Newsletter Archives

  • Master Patch list updated as of January 10, 2023

    Posted on January 12, 2023 at 11:57 CST by Comment in the Forums

    #PatchTuesday #DeadBodyWedneday #KeepaneyeoutforissuesThursday

    Consumers:  Defer updates at this time.

    I’ve updated the Master Patch List for Tuesday’s releases.

    It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

    For businesses, the impact to look out for and keep an eye on are any Exchange on premises server you are still patching.

    As a reminder

    • Windows 11 22H2: Not recommended
    • Windows 11 21H2: If you have a Windows 11 PC, recommended
    • Windows 10 22H2: Recommended
    • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
    • Apple Ventura – tentative. Check with the applications you rely on if they recommend this release.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    Apple, Windows Security ,

  • Master Patch List as of December 13, 2022

    Posted on December 14, 2022 at 15:50 CST by Comment in the Forums
    MS-DEFCON 2

    #PatchTuesday

    Business patchers:  Microsoft has indicated that they fixed the memory issue with the LSASS patch but still waiting for community confirmation.

    Consumers:  Defer updates at this time.  The secure boot patch KB5012170 has been released to apply to Windows 10 and 11 22H2 so be sure to defer it as well.

    I’ve updated the Master Patch List for Tuesday’s releases.

    It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

    For businesses, the impact to look out for and keep an eye on are the Kerberos related patches.  Microsoft has indicated that the memory leak issues introduced in last month’s Kerberos updates have been fixed but I am still waiting for community confirmation.

    As a reminder

    • Windows 11 22H2: Not recommended
    • Windows 11 21H2: If you have a Windows 11 PC, recommended
    • Windows 10 22H2: Recommended
    • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    Apple, Windows Security ,

  • MS-DEFCON 3: Side effect with Domain patch

    Posted on November 25, 2022 at 15:51 CST by Comment in the Forums

    alert banner

    Special alert

    MS-DEFCON 3

    By Susan Bradley

    November Domain controller update leads to memory leak

    Business patchers only:  Microsoft has posted up a known side effect introduced by the November updates applied to domain controllers.

    As they note in their health release: (with my slight edits for clarification)

    After installing November or later updates on Domain Controllers (DCs), you might experience a memory leak with Local Security Authority Subsystem Service (LSASS,exe). Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart. Note: The out-of-band updates for DCs released November 17, 2022 and November 18, 2022 do not fix the issue and are also affected by this issue.

    Workaround one if you can remove the patch: Uninstall the November 8th updates and out of band updates that are listed here.

    Workaround two if you are mandated to keep the patch installed: To mitigate this issue, open Command Prompt as Administrator and use the following command to set the registry key KrbtgtFullPacSignature to 0:

    • reg add “HKLM\System\CurrentControlSet\services\KDC” -v “KrbtgtFullPacSignature” -d 0 -t REG_DWORD

    Note that this ONLY impacts business patchers and does NOT impact consumers.

    AskWoody Plus Alert, MS-DEFCON , ,

  • Business patchers alert: Out of band patch expected to fix Domain controller issues

    Posted on November 17, 2022 at 11:10 CST by Comment in the Forums

    What is it?  A heads up to business patchers.

    Does it impact consumers?  No. This is only an issue being seen on domain controllers 

    What is it about?  In the November 8th updates (which I haven’t approved yet) installing the updates on your domain controllers could cause authentication issues.

    There will be an out of band update released later on this week to fix issues caused by the November updates on domain controllers.

    If you have been impacted by these updates and have had to roll back the patches on your domain controllers, hang tight.  Help is on the way.  I will update the Master Patch list once this update has been released.

    See also KB5021131 and KB5020805

    Update: Out of band released

    Microsoft is releasing Out-of-band (OOB) security updates today, November 17, 2022 for installation on all the Domain Controllers (DCs) in affected environments. This update addresses a known issue which might cause sign in failures or other Kerberos authentication issues. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.
    To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update CatalogNote The below updates are not available from Windows Update and will not install automatically.
    Cumulative updates:
    Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
    Standalone Updates:
    Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of November 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released November 8, 2022 to receive the quality updates for November 2022. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
    Windows Security ,

  • Master Patch List as of November 8, 2022

    Posted on November 10, 2022 at 01:27 CST by Comment in the Forums

    #PatchTuesday

    I’ve updated the Master Patch List for Tuesday’s releases.

    It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

    For businesses, the impact to look out for and keep an eye on are the Kerberos related patches.  Already seeing potential issues reported “but we’re seeing reports where certain auths are failing when users have their msDS-SupportedEncryptionTypes attribute explicitly being set to AES only (decimal 24, hex 0x18).”  You may want to do a specific query on your domain controllers to see if you will see impacted — see this KB. Bottom line, be sure you do tests and be aware of authentication issues.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    Windows Security ,

  • Master patch list updated for out of band

    Posted on October 29, 2022 at 12:45 CDT by Comment in the Forums

    Patch Lady Master patch list is being updated AGAIN for an “out of band” release for Windows 10 21H2 to fix an issue with OneDrive. KB5020953 for Windows 10 was released as an “out of band” to fix the issue.  It’s unclear if there will be additional out of band releases for the other platforms to fix this issue. It does not appear to be occuring on Windows 11 platform, only Windows 10.  You’ll need to go to the catalog site to find the exact version you’ll need for your Windows 10 versions.

