Newsletter Archives

  • Master Patch List as of May 19, 2022 – out of band for server auth issues

    Microsoft has released an out of band update for Servers only to fix the authentication issues with certificates introduced in the May updates. I’ve updated the  Master Patch list  as a result.

    Cumulative updates:
    Note: You do not need to apply any previous update before installing these cumulative updates.
    Standalone Updates:

    Note these are not on Windows update, they are only on the Microsoft Update catalog.  They can be imported into WSUS.

    Note this issue does not impact consumers, only domain controllers in networks with an active directory domain.  So if you are a home or small business with a peer to peer network you will not be impacted.

    The only other fix discussed is to fix installing updates from the Microsoft store.  If you have been impacted by any other Windows 10/11 issues (.net stuff, black monitor, etc) I personally don’t think this out of band will fix those issues.  You certain can back up your system and try it, but I would be surprised/gobsmacked to hear that it actually fixed anything other than the auth problems on the servers and the Microsoft store install.

  • Master Patch List of May 16, 2022 – Apple zero days fixed

    I’m releasing an update to the Master Patch list – not to give the go ahead for any Windows patches, rather to announce that Apple has released several updates that include fixes for zero days.

    While it includes new features for Apple Cash, the Podcast app amongst others, it includes 30 security fixes for iOS 15.5 and macOS 12.4 includes 50 fixes.

    Overall tally:

    macOS Monterey 12.4 – 73 bugs fixed
    macOS Big Sur 11.6.6 – 52 bugs fixed
    Security Update 2022-004 Catalina – 37 bugs fixed
    iOS and iPadOS 15.5 – 34 bugs fixed
    watchOS 8.6 – 21 bugs fixed

    1 zero-day in macOS Big Sur 11.6.6
    1 zero-day in watchOS 8.6

    One zero day involves “A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

    I’ll dig around to see if I can find information on HOW the attacks occur as not all risks are created the same.  Note I recommend that you wait for Apple’s ‘dribble’ patching while they get their telemetry from early updaters.

     

  • Master Patch List as of May 10, 2022

    Patches came out yesterday.  The full details will be out in next week’s newsletter but in the meantime I’ve posted up the preliminary recap up on the Master patch listing page. Remember, other than the browsers, I have pause or defer on everything else at this time.

    For those tracking the NPS patching issue on domain controllers:  Microsoft is aware of the issue.  ” FYI we’re aware of the NPS issue. It’s not related to NPS specifically but rather with how we’re distinguishing between different kinds of names in the certificates. Only a subset of folks are affected by this.

    Acknowledgement here

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master Patch List as of April 12th 2022

    Patches came out yesterday. So far not seeing anything major trending … yet.  But it’s honestly too early to tell the impact at this time. Edit 4/14/2022: Seeing some reports of issues with browsers with Norton and ESET antivirus.  I’m not seeing issues here with Defender. Based on comments it’s not widespread and thus too early to determine root cause at this time. I’d also make sure your browser is up to date.

    Edit 4/14/2022 3:21 pacific – check for updated a/v – this appears to have been resolved at least with ESET.

    I’ve updated the Master Patch Listing for the releases this month. Note, other than the browsers, I have pause or defer on everything else at this time.

    If there is anything I’ve typed in wrong, forgive me, I’m a bit bleary eyed this week as we are almost to the USA tax due date of April 18th. (No, not the 15th, but the 18th).  Take pity on your CPA and stop emailing or texting them photos of your tax documents. Not only is it not secure to be sending your sensitive tax data that way, it makes it EXTREMELY hard for us to print out or save the tax documents. The CPA listserve recently had a thread about how to deal with issue and we were all indicating how often this occurs. Remember if you can see that sensitive social security number as you email or text me that document, so can the attacker.

    Stay tuned for the details in the newsletter this weekend about the Patching issues and headlines and as always, I’ll keep the Master Patch Listing up to date with the latest.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • The browser is your operating system – patch it!

    Tonight’s topic is …. are you up to date on the platform that is REALLY the one you should be worried about?  Your browser.  No matter what underlying operating system you use, you really need to pay attention to how patched your Browser is.

    With more and more things going to the web, with more and more things going through the web, it’s the browser that is the most important software to keep up to date.  And lately I’ve noticed that the one that gets the zero days most often is Google Chrome.  Don’t use Chrome, you say?  Not so fast. Much of the time the other platforms browsers are built on the Chromium engine and thus (for example) you may be using Brave browser but you still need to be aware of the issues as Brave is built on the Chromium engine.

    So which browsers use Chromium?

    • Chrome obviously.
    • Edge
    • Opera
    • Vivaldi
    • Brave
    • Colibri
    • Epic
    • Iron
    • Among others

    For Chrome you need to be on 99.0.4844.84 to be protected from this zero day bug that has been seen in use in attacks on the web.

    There are not a lot of details about who or what was using the bug but it appears that it was used in targeted attacks.

    While Firefox (and it’s versions) are not impacted, it’s still wise to check and make sure you are fully up to date. At this time you need to be on 98.0.2 for Firefox.

    For all of these browsers you can check if you are up to date by clicking on the help menu or about menu and that usually triggers them to download a new update if they are out of date. Alternatively you can go to their direct download site and download a new version and install over the top.

    For those of you that are Plus members I’ve put the versions or build numbers of the major Browsers on the Master patch listing that you need to be sure you are up to date on.  I’m not sure I’ll be able to keep up with every release of every browser, but for sure when there is a patch like this that is fixing a known in the wild and what appears to me to be a realistic risk of attack, I’ll be sure to flag it and also send out a tweet and a text message if you need to update your browser for known in the wild attacks.

