Newsletter Archives

• MS-DEFCON 2: Batten down the hatches for January

  Posted on January 6, 2022 at 02:45 CST by Susan Bradley • Comment in the Forums

  ISSUE 19.01.1 • 2022-01-06

  

  By Susan Bradley

  Microsoft has started off the patching year — and not in a good way.

  Soon after midnight all across the world, mail administrators running Exchange 2013 and Exchange 2016 started noticing that mail was not being delivered in their organizations. Horror of horrors, this has been dubbed the “Y2K22” bug — just what we wanted to hear.

  Anyone can read the full AskWoody Plus Alert 19.01.1 (2022-01-06).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts

• A change to Alerts!

  Posted on January 5, 2022 at 11:57 CST by Susan Bradley • Comment in the Forums

  

  Our MS-DEFCON system has proven extremely popular. It’s the reason the banner on our home page is so prominent.

  Early in 2021, we decided to post an abbreviated version of MS-DEFCON alert newsletters in our blog, reserving the full alert for Plus edition members. We’ve been pleased that this change met with general acceptance, but a review of our alerts for 2021 has shown that the difference between our blog post and the full alert is minimal. Therefore, I’ve decided to make a change.

  We publish two kinds of alerts, one for a changed MS-DEFCON level and one for other types of information. Henceforth, all MS-DEFCON alerts will be available to anyone visiting the site. Other alerts will continue as an exclusive benefit of Plus membership, as will emailed alerts and text message alerts.

  I’m happy to bring the MS-DEFCON coverage to a wider audience. It’s my contribution to promoting safe and sensible patching strategies.

  AskWoody Plus Alert, Patch Watch AskWoody Plus Alerts, MS-DEFCON, Patch Lady Posts

• MS-DEFCON 4: Closing out the year of patching

  Posted on December 28, 2021 at 02:45 CST by Susan Bradley • Comment in the Forums

  ISSUE 18.50.1 • 2021-12-28 By Susan Bradley The end of 2021 brings the final updates for Windows 10 2004. Meanwhile, most of us are planning not to install the new Windows 11. The December patching month has been relatively uneventful for Windows Home Edition users. The only major patching side effect I’ve seen came when an Office update prevented multiple users of Access from opening a database on the network. As noted in a Microsoft support page, the Microsoft 365 click-to-run versions listed below have been fixed. If you use Access, close and reopen Office to trigger it to download a new version. The fixed versions are: If you have Office 2016, the fix is in KB4484211. You must manually download the patch and install it. We’re still waiting on the fix for Office 2013. Consumer and home users Now is the time to upgrade Windows 10 2004 to 21H2. If you have not already been offered 21H2, I recommend a visit to the Windows 10 ISO page; click on the Update now button. Of course, be sure you have a backup of your computer first. Also, uninstall any VPN software you use — it’s a bit of overkill, but I have seen cases of VPN software interfering with the update process. Reinstall it after the upgrade is complete. If you have any side effects, please visit the forums so we can follow up on any lingering issues. The good news for Windows 10 is that it’s moving to a once-a-year feature-release cadence. Given that Microsoft will be focusing on Windows 11, I anticipate that Windows 10 updates will turn into a nice, boring release process for most of us. Business users Unless you are running Enterprise versions, I also recommend that businesses move to Windows 10 21H2. The version has been stable in my office. I always make sure that I have all workstations on the same version of Windows 10, to make my life easier. Many of us are still trying to chase down the patching we need to do for the Log4j2 vulnerability. It may take time to follow up with all the vendors in your clients’ networks, so be prepared to get updates from vendors as they discover what is and is not vulnerable. For example, I’ve found that my Ricoh printers are not vulnerable in my own network. Going through this listing takes time, and you’ll probably need to work together with each client. Don’t expect to know immediately what is vulnerable. Read the full story in the AskWoody Plus Alert 18.50.1 (2021-12-28).

  AskWoody Plus Alert, Patch Watch AskWoody Plus Alerts, Microsoft Access, Patch Lady Posts, Win10 2004

• MS-DEFCON 2: Final patch ever!

