Newsletter Archives

  • MS-DEFCON 4: Patching weather is clearing

    alert banner

    ISSUE 20.04.1 • 2023-01-24
    MS-DEFCON 2

    By Susan Bradley

    In general, the January updates have been well behaved.

    So far, I’m not seeing any trending issues with them; accordingly, I’m lowering the MS-DEFCON level to 4. But that’s not to say we haven’t seen some other issues related to other types of updates. In addition to describing those, I’ll discuss a vulnerability in a part of your computer you may never think about.

    Two issues recently impacted Start menus and shortcuts but were unrelated to one another.

    Anyone can read the full MS-DEFCON Alert (20.04.1, 2023-01-24).

  • MS-DEFCON 4: Install or defer updates? Your choice.

    alert banner

    ISSUE 19.43.1 • 2022-10-25
    MS-DEFCON 4

    By Susan Bradley

    I’ve got a slightly mixed message about the latest round of updates.

    In the most general terms, updates this month have proven safe and unlikely to cause many problems. It is for that reason I am lowering the MS-DEFCON level to 4. But there’s a grain of salt to go along with that recommendation.

    I continue to recommend that you not install the feature-release updates for Windows 10 or Windows 11 version 22H2. But I do recommend that you allow the rest of the updates to install. That’s the mixed message.

    Anyone can read the full MS-DEFCON Alert (19.43.1, 2022-10-25).

  • MS-DEFCON 4: A well-behaved September

    alert banner

    ISSUE 19.39.1 • 2022-09-27
    MS-DEFCON 4

    By Susan Bradley

    September updates have few side effects.

    It’s always nice when the monthly update process is calm, with no storms. But due to a few snags, the best I can do is lower the MS-DEFCON level to 4.

    These side effects are limited to issues seen in businesses; we ordinary, consumer mortals are not much affected.

    Anyone can read the full MS-DEFCON Alert (19.39.1, 2022-09-27).

  • MS-DEFCON 4: July updates make some hot and bothered

    alert banner

    ISSUE 19.30.1 • 2022-07-26
    MS-DEFCON 4

    By Susan Bradley

    Access bugs ruin a quiet July, but we can still lower MS-DEFCON to 4.

    To any reader of this alert who is sweltering in a heat wave, my sincere condolences. I can slightly relate, as I’m having the normal July heat wave in my neck of the woods.

    The big difference is that my area of the country is used to this weather. Thus I’m inside an air-conditioned home, remotely accessing office workstations and servers to perform the monthly maintenance tasks while some of you are … well … just really hot and really uncomfortable. Fortunately for us, this month’s Windows and Office updates were mostly well behaved.

    Anyone can read the full MS-DEFCON Alert (19.30.1, 2022-07-25).

  • MS-DEFCON 4: A mixed bag for May

    alert banner

    ISSUE 19.21.1 • 2022-05-24
    MS-DEFCON 4

    By Susan Bradley

    Good news! Most consumer and home users should be just fine after installing this month’s updates.

    I’m not seeing any major, trending issues with patches for the bulk of users, so I’m lowering the MS-DEFCON level to 4.

    But there’s a “but”: I’m still seeing some corner-case oddities and just can’t quite put my finger on the root cause. For example, reader Ray G reports:

    … after the updates are installed, I still have a black screen and have to wait for about 5 minutes for the desktop to appear.

    Anyone can read the full MS-DEFCON Alert (19.21.1, 2022-05-24).

  • MS-DEFCON 4: Protect yourself with patches

    alert banner

    ISSUE 19.17.1 • 2022-04-26

    MS-DEFCON 4

    By Susan Bradley

    I’ve been holding my breath.

    For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

    CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

    Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  • MS-DEFCON 4: March madness? Mostly quiet

    alert banner

    ISSUE 19.12.1 • 2022-03-22

    MS-DEFCON 4

    By Susan Bradley

    For the majority of computer users, it’s time to get the updates rolled out.

    I’m tracking some issues this month, but not so many as for a typical March. Thus I’m lowering the MS-DEFCON level to 4.

    An unusual occurrence is a problem with a Windows 8.1 update.

    Anyone can read the full AskWoody Plus Alert 19.12.1 (2022-03-22).

  • Closing out January

    Patch Lady
    It’s nearly the end of the month and it’s time to recap and review our computer systems for the month. Updates have been disruptive this month to say the least.

