News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • MS-DEFCON 3: We’re not out of the printing woods yet

    Posted on November 23rd, 2021 at 02:45 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.45.1 • 2021-11-22

    MS-DEFCON 3

    By Susan Bradley

    The big news last week was Microsoft’s finally releasing Windows 10 version 21H2 and aligning the Windows 10 and Windows 11 annual feature release cadence.

    Changing the feature release cadence for Windows to an annual schedule is long overdue. From the first moment Microsoft announced that Windows 10 feature updates would be released on a semiannual basis, I’ve felt that the constant release process was too often, too fast. It’s good to see Microsoft finally listening to the feedback. Granted, it was pushed into this decision by the release of Windows 11, but I’ll take the win nonetheless.

    Now that 21H2 is officially out, I recommend sticking with 21H1 for the moment. That said, 21H2 will be a relatively easy and fast update with very few side effects. But I’m a cautious patcher and never install feature releases during the first week they are out.

    As November comes to a close, it’s again time to evaluate whether you can perform the basic process we all call “printing.” I discussed the annoyance of these constant and seemingly intractable printing problems in yesterday’s On Security column. The ongoing issues with printing force me, once again, to set our MS-DEFCON status at level 3. Exercise caution.

    Consumer and home users

    If you install the updates for November and can still print, pat yourself on the back and relax until next month. If you are still having issues with printing, I recommend installing the preview updates listed in the Master Patch list.

    For certain shared printers in peer-to-peer networks, we are still seeing issues triggered by the November 9 updates. While Microsoft has released out-of-band updates for authentication issues, they have not put the same priority on printing issues triggered by the updates.

    Business users

    Already, we’ve seen the out-of-band update KB5008602 to fix a known issue triggered on domain controllers and single sign-on that might cause authentication failures related to Kerberos tickets you acquired from Service for User to Self (S4U2self). This issue occurs after you install the November 9, 2021, security updates on domain controllers (DCs) that are running Windows Server, and you need to install this update on your domain controllers to fix this issue.

    References

    Read the full story in the AskWoody Plus Alert 18.45.1 (2021-11-22).

  • MS-DEFCON 3: Ready or not, it’s time to update

    Posted on October 26th, 2021 at 02:45 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.41.1 • 2021-10-26

    MS-DEFCON 3

    By Susan Bradley

    It’s not exactly an all-clear.

    Normally, this is the time in the update cycle when I give an all-clear. It’s when most, if not all, of the side effects of patches have been identified.

    This month, unfortunately, there are still issues. However, that doesn’t mean I don’t want you to install updates. Even though there are documented problems with network printing after the October updates, they are not widespread.

    Many system administrators report that printing problems most often occur when the operating system of the server hosting the print server is older — and possibly unpatched — while the workstations are newer platforms that are patched. Therefore, after installing the updates in your peer-to-peer network, Make testing printing your first step. If you can print, leave the updates installed and pat yourself on the back — you survived October.

    If you are impacted by the October updates and do have printing issues, consider your situation carefully before you uninstall and block updates. There are several vulnerabilities included in the October updates, one of which, CVE-2021-40449, has been used in targeted malware attacks to elevate privileges on a system. My ongoing philosophy is that when the risk of being unpatched is higher than the risk of applying a patch, it’s time to install updates. I also don’t want to go a month without installing an update unless the reasons for doing so are very clear.

    I’ve installed the October updates at my home and office, including a collection of Ricoh network printers as well as stand-alone Brother, HP, Lexmark, and Canon printers (black-and-white as well as color printers). I’ve had no issues printing after installing the October updates, whether at home or office. I have mixtures of server operating systems including Server 2019, Server 2016, and Server 2012 R2 as well as Windows 10, plus a Windows 7 system under extended security patches. In short, just because you read in the headlines that we’re seeing printing issues doesn’t mean that you will have issues.

    Consumer and home users

    For those of you in a home setting, install updates now and immediately test for printing issues. My best guess is that you’ll be fine, with no problems. As mentioned above, everything is good at my house.

    Business users

    I’m sorry to say that business users must not be so sanguine — you are more likely to experience problems. If you do, there are several options. The first (which I’d rather you not do) is to uninstall the updates and block them (pause updates) until next month. The second is to install one of the preview updates that Microsoft will be releasing soon, especially if you are having issues deploying printers using Internet Printing Protocol. Microsoft has already released KB5006744 for Windows 10 1809, which includes a fix for:

    Addresses a known issue that might prevent the successful installation of printers using the Internet Printing Protocol (IPP).

