Newsletter Archives

  • Windows 10 22H2 is out along with “Moments” for Windows 11

    Microsoft has just posted that Windows 10 22H2 is now out for “seekers” who manually “check for updates”  Remember if you want to stay at a certain feature release you can use group policy or registry keys here.  Folks behind WSUS or other managed patching won’t be pushed this.

    Next the first “Moment” release is out for Windows 11.  Tabbed file explorer is included.  As I suspected these are included in the optional non security releases and will be rolled out to all next month in the cumulative patches

    “These new features and experiences will start to become available today in an optional non-security preview release and a phased rollout via our servicing technology and new apps via Microsoft Store updates5, ensuring you can take advantage of the latest Windows experiences as these new features are ready. The new features will be made broadly available to all editions of Windows 11, version 22H2 in the November 2022 security update release.”

    What isn’t detailed is how you can control these – especially if you are a business other than not installing the patch?  I’ll be asking around to see what’s up.

    AND updating the Master patch list AGAIN tonight.

  • Master patch list as of October 17, 2022

    #PatchTuesday

    I’ve updated the Master Patch List for today’s out of band release

    Microsoft released an “out of band” that is on the Microsoft Catalog site for Windows 10 and 11 releases only for issues with SSL and TLS.  It’s due to new behavior introduced after the September optional updates rolled into the October cumulative/security updates. See https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e 

    I noted in the newsletter that side effects may be seen on older applications (for example Citrix Workspace does not connect after October 2022 update) so you may wish to see if this out of band update will help.

    Consumer impact:  Not seeing issues with this on consumer devices.

    Business impact:  May see issues with older applications.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master Patch List as of October 11, 2022

    #PatchTuesday

    I’ve updated the Master Patch List for yesterday’s releases

    I’ll be keeping an eye out for issues and will be updating that page and spreadsheet should I seen anything trending.

    Not seeing anything in my personal home testing for consumer/home issues

    Business impact only:  Group policy issue after the install of October releases (same issue as last month).  See master patch list page.

    2012 R2 server OS only – seeing Internet explorer/access is denied in the event log

    TLS1.0/1.1 is only disabled on Windows 10 and Server 2019 this patch. 2016 retains it and Windows 11/ Server 2022 already have it disabled by default.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Microsoft email zero day

    What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already fully patched.

    If we have online email with Microsoft, are we at risk?  No.

    Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

    If you are an Exchange admin and need help, pile on here

    (note I am sending this out as a defcon text alert but not an email alert)

    Follow the guidance in the MSRC post to protect your on premise email servers:

    The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns

    Note:

    If you don’t run Microsoft Exchange on premise, and don’t have Outlook Web App facing the internet, you are not impacted.

  • Microsoft Endpoint Configuration Manager out of band

    What is it? There is an out of band security update for Microsoft Endpoint Configuration Manager. This is a business only tool used to manage computers.

    What’s the risk? An attacker could exploit this vulnerability to obtain sensitive information. It’s a spoofing vulnerability.

    Does it impact consumers or home users?  No.

    Does it impact businesses who only use WSUS or only Intune or even those who have standalone Windows 10 or 11 computers?  No. This is only for those customers running Config manager a separate standalone management tool.

    How can you get the patch?  “The update – KB 15498768 – will be listed in the Updates and Servicing node of the Configuration Manager console for customers running Microsoft Endpoint Configuration Manager, versions 2103 – 2207.

    Environments using versions of Configuration Manager current branch prior to 2103 are encouraged to update to a later supported version. Administrators can also disable use of automatic and manual client push installation methods to remove the risk of exposure to this issue. Refer to Support for Configuration Manager current branch versions.

    Source: CISA alert

    MSRC alert

    I’ll update the master patch list later tonight, but be aware this out of band is for a narrow band of Microsoft customers.

  • 22H2 for Windows 11 is out

    Well it’s official, 22H2 for Windows 11 is out for those who go to “check for updates”.

    I’m not sure if 22H2 is out for Windows 10 as well?

    What’s new for IT pros link

    Reduced package size link

    “With this update we’re also taking steps to improve the Windows Update experience. Windows Update is now carbon aware, making it easier for your devices to reduce carbon emissions. When devices are plugged in, turned on, connected to the Internet and regional carbon intensity data is available, Windows Update will schedule installations at specific times of the day when doing so may result in lower carbon emissions because a higher proportion of electricity is coming from lower-carbon sources on the electric grid. We’ve also made some changes to the default power setting for Sleep and Screen off to help reduce carbon emissions when PCs are idle.”

    Say what?  How about just making sure that they are bug free will ya?

  • Master Patch List as of September 13, 2022

    #PatchTuesday

    I’ve updated the Master Patch List for yesterday’s releases

    Fingers crossed we will have a quieter September than August was. Apple has several fixes you’ll want, but watch out and don’t upgrade to iOS16 quite yet.

    I’ll be keeping an eye out for issues and will be updating that spreadsheet should I seen anything trending.

    Update: 9-14-2022  Business impact only:  Group policy issue after the install of KB5017308.  See master patch list page.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master patch list for August 30, 2022

    I’ve updated the Master Patch List today for the preview releases as well as clarifying a couple of items.