    For those of you that are not Plus members, one of the key items I work on and update several times during the month is the “Master patch list”. In it I recap the updates released during the month and track if you should – or should not – install the updates.  I place the listing on an Excel spreadsheet and also save it in csv, pdf and html formats. For those of you that would like a sneak peak, you can see it hereNote I’ve opened it up for a sneak peek at the end of the month for your use and review for anyone – plus member or not – given that this has been a rough month.

    For those of you that are Plus members, remember that I update the spreadsheet on a regular basis and post additional notes on this page. (Plus members only)

    Currently we also send out an alert that gets emailed when we change the MS-DEFCON and alert you to patching issues. In addition, there is a twitter account you can follow as well as sign up for text alerts.

    Question for those that follow the twitter account and the blog?  Would you want me to post a new post when I update the Master Patch Listing?  I don’t want to send out an email or an alert as we reserve those actions for the newsletters and the MS-DEFCON alerts, but I can certainly put a note here so that you know when it’s updated. Please let me know in the comment section as to your preferences!

     

     

  • MS-DEFCON 4: A very complicated patching month

    AskWoody Plus Alert Logo
    ISSUE 19.04.1 • 2022-01-25

    MS-DEFCON 4

    By Susan Bradley

    Thanks, Microsoft, for a very messy January.

    This month will be somewhat convoluted for patching, due to the high number of side effects. To make it worse and more complicated, Microsoft has left it up to us to figure out what to install — rather than pushing out the fixed updates via Windows Update or WSUS. The side effects for those with servers are extreme. In some cases, you’ll need to install two updates before rebooting the servers you manage to successfully patch this month.

    I’m lowering the MS-DEFCON level to 4 in spite of these difficulties, but business users must be cautious.

    Anyone can read the full AskWoody Plus Alert 19.04.1 (2022-01-25).

  • MS-DEFCON 4: The printing issues continue

    AskWoody Plus Alert Logo
    ISSUE 18.37.1 • 2021-09-28

    MS-DEFCON 4

    By Susan Bradley

    Printing or security — you decide

    We’re back to reasonable levels of safety and of understanding the nature of recent updates, so I’m recommending the resumption of update installation — but not without some major caveats. Sadly, there are still some side effects with printing, which is getting to be an annoying trend. It’s been months now.

    These updates also include new and expanded categories plus registry keys that allow you to officially defer Windows 11 and then choose to push off the upcoming 21H2 release. More about that later.

    Consumer and home users

    I haven’t seen printing problems with directly attached printers, the most likely scenario for home users. Therefore, I recommend applying the September updates now. The reason is that this month’s updates include expanded sections to choose various versions of Windows 10 or Windows 11 and specifically block what you don’t want.

    For those of you on Windows 10 Professional, after installing the September updates you’ll be able to click on the search box and type in “edit group policy.” Next, scroll down to Computer Configuration, Administrative Templates, Windows Components, Windows Update, and Windows Update for Business. Find the setting for Select the target Feature Update version. Click on Enabled, fill in the product version in the first box (“Windows 10”), and then the feature release version you want to keep.

    Of course, Windows 10 Home can’t do group policy. Instead, use registry keys to defer Windows 11 and stay on the version of Windows 10 you want. You’ll be adding a value under

    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    Manually add the values “TargetReleaseVersion”=dword:00000001, “ProductVersion”=”Windows 10”, and “TargetReleaseVersionInfo”=”21H1”.

    I’ve made it easier for you by including links to download these registry keys. If you want to stay on 21H1, click on this link and install it on your system. If you plan to let your machine upgrade to 21H2, click on this link. And if you leave the setting alone and do nothing, and your computer does not have the hardware capabilities for Windows 11, you will not be offered the upgrade. If you do have hardware that can handle Windows 11, you’ll be offered — but not pushed to — Windows 11.

    Business users

    First the good news: Microsoft has finally acknowledged what we’ve known for weeks now — its updates trigger issues if your users do not have administrator rights. The bad news is that it hasn’t yet acknowledged the issues we’ve seen this month, nor are any fixes planned. Microsoft will only urge us to

    Verify that you are using the latest drivers for all your printing devices and where possible, use the same version of the print driver on the print client and print server.

    Microsoft indicates that the trigger is

    … caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file.

    But here’s the problem: We never installed a newer driver on the server. We did nothing but install the software update to the server. I know that many of these notifications are triggered by the use of v3 (older) printer drivers versus v4 printer drivers. If you cannot upgrade to v4 drivers, you have a couple of options to “re-push” out drivers to fix this issue.

