Newsletter Archives
-
January’s patching cyclone
PATCH WATCH
By Susan Bradley
We’re a bit soggy and wet at the AskWoody Tech LLC Global Headquarters here in central California.
We’ve had nearly a week of rain, and more is coming. I shouldn’t complain — severe drought has brought our state’s water supply down to historically low levels, so the water is needed and much appreciated. But when Microsoft rains down upon us at the same time, the total deluge is a bit much.
For January, Microsoft fixed 98 security vulnerabilities, said goodbye (for the final time) to the much-beloved Windows 7, also said goodbye to the less used (but popular among its buffs) Windows 8.1, and actually released updates to Microsoft’s on-premises mail server, Exchange.
Read the full story in our Plus Newsletter (20.03.0, 2023-01-16).
-
Dealing with printers
PATCH WATCH
By Susan Bradley
Keeping printers up to dateOnce upon a time, I purchased an HP LaserJet 4L printer that would just keep on printing, year after year, until the plastic door on the top of the printer finally broke off. After my initial installation, the printer driver was never updated.
Read the full story in the AskWoody Plus Newsletter 18.11.0 (2021-03-22).
-
MS-DEFCON 2 — It’s time to defer March updates
ISSUE 18.9.1 • 2021-03-08
By Susan Bradley
It’s the start of the patching week.
We are a day away from the official start of patching season. While Microsoft started the March patching madness early, with a critical patch needed for its mail servers, we have yet to see what’s in store for those of us that merely use their Windows as workstations.
Read the full story in the AskWoody Plus Alert 18.9.1 (2021-03-08).
Learn more about MS-DEFCON! -
Exchange Server elevation of privilege bug acknowledged
Remember the 0day exploit in Microsoft Exchange that we talked about two weeks ago?
As I suspected, your Exchange Server is only vulnerable to a man-in-the-middle attack. It isn’t an all-purpose attack: The miscreant has to be able to sit in the middle of an interaction with the Server.
Microsoft finally has an explanation in ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability.
A planned update is in development. If you determine that your system is at high risk then you should evaluate the proposed workaround.
The workaround is a one-line PowerShell script that @b talked about last week.