News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • MS-DEFCON 2: September – here we go again

    Posted on September 9th, 2021 at 02:45 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.35.1 • 2021-09-09

    MS-DEFCON 2

    By Susan Bradley

    It’s time to start getting ready for Windows 11.

    The countdown is on to the release of Windows 11 on October 5, and it’s the time of the month when I urge you to take actions to ensure you are ready to install updates when you want to.

    The security updates this month begin the process of introducing group policy settings to control Windows 11, as well as Intune policy settings. But never fear — we will provide you all the information you need to either avoid or embrace Windows 11, as you see fit.

    Consumer and home users

    First, and as I always recommend when we get close to the second Tuesday of the month (now infamously known as Patch Tuesday), make sure that your backup is working properly. Open whatever backup software you use, and review the log of recent actions to confirm that the backup is running and backing up as it should. At a minimum, browse your backup location to see whether the file dates in that location are recent.

    Next, decide what type of patcher you are. If you have spare machines and know you have a solid backup, you could actually be in the patcher category “Extreme” — because you let Windows install updates on its own terms and you simply review for side effects afterward. There are quite a few AskWoody Plus members who do exactly this, because they know that a good backup allows them to recover from updates, just as it protects them from ransomware.

    The next patcher category is “Deferral.” Go into Start, Settings, Update &  Security, Advanced options and choose September 28 as your deferral date, the date when you allow Windows to do its thing.

    Next? “Cautious.” For this group, I recommend the use of WUMgr to control updates. You can review how to use this tool in the forums.

    Business users

    I predict that I’ll be urging business patchers to install updates no later than September 21, 2021. For now, I don’t anticipate that Microsoft will be providing solutions to the mess that they introduced with the PrintNightmare patches, so we’re still going to have to deal with the fallout and side effects of the August updates. I’ll be recapping these known issues in the September 13 AskWoody Plus newsletter.

    We’re soon going to be adding the ability to get text alerts sent to you when the AskWoody MS-DEFCON level changes. You can follow the alert account on Twitter now, but soon you can sign up for text alerts as well. You’ll need to be an AskWoody Plus member in order to receive texts to your phone when we send out alerts; look for more information soon.

    Read the full story in the AskWoody Plus Alert 18.34.1 (2021-09-09).

  • DEFCON 2 – August updates include Print Spooler fixes

    Posted on August 10th, 2021 at 12:12 Comment on the AskWoody Lounge

    And they are out…..

    August updates include fixes for the Print spooler bug that wasn’t quite fixed last month so if you disabled the print spooler as a precaution you can re-enable it.  (1) For businesses, I’d recommend that you leave it off on your domain controllers and only turn it on machines and servers where you absolutely need it.

    I’ll be researching and reading and testing and as always more details will be in the newsletter this weekend.

    Until then:

    1. Ensure that your backup software is functional and you have a good solid backup. If you have any questions, remember to visit our forums.
    2. For those of you with spare machines, use this time to test the impact. Given that we know it’s fixing issues with the print spooler software – remember specifically to test printing and scanning.

    Resources to read:

    https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-print-spooler-printnightmare-vulnerability/

    https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug

    https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review

    Point and print driver change

    edit 8/12/2021 (1) Leave it disabled or keep your extra paranoid surfing level enabled , it’s still not fixed.

  • MS-DEFCON 2: Print Nightmare causes printing nightmares

    Posted on July 7th, 2021 at 19:20 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.25.1 • 2021-07-07

    PATCH WATCH

    MS-DEFCON Level 2

    By Susan Bradley

    Microsoft has released an emergency update for a Print Spooler vulnerability.

    Consumer and home users

    Microsoft has released an out of band update for a recent vulnerability that is being referred to as  “Print Nightmare.”

    Zebra Label printers have been impacted by this out-of-band patch. The only remedy is to uninstall the update. Because I don’t see active attacks on home users at this time, I recommend that you hold off installing this update. In fact, I’ll probably wait until the July updates come out next week before encouraging you to install any patches. Next week’s updates will include these fixes; there is no urgent need to install them right now.

    Business users

    For businesses with Active Directory, disable the print spooler service on your domain controllers.

    It only impacts “clean up jobs” for printing artifacts and I suggest keeping this service disabled going forward. Reports suggest that the patch does not fully provide all protections for networks, so it’s best to keep print spoolers disabled in the short term. More testing and evaluation is required.

