|
There are isolated problems with current patches, but they are well-known and documented on this site. |
Newsletter Archives
-
May’s messy updates
PATCH WATCH
By Susan Bradley
Although the May releases for both Windows and Apple have not introduced side effects or hiccups so far, they haven’t been as problem-free as they should have been.
Apple released the first of its “rapid response” updates, announced last June and supposedly allowing the company to deploy important security-only software updates without demanding a reboot.
Read the full story in our Plus Newsletter (20.20.0, 2023-05-15).
-
MS-DEFCON 2: Prepare for April showers
ISSUE 20.14.1 • 2023-04-06 
By Susan Bradley
The next round of updates is coming soon and may be confusing.
For one thing, it now appears that Windows 10 and Windows 11 updates will diverge. That is reason enough for me to raise the MS-DEFCON level to 2.
Any confusion instantly causes me to recommend deferring updates.
It does not appear that the forthcoming updates for Windows 10 will introduce any changes. They will include only security patches. Microsoft stated:
After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only monthly security update releases will continue for these versions.
Anyone can read the full MS-DEFCON Alert (20.14.1, 2023-04-06).
-
The sky is not falling
PATCH WATCH
By Susan Bradley
You may have seen the headlines: Outlook is getting a patch for a zero-day attack that can’t be fixed just by turning off the preview pane.
Don’t panic. The risk is greatest if you are connecting Outlook to an on-premises Exchange server.
Importantly, the attacks have been seen only in targeted firms. The risk is higher for government agencies. Microsoft has even provided a script to determine whether you are at risk.
Read the full story in our Plus Newsletter (20.12.0, 2023-03-20).
-
MS-DEFCON 4: Wrapping up a short month
ISSUE 20.09.1 • 2023-02-28 
By Susan Bradley
February’s patches affected you either severely, or not at all.
The good news: If you are a consumer, home user, or business that does not use Windows Server 2022 or any version of on-premises Exchange server, you will be just fine installing the updates at this time. Therefore, I am very comfortable with lowering the MS-DEFCON level to 4.
However, if you are a business patcher with Windows Server 2022 hosted in VMware, you may have been significantly impacted. In addition, patch administrators are still dealing with the side effects of the Exchange updates.
Anyone can read the full MS-DEFCON Alert (20.09.1, 2023-02-28).
-
January’s patching cyclone
PATCH WATCH
By Susan Bradley
We’re a bit soggy and wet at the AskWoody Tech LLC Global Headquarters here in central California.
We’ve had nearly a week of rain, and more is coming. I shouldn’t complain — severe drought has brought our state’s water supply down to historically low levels, so the water is needed and much appreciated. But when Microsoft rains down upon us at the same time, the total deluge is a bit much.
For January, Microsoft fixed 98 security vulnerabilities, said goodbye (for the final time) to the much-beloved Windows 7, also said goodbye to the less used (but popular among its buffs) Windows 8.1, and actually released updates to Microsoft’s on-premises mail server, Exchange.
Read the full story in our Plus Newsletter (20.03.0, 2023-01-16).
-
Dealing with printers
PATCH WATCH
By Susan Bradley
Keeping printers up to dateOnce upon a time, I purchased an HP LaserJet 4L printer that would just keep on printing, year after year, until the plastic door on the top of the printer finally broke off. After my initial installation, the printer driver was never updated.
Read the full story in the AskWoody Plus Newsletter 18.11.0 (2021-03-22).
-
MS-DEFCON 2 — It’s time to defer March updates
ISSUE 18.9.1 • 2021-03-08
By Susan Bradley
It’s the start of the patching week.
We are a day away from the official start of patching season. While Microsoft started the March patching madness early, with a critical patch needed for its mail servers, we have yet to see what’s in store for those of us that merely use their Windows as workstations.
Read the full story in the AskWoody Plus Alert 18.9.1 (2021-03-08).
Learn more about MS-DEFCON! -
Exchange Server elevation of privilege bug acknowledged
Remember the 0day exploit in Microsoft Exchange that we talked about two weeks ago?
As I suspected, your Exchange Server is only vulnerable to a man-in-the-middle attack. It isn’t an all-purpose attack: The miscreant has to be able to sit in the middle of an interaction with the Server.
Microsoft finally has an explanation in ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability.
A planned update is in development. If you determine that your system is at high risk then you should evaluate the proposed workaround.
The workaround is a one-line PowerShell script that @b talked about last week.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
AMD Software Failed to Launch Because Windows Update Has Replaced the AMD…
by 1 hour, 12 minutes ago
-
Microsoft : New macOS vulnerability, Migraine, could bypass System Integrity…
by 3 hours, 14 minutes ago
-
Remove One Drive
by 8 hours, 34 minutes ago
-
Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release
by 14 hours, 35 minutes ago
-
How to change “User Account Control:Run as administrator”
by 12 hours, 52 minutes ago
-
Two monitors, want different “fixed” wallpaper on each one
by 19 hours, 26 minutes ago
-
Microsoft forcing move to Microsoft account?
by 17 hours, 21 minutes ago
-
Event 2545 Device Management – Enterprise – Diagnostics – Provider
by 20 hours, 45 minutes ago
-
QBot malware exploits Windows WordPad EXE to take over
by 1 day, 16 hours ago
-
Laptop powers off during KB5026361 update
by 1 day, 15 hours ago
-
How to enable Sleep in Shut down menu?
by 1 day, 17 hours ago
-
Beware of Google’s .ZIP domain and password-embedded URLs
by 5 hours, 57 minutes ago
-
Longstanding feature requests, and their status
by 2 days, 1 hour ago
-
Three typing tutors — no more “hunt and peck”
by 2 days ago
-
Is online banking secure?
by 2 hours, 2 minutes ago
-
Bluetooth audio not working on older Lenovo T420 with Win 10
by 1 day, 7 hours ago
-
Using wildcards in search and replace
by 2 days, 10 hours ago
-
How is Windows XP an security risk?
by 21 hours, 6 minutes ago
-
Is using VPN a good idea?
by 2 days, 7 hours ago
-
How to prevent/disable Bitlocker Automatic Device Encryption?
by 2 days, 18 hours ago
-
Unexplained aspects of installing the latest update of Office 2021
by 2 days, 18 hours ago
-
Getting started with macOS Disk Utility: RAID, images, and repairs
by 3 days, 3 hours ago
-
Getting started with macOS Disk Utility: Resizing, snapshots, and journaling
by 3 days, 3 hours ago
-
Are you ready for AI?
by 15 hours, 26 minutes ago
-
Windows 11 Insider Preview build 25375 released to Canary
by 3 days, 5 hours ago
-
Windows 11 Insider Preview Build 22621.1825 and 22624.1825 released to BETA
by 3 days, 6 hours ago
-
Duplicate image name brings up old images
by 4 days, 11 hours ago
-
XP offline activation tool, xp_activate32.exe
by 2 days ago
-
Huge Tesla leak reveals thousands of safety concerns, privacy problems
by 2 days, 13 hours ago
-
Android : iRecorder – Screen Recorder new Android RAT
by 4 days, 16 hours ago