    Unfortunately, in this era of cumulative updates you can’t break out the parts of the update you want from the parts you don’t want. So if you don’t install this update this month, you put your business at risk from MSHTML-based ransomware attacks (CVE-2021-40444).  If you make the decision to not install these updates, make sure you use the registry keys I wrote about earlier to block the MSHTML vulnerabilities. Don’t go unpatched and unprotected.

    References

    Read the full story in the AskWoody Plus Alert 18.37.1 (2021-09-28).

  • MS-DEFCON 4: All clear for consumers, less so for businesses

    AskWoody Plus Alert Logo
    ISSUE 18.32.1 • 2021-08-25

    MS-DEFCON 4

    By Susan Bradley

    This month has been a bit bumpy for business users needing to print.

    This month’s change to a technology called “Point and Print” has triggered side effects for information technology professionals who deployed workstations without administrator rights.

    Although I’m reluctantly recommending installing these updates, because you need to be protected from all the other vulnerabilities this month, I must acknowledge that even after you patch, you still won’t be protected from printer vulnerabilities. There is yet another Print Spooler issue out there. Right now, the only way you can protect yourself from the remote Print Spooler attack described by CVE-2021-36958 is to keep your Print Spooler service disabled unless it is absolutely needed.

    Consumer and home users

    Install the August updates. In a change to my past update recommendations regarding .NET, I now recommend installing the .NET updates as well. For the last year, I’ve not experienced any side effects with the nonsecurity .NET updates and feel confident about their safety.

    I’ve also not been tracking any side effects with Chromebook 92 after its release on August 2. Unlike last month, there’s been no need to roll back this version.

    Business users

    For those of you in charge of business patching, there’s no good resolution for the side effects of the August updates, not to mention the risks of the unpatched Print Spooler vulnerability. If you deploy print drivers using group policy and your users do not have administrator rights, they are being prompted to install a printer-driver update even though the printer driver has not changed — the only thing that has occurred is that the patch was installed. You can deploy a registry key to

    HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

    with the name RestrictDriverInstallationToAdministrators and a DWord value of 0, but unfortunately, this opens up your workstations to attack. It’s not a good solution.

    The root cause appears to be v3 versions of printer drivers. In the short term, I recommend several possible solutions.

    • Temporarily allow administrator rights via group policy to allow your end users to install the updated print driver, and then revert them back to non administrator rights.
    • Use the registry key workaround (above) that will allow printer drivers to be installed, with full knowledge that this opens your machine up to attack.
    • Review the printer drivers you have installed and ensure that they are v4 and not earlier versions.

    References

    Read the full story in the AskWoody Plus Alert 18.32.1 (2021-08-25).

  • MS-DEFCON 4: Get those June updates installed

    AskWoody Plus Alert Logo
    ISSUE 18.23.1 • 2021-06-24
    MS-DEFCON 4: Get those June updates installed

    MS-DEFCON 4

    By Susan Bradley

    It’s time to deal with “News and Interests.”

    Consumer and home users

    If you’ve been procrastinating with the June updates so you didn’t have to deal with the new “News and Interests” feature and its side effects, the time has come.

    Microsoft has released KB5003698 to fix issues with blurry images in 1909 for Enterprise. Windows 10 2004/20H2 and 21H1 received KB5003690 to fix the blurry text on the News and Interests button for some screen resolutions. KB5003690 also fixes a problem with search box graphics on the Windows taskbar, which occurs if you right-click the taskbar and turn off News and Interests. This graphics issue is especially visible when using dark mode. If it is a problem for you, install this optional update.

    There are other issues to work out, such as interactions with the desktop if you are using Classic Shell or other menu programs. AskWoody readers have noted cases in which sign in to customize the news selections did not work. If you have problems with the News and interests feature, try setting it to icons only instead of icons and text.

    For Office updates, open up any Office software application, click on File, Account, Office Updates, and enable updates. Then click on Update Now to trigger their installation.

    Business users

    This month’s releases showcase that timing is everything. If you apply updates to workstations before applying them to servers and then attempt to use remote event-log tools, you will find that you cannot access the event logs. As noted by Microsoft, affected apps are using certain legacy Event Logging APIs. Ensure that you apply the updates for both workstations and servers before attempting to use such software.

    References

    Read the full story in the AskWoody Plus Alert 18.23.1 (2021-06-24).