    References

    Read the full story in the AskWoody Plus Newsletter 18.25.1 (2021-07-07).

  • MS-DEFCON 2: Defer Windows & Office updates to June 24

    Posted on June 4th, 2021 at 03:00 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.20.1 • 2021-06-04
    MS-DEFCON Level 2

    By Susan Bradley

    Consumer and home users

    Hopefully, you’ve taken the time to get the May updates installed.

    Before next Tuesday, be sure you are comfortable with your methodology for deferring updates. For Windows updates, I’m still a fan of the method I call “pick the date.” Go to Settings, then to Update and Security; click on Advanced options, and select Pause updates. Then use the Select date drop-down to choose the date when you’d like updates to resume. I’m suggesting June 24.

    Note that the News and Interests notification will be fully enabled in your task bar this month.

    For Office updates, open up any Office application, click on File, Office Account, Office Updates; choose Disable Updates. You can resume updates later in the month. While you have Office updates disabled, avoid opening macro-enabled files as a defense against potential ransomware threats.

    Business users

    Ransomware has been a big topic in the news this month. While doing your patch testing, continue to educate your end users about the dangers posed by simple tasks done carelessly — opening emails, transferring files, clicking on links, etc. Greater danger requires greater vigilance.

    References

    Read the full story in the AskWoody Plus Alert 18.20.1 (2021-06-04).

  • MS-DEFCON 2: Pause on patching

    Posted on May 10th, 2021 at 12:00 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.17.1 • 2021-05-10
    Susan Bradley

    By Susan Bradley

    It’s time for both business users and consumer or home users to pause Windows updates.

    Accordingly, I’m changing the AskWoody MS-DEFCON level to 2. Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Consumer and home users

    If you are a home/consumer user, I recommend two actions to ensure you do not get inadvertent updates. First, select Start, Settings, Network & Internet, and then Wi-Fi or Ethernet (whichever connection you are using). Next, click Manage known networks; click on the network that you use, click Properties, and turn on Set as metered connection. This “tricks” the computer into thinking that your Internet connection is not unlimited (i.e., you might incur charges) and thus will download patches only after you approve the process.

    The second action is picking a deferral date after May 11, when Microsoft will push out the next Patch Tuesday security releases. Click on Start, Settings, Update & Security; then click on Advanced Options. Pick a date far enough in the future to give you comfort. I always wait at least a week, usually more. I’ll be re-evaluating the update situation closer to the end of the month, but for now choosing May 28 should be safe enough.

    For those of you with an Office click-to-run (CTR) edition, I strongly recommend that you change to the semiannual channel rather than the monthly one because it will keep you from the Autocomplete bug.

    Business users

    Coming this month in the May Security releases, Microsoft will be including a new “News and Interests” taskbar item featuring items of interest to your users. Remember, if you want to proactively block it, there are registry keys and group policy to control it.

    References

    Read the full story in the AskWoody Plus Alert 18.17.1 (2021-05-10).

  • April Patch Tuesday out – Exchange once again

    Posted on April 13th, 2021 at 12:56 Comment on the AskWoody Lounge

    Patches are just coming out.
    Patch Lady

    Small business guidance up first:

    Exchange (Microsoft’s on premises mail server) has an update. This time I’m ignoring any guidance that might say “targeted attacks only” and saying – if you have on prem Exchange patch TODAY just to be safe. I totally understand that to ask any business large or small to have them take down the mail server on a business day is asking a lot, but I’m not taking chances this time with my small business peeps getting nailed.
    Patch them.
    Do it.
    Reboot that Exchange server ahead of time.
    Ensure you open a command prompt and run as admin to run the commands to update Exchange. Ensure you watch that services fully restarted after the box is rebooted.
    – CVE-2021-28480/28481 – Microsoft Exchange Server Remote Code Execution Vulnerability
    Both of these CVEs are listed at a 9.8 CVSS and have identical write-ups, so they both get listed here. Both code execution bugs are unauthenticated and require no user interaction. Since the attack vector is listed as “Network,” it is likely these bugs are wormable – at least between Exchange servers. The CVSS score for these two bugs is actually higher than the Exchange bugs exploited earlier this year. These bugs were credited to the National Security Agency. Considering the source, and considering these bugs also receive Microsoft’s highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible.
    For consumers and home users, pop that popcorn and we’re going to be in patch testing mode watching for the dead bodies. As usual the full write up will be coming up in Monday’s Plus newsletter.  Biggies to watch out for – old Edge goes, and… for how many months past October end of life for Office 2010 we are STILL patching Office 2010.
  • MS-DEFCON 2 – Deferring the April Updates

    Posted on April 11th, 2021 at 01:00 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.12.1 • 2021-04-11

    Susan Bradley

    By Susan Bradley

    Brace yourself for April updates

    It’s the time of the month to pause for updates. You will recall that the March updates were very disruptive and many of you decided to not install that round. The April releases are cumulative so you won’t have to go back and install the March updates. Instead, we’ll take a long pause to see what April brings.