    So remember, tonight or in the morning, launch your browser, click on (typically) the dot dot dot in the menu bar at the top, then on help and about.

    Make sure your browser is fully patched!

  • Master Patch List as of March 22, 2022

    We have yet to see the preview releases for Windows 11 either last week or this week (I’m guessing they may be coming out tomorrow?), but I’ve published the updates to the Master Patch List tonight as of March 22, 2022 and we’re getting ready to send out the alert tomorrow regarding the Patch status for March.

    Thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    If Microsoft does release the preview updates for Windows 11, I’ll update the Master Patch List but remember, I don’t recommend installing preview releases.

  • Master Patch List as of March 8th

    A reminder again, for those of you that are Plus members, I’ve updated the Master patch listing through March 8, 2022.  The ONLY thing I want folks to install at this time is Exchange updates for anyone who has Exchange on premises email servers running Exchange 2013, 2016 or 2019. There is a “from remote” vulnerability.  Full details will be in the newsletter out on the weekend.

    Remember if you get offered/or install the PC Health tool called KB 5005463  or KB4023057 you can remove them by going into control panel, programs and look Windows PC Health Check or Microsoft Update Health Tools. They should have a recent date of install and look similar to below:

    Click on it to remove them from your computer.

    Thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master Patch List updated through Feb 22

    For those of you that are Plus members, I’ve updated the Master patch listing through February 22, 2022.  I’ve expanded the listing of Browsers showcasing that many of them received updates last week.

    Remember the .NET updates this month did not include security updates but I’ve gone ahead and indicated they should be installed if you are offered them.

    Thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master Patch Listing updated as of February 8, 2022

    I’ve just updated the Master Patch Listing through February 8, 2022.  (Plus members only – remember a mere $1 donation gains you access but we are VERY appreciative of any and all donations to the cause and my slightly bleary eyes this time of year for me.)

    Remember I’m not recommending that you install updates at this time. This is merely to let you know that I’ve updated the list of released updates so you know what to expect to be offered and installed later on.

    Some notes for the February releases…. .NET does not include security updates so you’ll see monthly rollups and not security only updates.

    I recommend 21H1 or 21H2 at this time, but not yet Windows 11.

    As always, the full details of security patches for Windows, Office, Chrome Browser, Firefox Browser, and Chromebook will be discussed in the Plus Newsletter along with several other articles from our expert authors. Thank you all for supporting the cause!

     

  • Why I recommend pausing Windows updates every month

    WOODY’S WINDOWS WATCH

    By Woody Leonhard

    Yeah, I know I sound like a broken record. But the simple fact is that you have much to lose and little to gain by opening your system up to Windows’ automatic updating system.

    Rather than installing Microsoft’s patches as soon as they’re released, I believe it’s much safer to hold off, let the screams of pain die down, wait for MS to fix its problems, and patch a few weeks later.

    Read the full story in the AskWoody Plus Newsletter 16.23.0 (2019-06-24).

  • Patch Watch: Recent updates to the Master Patch List; Win10 1809 still not ready; MS Security Intelligence Report

    It’s a busy week for Patch Lady Susan Bradley:

    • Win10 version 1809 still isn’t “ready for business” — but it’s hard to define the term
    • Cleanup changes with the Win10 1809 update installer
    • Microsoft’s just-released Security Intelligence Report
    • And a full update to Susan’s legendary Master Patch List

    If you’re in charge of patching a bunch of computers, this is your go-to central source of information.

    (For everyday PC users, wait for the MS-DEFCON level to change.)

    Out this morning to all AskWoody Plus members, in AskWoody Plus Newsletter 16.7.0.

  • Is it OK to run patches on 500+ VMs?

    Just saw this message from ME:

    I haven‘t approved updates since 12/2017 for our infrastructure with 500+ VMs.

    I‘m not new to that topic but your team recently wrote that it is not wise to approve updates when your on patch level 12/2017. I think it was in march. Since then i didn‘t found a topic if to update or not. All thoughts was about if and how to update one single machine. Is there anything related to my problems to read from you?

    Susan Bradley does a great Job but it would be interesting to have a algorithm how to patch when you’re on 12/2017 or similar. Its not something i ask you to do but in those times Microsoft does a horrible job which leads to spectacular ransom attacks in the future. I patch servers for 3 years now – i‘m definitely not a pro but why do i feel like Microsoft always tries to shoot our infrastructure into pieces. :/

    Best regards, and thank you and your team for the great work.

    Since Susan Bradley joined AskWoody several months ago, we have something of a dichotomy. On the one hand, we have people who just want to know when it’s safe to patch their individual (home or business) PCs. On the other hand, we have a widening group of admins who are in charge of hundreds — thousands — of machines.

    As you’ve seen, the expectations and needs of those two groups is related, but still quite different in many respects. More than that, there’s a spectrum of needs — from folks who’d rather be playing mahjong, to folks who have to be concerned about protecting key corporate data.

    One size doesn’t fit all. What’s evolved is kind of a dual system that’s grown out of my background helping individuals and Susan’s long background working with organizations.

    The MS-DEFCON system is geared for people who really just want to get the furshlugginer thing working. I don’t even try to differentiate between a Win7 system running Office 2010

    and a Win10 1803 system running Office 365. There are just too many variables. What I give with MS-DEFCON is a red light/green light system, with warnings about particularly irksome problems.

    The Patch Lady recommendations (and her unique, lengthy Master Patch List) are designed for people who want — or need — to take a closer look at the patches.

    The Patch Lady approach is a scalpel. The MS-DEFCON approach is a sledge hammer.

    That doesn’t answer your question. But it should help you put into perspective the comments that are bound to come from people who have experienced your exact situation.