    Two concerning issues are still being tracked. First audio issues in some (not a lot, but some) computers with Windows 10 KB5016616. If you are impacted, uninstall the update and put yourself back on hold. In a network setting the known issue rollback will kick in. In a consumer setting, I have yet to figure out how the chicken will fix the egg.  The Known issue rollback fix is offered up from Microsoft servers, but the code to trigger the known issue rollback (as I understand it) is only in the August and later updates.  Note that even in the preview updates, this known issue is still being tracked. I still think that the patch will be installed, some small percent may see audio issues and then the known issue rollback will kick in, make sure you reboot a day or two after installing updates, and the problem will go away, but I don’t have a system impacted to test my theory.

    The second issue has to do with Secure boot patch KB5012170 failing to install.

    If you’ve already installed KB5012170, and see no side effects, leave the patch installed and take no action.

    If you haven’t installed KB5012170, first check to see if you have bitlocker enabled. To see if you do, click on start, then on search and type in bitlocker. You will see a “manage bitlocker”. Review that bitlocker is off.  If it’s on and YOU don’t know where that recovery key is, click in this window to turn it off. You can easily turn it off from this interface.

    Note that bitlocker is not bad, in fact my Dad has bitlocker enabled on his computer because he wants to ensure that should someone break into his house and steal his computer his sensitive data won’t be stolen as well. But in some computer systems the “oobe” out of box set up sequence may turn on bitlocker and you don’t know it did, where the bitlocker recovery key is located or anything ABOUT bitlocker. This update on some systems triggers the request for a bitlocker recovery key and if you have no bloody clue….as in the case of Mike and his father-in-law “. This happened to my father-in-law’s laptop and unfortunately the recovery key was not listed in his Microsoft account. His laptop was basically ransomwared without the ability to pay the ransom (luckily his son-in-law knows a thing or two about deploying Windows).” Note I have never seen a windows patch turn on bitlocker. It gets set up via the setup process of a new computer.

    Now then put your machine on metered network connection and use the blockapatch.com tools to block KB5012170.

    Businesses: In a network setting, note that even on virtual machines KB5012170 will be offered up.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master patch list for August 9, 2022

    I’ve updated the Master Patch List tonight for today’s releases.

    So far we’re tracking some side effects with Excel patches. I’ll also have a full write up and details in Monday’s newsletter. I’m not seeing any OTHER major trending issues but it’s still a bit early. 

    Seeing issues with Outlook closing after launch in network settings. Not seeing it in standalone deployments with pop accounts.

    For those of you with Exchange servers, I’ll have a special section on concerns about this month’s updates for Microsoft’s on premises mail server.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Master Patch List for July 12, 2022 too early to patch…

    I’ve updated the Master Patch List tonight for today’s releases.

    It includes servicing stack updates for the older versions of Windows along with a security patch for Internet Explorer. Note this is not disabling Internet Explorer, merely patching it for security issues.

    It’s too early to report on any major side effects but I have seen some folks report on major Windows 11 issues after updating (see here and here) so make sure you back up your machine and have a recovery plan.  Mind you two reports is not widespread at all, but Kevin Beaumont is a security researcher who used to work for Microsoft and always has interesting observations regarding security, so seeing him have Patch Tuesday issues causes me to call it out.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Microsoft is releasing an OOB update to address Arm devices issue

    Microsoft is releasing Out-of-band (OOB) updates today to address an issue with Azure Active Directory services on Arm-based devices. These cumulative updates are available on Windows Update and other channels.

    Consumer impact:  None

    Business impact: Only needed for Arm-based devices

    Microsoft is releasing Out-of-band (OOB) security updates today, June 20, 2022, only for Arm-based Windows devices. This update addresses a known issue that only affects Windows Arm-based devices and might prevent you from signing in using Azure Active Directory (AAD). Apps and services that use AAD to sign in, such as VPN connections, Microsoft Teams, and Microsoft Outlook, might also be affected.
    Important This issue only affects Windows devices that use Arm processors. No other platforms will receive this out-of-band update. This OOB update is cumulative. We recommend that you install this OOB update instead of the June 14, 2022 security update for affected devices.
    All updates listed below are available on Windows UpdateWindows Server Update Services (WSUS), and Microsoft Update Catalog. For instructions, see the release notes for your OS listed below.

    Susan comment:  Reminder This will only offer or install on Windows Arm-based devices.

    Thus for many of us you won’t see it/you won’t care about it.

    We are still tracking an issue where Internet connection sharing /being able to surf at the same time is impacted.  No ETA of a fix at this time but Microsoft has acknowledged the issue. Also tracking issues with RRAS and VPN but not sure if something third party vpn is triggering the problem?

  • Master Patch List for June 14, 2022 too early to patch… yet

    I’ve updated the Master Patch List tonight for today’s releases.

    Key items to keep in mind – you’ll see .NET patches listed but they are not security updates. As I see issues and side effects I’ll be updating the Master Patch List page to accumulate the issues.

    … so far in my early testing I’m not seeing issues but it’s early and we normally don’t start seeing trending issues until tomorrow.

    6/15/2022 edit:  Possible wifi connectivity issues  after June patches installed on Windows 10 and Windows 11 — link here.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.