  Posted on December 9, 2021 at 02:45 CST by Susan Bradley • Comment in the Forums

  ISSUE 18.47.1 • 2021-12-09 By Susan Bradley We’ve come to the last patch we ever have to worry about. Well — for 2021, anyway. Of course, in January we start the whole patching process all over again. But wait! For those of you with Windows 10 2004, this is really the final update. During the month of December, Microsoft takes a break, with only one update planned due to the holiday season. As Microsoft noted in its Windows message center, there will be no preview updates released during the third or fourth week of the month. This also means that, should there be any side effects from this month’s updates, there won’t be optional preview updates to fix any issues. I’ll be paying close attention to side effects of this month’s updates as a result. Consumer and home users Click on Start, Settings, System, and then About on your Windows 10 computer to check your version. If you are still on 2004, this is the very last month that you will receive an update. In that case, I recommend that you visit the Windows 10 download page and click on Update now under “Windows 10 November 2021 Update.” This will download the installer for upgrading — Windows10Upgrade9252.exe, as shown to the left above. Follow the prompts to install Windows 10 21H2. I’m comfortable with that version at this time and recommend it. Once you get yourself onto Windows 10 21H2, ensure that you are set to defer updates. I recommend you defer until after Christmas. Click Start, Settings, Update and security, Advanced options; choose to defer updates until December 28. Printing side effects seem to be on the wane. If you haven’t already installed the November updates, do that now. Business users For business patchers, if you are still having issues with printing, ensure that you either install the out-of-band updates released at the end of November or test the December releases as soon as they come out — to see whether they fix your issues. For Windows 10 versions 2004, 20H2, 21H1, and 21H2, Microsoft has indicated that Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server. I’m seeing this reported most on peer-to-peer shared printers in a business setting. The optional updates released in late November specifically address these issues. For Windows 10 2004, 20H2, 21H1, and 21H2, this update is KB5007253. This fix will also be included in the December updates, so you may wish to wait until that patch is released to see whether this fixes the printing issues you are dealing with. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.47.1 (2021-12-09).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts

• MS-DEFCON 2: October updates right around the corner

  Posted on October 8, 2021 at 02:45 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.38.1 • 2021-10-08 By Susan Bradley Enjoy the fall season — take a break from patching! With the October updates bearing down upon us, it’s time to take a break. Wrap up patching and updating from September, and prepare your PC to delay the upcoming patches. For those of you still on Windows 10 2004, this is an excellent time to upgrade to 21H1 and let it settle in. As for Windows 10 21H2, we still don’t have a definite date. Windows 10 will be fully supported until 2025, but it’s still unclear whether Microsoft will be switching to an annual feature-release schedule, as with Windows 11, or keeping the twice-per-year cadence we’ve had for the past five years. Consumer and home users Based on the information I have now, I will probably sound the all-clear for consumers to install this round of updates on or after October 26. Go into Start, Settings, Update and Security, and Advanced options. In the Pause Updates section, pick October 26 from the drop-down menu. If you’ve installed the September updates for Windows 10 2004, 20H2, or 21H1, including KB5005565, you can turn your print spooler service back on and use your printer normally — Microsoft has finally fixed its Print Nightmare bugs. It’s safe to turn it on and leave it on (we hope). Business users For businesses, I’ll urge you to unofficially shoot for deploying updates a week earlier on October 19. Every time I’ve tried to urge businesses to patch earlier than consumers, we’ve hit side effects and needed to wait for workarounds. This is also the time to be testing — but not deploying — Windows 11. Microsoft started releasing Windows 11 as it became Tuesday, October 5, in each time zone around the world. All the tools that help us control, patch, and deploy Windows 10 will also be used to control, patch, and deploy Windows 11. Microsoft is releasing much of its Windows 11 content and will be updating it as more information comes out. Tuesday marked the start of the 36-month servicing-support lifecycle for Enterprise and Education editions of Windows 11. The Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 will receive 24 months of servicing support. But I see no need to rush into Windows 11 — it’s a time to watch for side effects and issues. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.38.1 (2021-10-08).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Windows 10, Windows 11

• MS-DEFCON 4: All clear for consumers, less so for businesses

  Posted on August 25, 2021 at 02:45 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.32.1 • 2021-08-25 By Susan Bradley This month has been a bit bumpy for business users needing to print. This month’s change to a technology called “Point and Print” has triggered side effects for information technology professionals who deployed workstations without administrator rights. Although I’m reluctantly recommending installing these updates, because you need to be protected from all the other vulnerabilities this month, I must acknowledge that even after you patch, you still won’t be protected from printer vulnerabilities. There is yet another Print Spooler issue out there. Right now, the only way you can protect yourself from the remote Print Spooler attack described by CVE-2021-36958 is to keep your Print Spooler service disabled unless it is absolutely needed. Consumer and home users Install the August updates. In a change to my past update recommendations regarding .NET, I now recommend installing the .NET updates as well. For the last year, I’ve not experienced any side effects with the nonsecurity .NET updates and feel confident about their safety. I’ve also not been tracking any side effects with Chromebook 92 after its release on August 2. Unlike last month, there’s been no need to roll back this version. Business users For those of you in charge of business patching, there’s no good resolution for the side effects of the August updates, not to mention the risks of the unpatched Print Spooler vulnerability. If you deploy print drivers using group policy and your users do not have administrator rights, they are being prompted to install a printer-driver update even though the printer driver has not changed — the only thing that has occurred is that the patch was installed. You can deploy a registry key to HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint with the name RestrictDriverInstallationToAdministrators and a DWord value of 0, but unfortunately, this opens up your workstations to attack. It’s not a good solution. The root cause appears to be v3 versions of printer drivers. In the short term, I recommend several possible solutions. Temporarily allow administrator rights via group policy to allow your end users to install the updated print driver, and then revert them back to non administrator rights. Use the registry key workaround (above) that will allow printer drivers to be installed, with full knowledge that this opens your machine up to attack. Review the printer drivers you have installed and ensure that they are v4 and not earlier versions. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.32.1 (2021-08-25).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts

