can turn your print spooler service back on and use your printer normally — Microsoft has finally fixed its Print Nightmare bugs. It’s safe to turn it on and leave it on (we hope).

    Business users

    For businesses, I’ll urge you to unofficially shoot for deploying updates a week earlier on October 19. Every time I’ve tried to urge businesses to patch earlier than consumers, we’ve hit side effects and needed to wait for workarounds.

    This is also the time to be testing — but not deploying — Windows 11. Microsoft started releasing Windows 11 as it became Tuesday, October 5, in each time zone around the world. All the tools that help us control, patch, and deploy Windows 10 will also be used to control, patch, and deploy Windows 11. Microsoft is releasing much of its Windows 11 content and will be updating it as more information comes out. Tuesday marked the start of the 36-month servicing-support lifecycle for Enterprise and Education editions of Windows 11. The Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 will receive 24 months of servicing support. But I see no need to rush into Windows 11 — it’s a time to watch for side effects and issues.

    References

    Read the full story in the AskWoody Plus Alert 18.38.1 (2021-10-08).

  • MS-DEFCON 4: All clear for consumers, less so for businesses

    AskWoody Plus Alert Logo
    ISSUE 18.32.1 • 2021-08-25

    MS-DEFCON 4

    By Susan Bradley

    This month has been a bit bumpy for business users needing to print.

    This month’s change to a technology called “Point and Print” has triggered side effects for information technology professionals who deployed workstations without administrator rights.

    Although I’m reluctantly recommending installing these updates, because you need to be protected from all the other vulnerabilities this month, I must acknowledge that even after you patch, you still won’t be protected from printer vulnerabilities. There is yet another Print Spooler issue out there. Right now, the only way you can protect yourself from the remote Print Spooler attack described by CVE-2021-36958 is to keep your Print Spooler service disabled unless it is absolutely needed.

    Consumer and home users

    Install the August updates. In a change to my past update recommendations regarding .NET, I now recommend installing the .NET updates as well. For the last year, I’ve not experienced any side effects with the nonsecurity .NET updates and feel confident about their safety.

    I’ve also not been tracking any side effects with Chromebook 92 after its release on August 2. Unlike last month, there’s been no need to roll back this version.

    Business users

    For those of you in charge of business patching, there’s no good resolution for the side effects of the August updates, not to mention the risks of the unpatched Print Spooler vulnerability. If you deploy print drivers using group policy and your users do not have administrator rights, they are being prompted to install a printer-driver update even though the printer driver has not changed — the only thing that has occurred is that the patch was installed. You can deploy a registry key to

    HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

    with the name RestrictDriverInstallationToAdministrators and a DWord value of 0, but unfortunately, this opens up your workstations to attack. It’s not a good solution.

    The root cause appears to be v3 versions of printer drivers. In the short term, I recommend several possible solutions.

    • Temporarily allow administrator rights via group policy to allow your end users to install the updated print driver, and then revert them back to non administrator rights.
    • Use the registry key workaround (above) that will allow printer drivers to be installed, with full knowledge that this opens your machine up to attack.
    • Review the printer drivers you have installed and ensure that they are v4 and not earlier versions.

    References

    Read the full story in the AskWoody Plus Alert 18.32.1 (2021-08-25).