    This month, there’s no clear resolution. You may have no issues at all with the October updates. You may have issues printing. If you are required to patch, and you end up having issues printing, I’d urge you to install the preview updates that I’ll be listing in the Master Patch List. If that doesn’t work, ensure that you understand the risks involved in not being patched this month.

    *Edit 10/26/2021 – Microsoft released KB5006738 for 21H1, 20H2 and 2004. It includes printing fixes that may help the issue. If you are impacted, install it and see if it helps.

    Bottom line: install the updates, see whether you can print. If you can, pat yourself on the back. If you can’t, prepare yourself for a bit of testing and hassle.

    References

    Read the full story in the AskWoody Plus Alert 18.41.1 (2021-10-26).

  • The ides of March

    Posted on March 29th, 2021 at 06:09 Comment on the AskWoody Lounge

    To patch or not to patch this month…. that is the question I attempt to answer this week in ComputerWorld.

    Printers side effects were the big issue (and still are) this month.

    (note that I’m going to have to reach out to the ComputerWorld editors… they missed part of the post I sent them…)

    It’s supposed to read:

    So for Windows 10 2004 or 20H2 you need to skip the updates released on March 9th and instead jump over to the March 18th update of KB5001649. It should be offered up to you as an optional update, or you can download it from the Catalog site. Because Windows 10 updates are cumulative you only need the one update (the third and final update Microsoft released this month).

    For Windows 10 1909, you need KB5001648. Once again it should be offered up to you as an optional update if you go to the Windows update interface or you can download it from the Catalog site like 2004/20H2 handles it’s updating, 1909 is cumulative.

    For Windows 8.1 the process is slightly different as the fixing patches are not cumulative. This time the updates are not documented on the Windows 8.1 history page but can be found if you dig into the 8.1 health release dashboard. On Windows 8.1 you need to install both the original update from March 9th of KB5000848 AND the fix up patch of KB5001640. These are not offered up as optional updates and you must download KB5001640 from the catalog site.

    Windows 7 is similar to Windows 8.1 in not having a cumulative update patch to fix it’s printing issues. After you install the original security only update of KB5000851 or the monthly rollup of KB5000841 (which includes security updates) is fixed by KB5001639 which is only available from the Catalog site.  So for these platforms you need to install two updates just like 8.1.

  • MS-DEFCON 3: Patching is unclear

    Posted on March 26th, 2021 at 01:00 Comment on the AskWoody Lounge
    AskWoody Plus Alert Logo
    ISSUE 18.11.1 • 2021-03-26
    Susan Bradley

    By Susan Bradley

    Proceed with caution.

    I’m separating my patching guidance into two categories: one for business users and one for consumer or home users. And I’m lowering our MS-DEFCON level to 3. We’re not out of the March woods yet, but things are a bit better.

    Read the full story in the AskWoody Plus Alert 18.11.1 (2021-03-26).

  • MS-DEFCON 3: Get the October patches installed

    Posted on October 29th, 2020 at 23:49 Comment on the AskWoody Lounge

    We’re seeing some funny business with the ancillary patches this month, but the mainstream Windows cumulative updates and Office patches look good to go.

    Big question is whether you want to upgrade from Win10 version 1909 to version 2004. I have a few observations. Bottom line: Susan Bradley has upgraded her 1909 machines to 2004. I’m still sitting on a fence. Really, there’s exactly nothing in 2004 that most people will want.

    Step-by-step details in Computerworld Woody on Windows.

  • MS-DEFCON 3: There are some oddities, but it’s time to install the July 2020 patches

    Posted on July 31st, 2020 at 10:23 Comment on the AskWoody Lounge

    Looks like Microsoft’s fixed the bugs that it introduced this month. It’s time to get the July patches installed.

    There’s one potential oddity — you may get the .NET Framework Preview installed on Windows 10 version 1903 or 1909 — but I don’t see any reported bugs in that (unwanted!) patch.

    Step-by-step details in Computerworld Woody on Windows.

  • MS-DEFCON 3: Time to get the June patches installed

    Posted on July 8th, 2020 at 08:19 Comment on the AskWoody Lounge

    Looks like the patching scene has stabilized sufficiently to go ahead with the June patches.

    Some of the bugs have been ironed out. Others can be fixed if you know what happened, and how to get the antidotes installed.

    I’m moving to MS-DEFCON 3: Get Windows and Office patches installed, but watch out for the bugs.

    (No, that doesn’t include yesterday’s Office non-security patches. Nobody needs those. They’ll come back around soon enough.)

    Step-by-step details in Computerworld Woody on Windows.