• MS-DEFCON 2: Get ready for battle stations

  Posted on August 6, 2021 at 02:45 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.29.1 • 2021-08-06 By Susan Bradley The annual security conference known as Black Hat is in the bag, and we are (well, I am) anxiously awaiting the next bugs that will rear their heads, based on the headlines that came out of the conference. Topics like Print Spooler bugs, Mac privacy bugs, and encryption platform attacks were just some of the headline topics that I expect to result in a new wave of patches — not just for Windows, but for almost every device. Consumer and home users In preparation for Patch Tuesday, I recommend that you take the usual actions to defer, pause, block, and just avoid updates for the operating system and Office apps. I suggest deferring until at least August 24. As always, we’ll keep an eye on side effects and issues. Remember, there are several ways to defer updates. The easiest way, in my opinion, is to click on Settings, Windows Update, Advanced Options, and then choose August 24 in the “Pause updates” section. When that clock runs out, updates will install automatically. Alternatively, use WuMgr to selectively install updates. Of course, as I always recommend, take the time to back up your system. Chromebooks should have been updated to 92.0.4515.130. It includes an improved version of Zoom as well as several other useful bug fixes. The Apple camp is still in beta testing mode on Monterey, and it’s anticipated that the release will be in September. In the meantime, you can keep up with the latest news on that beta in our forums. Business users What concerns me most is the “Microsoft Won’t-Fix-List (July 2021 Edition)” that a security researcher started in July of 2021 to document all the items that Microsoft hadn’t fixed by the end of July. Note that this list does not include all “won’t fix” items, just the ones that occurred during the month of July. I’m hoping that we see more of these issues fixed, especially those related to Print Spooler bugs. Those bugs keep me nervous about having the Print Spooler service enabled. I continue to recommend that you enable the Print Spooler service only on those computers and servers that absolutely need it for business operations. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.29.1 (2021-08-06).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, Patch Lady Posts, Patch Watch

• MS-DEFCON 4: Get those June updates installed

  Posted on June 24, 2021 at 02:50 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.23.1 • 2021-06-24 MS-DEFCON 4: Get those June updates installed By Susan Bradley It’s time to deal with “News and Interests.” Consumer and home users If you’ve been procrastinating with the June updates so you didn’t have to deal with the new “News and Interests” feature and its side effects, the time has come. Microsoft has released KB5003698 to fix issues with blurry images in 1909 for Enterprise. Windows 10 2004/20H2 and 21H1 received KB5003690 to fix the blurry text on the News and Interests button for some screen resolutions. KB5003690 also fixes a problem with search box graphics on the Windows taskbar, which occurs if you right-click the taskbar and turn off News and Interests. This graphics issue is especially visible when using dark mode. If it is a problem for you, install this optional update. There are other issues to work out, such as interactions with the desktop if you are using Classic Shell or other menu programs. AskWoody readers have noted cases in which sign in to customize the news selections did not work. If you have problems with the News and interests feature, try setting it to icons only instead of icons and text. For Office updates, open up any Office software application, click on File, Account, Office Updates, and enable updates. Then click on Update Now to trigger their installation. Business users This month’s releases showcase that timing is everything. If you apply updates to workstations before applying them to servers and then attempt to use remote event-log tools, you will find that you cannot access the event logs. As noted by Microsoft, affected apps are using certain legacy Event Logging APIs. Ensure that you apply the updates for both workstations and servers before attempting to use such software. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.23.1 (2021-06-24).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4

• MS-DEFCON 2: Defer Windows & Office updates to June 24

  Posted on June 4, 2021 at 03:00 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.20.1 • 2021-06-04 By Susan Bradley Consumer and home users Hopefully, you’ve taken the time to get the May updates installed. Before next Tuesday, be sure you are comfortable with your methodology for deferring updates. For Windows updates, I’m still a fan of the method I call “pick the date.” Go to Settings, then to Update and Security; click on Advanced options, and select Pause updates. Then use the Select date drop-down to choose the date when you’d like updates to resume. I’m suggesting June 24. Note that the News and Interests notification will be fully enabled in your task bar this month. For Office updates, open up any Office application, click on File, Office Account, Office Updates; choose Disable Updates. You can resume updates later in the month. While you have Office updates disabled, avoid opening macro-enabled files as a defense against potential ransomware threats. Business users Ransomware has been a big topic in the news this month. While doing your patch testing, continue to educate your end users about the dangers posed by simple tasks done carelessly — opening emails, transferring files, clicking on links, etc. Greater danger requires greater vigilance. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.20.1 (2021-06-04).