    If you are a home/consumer user, I recommend two actions to ensure you do not get inadvertent updates. First, select Start, Settings, Network & Internet, and then Wi-Fi or Ethernet (whichever connection you are using). Next click Manage known networks, click on the network that you use, click Properties and turn on Set as metered connection. This “tricks” the computer into thinking that your Internet connection is not unlimited (i.e., you might incur charges) and thus will only download patches once you approve the process.

    The second action is picking a deferral date after April 13, when the next Patch Tuesday security releases will be pushed out by Microsoft. Click on Start, Settings, Update & Security, then click on Advanced Options. Pick a date far enough in the future to give you comfort. I always wait at least a week, usually more. I’ll be reevaluating the update situation closer to the end of the month, but for now choosing April 30 should be safe enough.

    Remember: For those of you running Windows 10 1909, support is coming to an end. After May 11, 2021, 1909 will not receive security updates. In accordance with prior advice, update to 20H2; 21H1 is just around the corner.

    Read the full story in the AskWoody Plus Alert 18.12.1 (2021-04-11).

  • MS-DEFCON 2 — It’s time to defer March updates

    Posted on March 8th, 2021 at 14:45 Comment on the AskWoody Lounge

    ISSUE 18.9.1 • 2021-03-08

    Logo

    Susan Bradley

    By Susan Bradley

    It’s the start of the patching week.

    We are a day away from the official start of patching season. While Microsoft started the March patching madness early, with a critical patch needed for its mail servers, we have yet to see what’s in store for those of us that merely use their Windows as workstations.

    Read the full story in the AskWoody Plus Alert 18.9.1 (2021-03-08).
    Learn more about MS-DEFCON!

  • MS-DEFCON 2: Time to make sure you are pausing Patches

    Posted on February 8th, 2021 at 19:47 Comment on the AskWoody Lounge

    It’s that time again. Tomorrow is Patch Tuesday (*) and it’s time to pause updates.

    There’s no reason to rush out updates this week.  Make sure your computer is set to pause updates or have set a date for deferred installs. If you are unsure how to do a deferral I have a post and a video with instructions. Also make sure you have a backup. I’ll be posting up a video how to next weekend.

    I’ve been warned that there is a zero day to be patched in tomorrow’s updates, but that’s all the information I have at this time. As always, visit us here and we’ll keep you informed.

    (*) Yes I realize that for some of you it’s Patch Wednesday but the ‘slang’ for the day when patches come out normally ties it to the Redmond time zone.  Patches normally start getting published around 10 to 11 a.m pacific time.

  • MS-DEFCON 2 – Get ready for January updates

    Posted on January 11th, 2021 at 10:33 Comment on the AskWoody Lounge

    Remember it’s time to prepare for January updates by delaying /or pausing updates.  Also I’m ready to give the all clear to 2004 if you want to do it before tomorrow’s patch Tuesday (or later on in the month).

    More in Computerworld.

  • MS-Defcon 2 – Here comes December

    Posted on December 8th, 2020 at 12:28 Comment on the AskWoody Lounge

    Microsoft is out with their December releases.  The blog post today focuses on something that a LOT of us complained about last month:  The lack of information that was lost in the new format.  We’ll have to see if they provide ENOUGH info this month.

    Remember the Server only fixes Kerberos that were in those out of band Catalog update only patches are included in the December releases.

    My biggest surprise?

    WHY are we still getting Office 2010 updates when it is officially out of support as of October 2020?

    More in ComputerWorld.   Full patch lists coming this weekend in the newsletter.  In the meantime what are your experiences?  Stay tuned.

     

  • MS-Defcon 2 – Get ready to pause for Dec

    Posted on December 1st, 2020 at 12:20 Comment on the AskWoody Lounge

    It’s time to put the pause (or defer) for your updates.  It’s the first Tuesday of the month and non security Office updates are out – PK has them listed here.

    More in Computerworld!