  • MS-DEFCON 3: Time to get Windows and Office patches up-to-date

    Posted on May 7th, 2020 at 08:56 Comment on the AskWoody Lounge

    For those of you new to this particular piece of AskWoody arcana…

    Every month, I recommend that people pause Windows updating long enough to make sure there aren’t any real stinkers in the Patch Tuesday bunch. That sets up an ongoing tug-of-war. On the one hand, there are inevitable problems with all of the patches. Every month. On the other hand, there’s an ongoing threat that some miscreant will use the patched security holes to make new malware.

    I watch both sides incessantly and try to come up with solid patching recommendations. Been doing it for 14 years.

    You can read about my general approach in a Computerworld article, The case against knee-jerk installation of Windows patches. The AskWoody site has details about the MS-DEFCON system, which I’ve used for years to give normal Windows users a red-light/green-light signal about installing patches. (Very advanced Windows users and admins in charge of many systems are better off following Susan Bradley’s Master Patch List.) Whenever there’s a change in the MS-DEFCON level, I publish detailed, step-by-step instructions in Computerworld.

    Every month, there comes a time when – in my opinion – it’s better to install the (possibly modified) patches than leave the month’s round of patches uninstalled. We’ve just reached such a point. I figure we know enough about the problems at hand to help people who get socked by this month’s patches — and the malware cretins are close enough that it’s time to put the shields up.

    We’re now at MS-DEFCON 3: Go ahead and patch, but watch out for potential problems.

    Details in Computerworld Woody on Windows.

    (Yes, it’s true, my main machines are all on Win10 version 1909. Test machines run other versions and, of course, the Seven Semper Fi machine runs bone-stock Win7. See the Computerworld article.)

  • MS-DEFCON 3: Get the March 2020 patches installed

    Posted on April 1st, 2020 at 09:32 Comment on the AskWoody Lounge

    It’s been a strange patching month, with a Patch Tuesday, a Patch Thursday, the usual buggy “optional, non-security C/D Week” patch, a bonus fix for a bug introduced in late February’s patch, and a warning (with no patch) about yet another bad-font fallibility.

    There are several known bugs, but they all have reasonably well-known workarounds.

    Anyway, now’s a good time to make sure you have the March patches installed. Full instructions in Computerworld Woody on Windows.

  • MS-DEFCON 3: Get the February patches installed

    Posted on February 28th, 2020 at 13:49 Comment on the AskWoody Lounge

    The “disappearing desktop” temporary profile bug is still in the February cumulative update for Win10 version 1903 and 1909. Looks like the bug’s in the “optional, non-security, C/D Week” update, too. Nonetheless, we’ve seen a lot of reports of problems, and they all appear to be solvable.

    So it’s with some trepidation that I’m moving us to MS-DEFCON 3. You should get the Feb patches installed. (NOT the “optional, non-security, C/D Week patch, of course.)

    As an added surprise… I’m moving my production machines to Win10 version 1909. It looks like the File Explorer Search bug was fixed in the regular Cumulative Update — and I don’t see any persistent bugs in 1909 that aren’t also in 1903.

    Details in Computerworld Woody on Windows.

  • MS-DEFCON 3: No rush, but you should get the January Patch Tuesday patches installed

    Posted on January 24th, 2020 at 14:55 Comment on the AskWoody Lounge

    Usually I wait until near the end of the month before giving the all-clear to install Microsoft’s Patch Tuesday patches.

    This month’s different.

    On the one hand, this month’s patches look pretty darn clean. Part of the reason for our good fortune, I’m convinced, is that we haven’t had any non-security patches since October.

    On the other hand, there’s the looming threat of CurveBall — the CVE-2020-0601 security hole advertised by the NSA. I don’t think CurveBall will hit the mainstream any time soon, but ya never know.

    Putting those together, and I figure now’s a good time for normal folks to get their machines patched.

    I’m only moving to MS-DEFCON 3 this month because it’s still very early in the crowdsourced bug catching phase. If you hit a problem with a patch, let us know loud and clear! But get patched.

    Full step-by-step details in Computerworld Woody on Windows.

    UPDATE: If you’re having installation problems with the Win10 1903 and 1909 cumulative updates, it may be caused by a missing Connect app. See Günter Born’s post.

  • MS-DEFCON 3: Get your September patches installed — but stick to the mainstream patches

    Posted on October 2nd, 2019 at 11:28 Comment on the AskWoody Lounge

    Lots of people will tell you that you need to install strange (very strange!) patches to protect yourself from the “Exploited: Yes” zero day patch for CVE-2019-1367. I say meh. Stick to this month’s normally distributed patches and you’ll be OK.

    Details and step-by-step instructions in Computerworld Woody on Windows.