  AskWoody Plus Alert, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Patch Watch

• MS-DEFCON 4: It’s quiet out there

  Posted on May 27, 2021 at 01:00 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.19.1 • 2021-05-27

  

  By Susan Bradley

  This month has been relatively quiet with respect to patching side effects. It’s now time to install the May updates.

  Consumer and home users

  Most of the issues and complaints have not been about the May update. Instead, there has been dissatisfaction with a new feature called News and Interests. As this feature rolls out, more and more people are asking how to remove it. I have provided a registry update file that will automatically disable News and Interests. The only known side effect is audio issues in some machines; these can be bypassed by using stereo settings.

  More details will be provided in my upcoming Patch Watch article.

  Business users

  For small businesses that still have an on-premises Exchange email server, make sure you install this month’s Exchange patches, as described in KB 5003435.

  Note that some users reported issues if they had manually removed the new version of Edge, proving once again that Microsoft doesn’t test the edge cases (pun intended).

  Read the full story in the AskWoody Plus Alert 18.19.1 (2021-05-27).

  AskWoody Plus Alert, MS-DEFCON, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 4

• MS-DEFCON 2: Pause on patching

  Posted on May 10, 2021 at 12:00 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.17.1 • 2021-05-10 By Susan Bradley It’s time for both business users and consumer or home users to pause Windows updates. Accordingly, I’m changing the AskWoody MS-DEFCON level to 2. Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it. Consumer and home users If you are a home/consumer user, I recommend two actions to ensure you do not get inadvertent updates. First, select Start, Settings, Network & Internet, and then Wi-Fi or Ethernet (whichever connection you are using). Next, click Manage known networks; click on the network that you use, click Properties, and turn on Set as metered connection. This “tricks” the computer into thinking that your Internet connection is not unlimited (i.e., you might incur charges) and thus will download patches only after you approve the process. The second action is picking a deferral date after May 11, when Microsoft will push out the next Patch Tuesday security releases. Click on Start, Settings, Update & Security; then click on Advanced Options. Pick a date far enough in the future to give you comfort. I always wait at least a week, usually more. I’ll be re-evaluating the update situation closer to the end of the month, but for now choosing May 28 should be safe enough. For those of you with an Office click-to-run (CTR) edition, I strongly recommend that you change to the semiannual channel rather than the monthly one because it will keep you from the Autocomplete bug. Business users Coming this month in the May Security releases, Microsoft will be including a new “News and Interests” taskbar item featuring items of interest to your users. Remember, if you want to proactively block it, there are registry keys and group policy to control it. References AskWoody Master Patch List Read the full story in the AskWoody Plus Alert 18.17.1 (2021-05-10).

  AskWoody Plus Alert, MS-DEFCON, Patch Watch AskWoody Plus Alerts, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Windows Update

• MS-DEFCON 2 – Deferring the April Updates

  Posted on April 11, 2021 at 01:00 CDT by Susan Bradley • Comment in the Forums

  ISSUE 18.12.1 • 2021-04-11

  

  By Susan Bradley

  Brace yourself for April updates

  It’s the time of the month to pause for updates. You will recall that the March updates were very disruptive and many of you decided to not install that round. The April releases are cumulative so you won’t have to go back and install the March updates. Instead, we’ll take a long pause to see what April brings.

  If you are a home/consumer user, I recommend two actions to ensure you do not get inadvertent updates. First, select Start, Settings, Network & Internet, and then Wi-Fi or Ethernet (whichever connection you are using). Next click Manage known networks, click on the network that you use, click Properties and turn on Set as metered connection. This “tricks” the computer into thinking that your Internet connection is not unlimited (i.e., you might incur charges) and thus will only download patches once you approve the process.

  The second action is picking a deferral date after April 13, when the next Patch Tuesday security releases will be pushed out by Microsoft. Click on Start, Settings, Update & Security, then click on Advanced Options. Pick a date far enough in the future to give you comfort. I always wait at least a week, usually more. I’ll be reevaluating the update situation closer to the end of the month, but for now choosing April 30 should be safe enough.

  Remember: For those of you running Windows 10 1909, support is coming to an end. After May 11, 2021, 1909 will not receive security updates. In accordance with prior advice, update to 20H2; 21H1 is just around the corner.

  Read the full story in the AskWoody Plus Alert 18.12.1 (2021-04-11).

  AskWoody Plus Alert, MS-DEFCON AskWoody Plus Alerts, MS-DEFCON 2, Patch Lady Posts
• Newer Entries »