    • It addresses an issue that causes Microsoft OneDrive to stop working. This occurs after you unlink your device, stop syncing, or sign out of your account.

    Also be aware of an issue that some might see in business deployments where you reuse computer accounts.  See KB5020276. Note this does NOT impact home users.

    Apple, Windows Security ,

  • Master Patch List as of October 25, 2022

    Posted on October 26, 2022 at 00:16 CDT by Comment in the Forums

    #PatchTuesday

    I’ve updated the Master Patch List which now matches the guidance in the alert released today.

    You will note that I recommend that you defer at least temporarily the big releases that Apple came out with yesterday. You’ll want to hold off a bit and ensure there are no major issues.

    I have given the “install” for the major updates released on October 11.  I do not recommend either the Windows 10 22H2 (minor update) or Windows 11 22H2 (larger upgrade).

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    Apple, Windows Security ,

  • Windows 10 22H2 is out along with “Moments” for Windows 11

    Posted on October 18, 2022 at 12:20 CDT by Comment in the Forums

    Microsoft has just posted that Windows 10 22H2 is now out for “seekers” who manually “check for updates”  Remember if you want to stay at a certain feature release you can use group policy or registry keys here.  Folks behind WSUS or other managed patching won’t be pushed this.

    Next the first “Moment” release is out for Windows 11.  Tabbed file explorer is included.  As I suspected these are included in the optional non security releases and will be rolled out to all next month in the cumulative patches

    “These new features and experiences will start to become available today in an optional non-security preview release and a phased rollout via our servicing technology and new apps via Microsoft Store updates5, ensuring you can take advantage of the latest Windows experiences as these new features are ready. The new features will be made broadly available to all editions of Windows 11, version 22H2 in the November 2022 security update release.”

    What isn’t detailed is how you can control these – especially if you are a business other than not installing the patch?  I’ll be asking around to see what’s up.

    AND updating the Master patch list AGAIN tonight.

    Windows News ,

  • Master patch list as of October 17, 2022

    Posted on October 17, 2022 at 19:50 CDT by Comment in the Forums

    #PatchTuesday

    I’ve updated the Master Patch List for today’s out of band release

    Microsoft released an “out of band” that is on the Microsoft Catalog site for Windows 10 and 11 releases only for issues with SSL and TLS.  It’s due to new behavior introduced after the September optional updates rolled into the October cumulative/security updates. See https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e 

    I noted in the newsletter that side effects may be seen on older applications (for example Citrix Workspace does not connect after October 2022 update) so you may wish to see if this out of band update will help.

    Consumer impact:  Not seeing issues with this on consumer devices.

    Business impact:  May see issues with older applications.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    Windows Security , ,

  • Master Patch List as of October 11, 2022

    Posted on October 12, 2022 at 22:23 CDT by Comment in the Forums

    #PatchTuesday

    I’ve updated the Master Patch List for yesterday’s releases

    I’ll be keeping an eye out for issues and will be updating that page and spreadsheet should I seen anything trending.

    Not seeing anything in my personal home testing for consumer/home issues

    Business impact only:  Group policy issue after the install of October releases (same issue as last month).  See master patch list page.

    2012 R2 server OS only – seeing Internet explorer/access is denied in the event log

    TLS1.0/1.1 is only disabled on Windows 10 and Server 2019 this patch. 2016 retains it and Windows 11/ Server 2022 already have it disabled by default.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

    Uncategorized , ,

  • Microsoft email zero day

    Posted on September 30, 2022 at 11:05 CDT by Comment in the Forums

    What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already fully patched.

    If we have online email with Microsoft, are we at risk?  No.

    Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

    If you are an Exchange admin and need help, pile on here

    (note I am sending this out as a defcon text alert but not an email alert)

    Follow the guidance in the MSRC post to protect your on premise email servers:

    The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns

    Note:

    If you don’t run Microsoft Exchange on premise, and don’t have Outlook Web App facing the internet, you are not impacted.

    MS-DEFCON , , ,

  • Microsoft Endpoint Configuration Manager out of band

    Posted on September 22, 2022 at 10:25 CDT by Comment in the Forums

    What is it? There is an out of band security update for Microsoft Endpoint Configuration Manager. This is a business only tool used to manage computers.

    What’s the risk? An attacker could exploit this vulnerability to obtain sensitive information. It’s a spoofing vulnerability.

    Does it impact consumers or home users?  No.

    Does it impact businesses who only use WSUS or only Intune or even those who have standalone Windows 10 or 11 computers?  No. This is only for those customers running Config manager a separate standalone management tool.

    How can you get the patch?  “The update – KB 15498768 – will be listed in the Updates and Servicing node of the Configuration Manager console for customers running Microsoft Endpoint Configuration Manager, versions 2103 – 2207.

    Environments using versions of Configuration Manager current branch prior to 2103 are encouraged to update to a later supported version. Administrators can also disable use of automatic and manual client push installation methods to remove the risk of exposure to this issue. Refer to Support for Configuration Manager current branch versions.

    Source: CISA alert

    MSRC alert

    I’ll update the master patch list later tonight, but be aware this out of band is for a narrow band of Microsoft customers.

    Windows Security ,
  • « Older Entries
    Newer Entries »
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    October 2023
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.