Newsletter Archives

  • MS-DEFCON 4: Protect yourself with patches

    alert banner

    ISSUE 19.17.1 • 2022-04-26

    MS-DEFCON 4

    By Susan Bradley

    I’ve been holding my breath.

    For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

    CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

    Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  • MS-DEFCON 4: March madness? Mostly quiet

    alert banner

    ISSUE 19.12.1 • 2022-03-22

    MS-DEFCON 4

    By Susan Bradley

    For the majority of computer users, it’s time to get the updates rolled out.

    I’m tracking some issues this month, but not so many as for a typical March. Thus I’m lowering the MS-DEFCON level to 4.

    An unusual occurrence is a problem with a Windows 8.1 update.

    Anyone can read the full AskWoody Plus Alert 19.12.1 (2022-03-22).

  • Closing out January

    Patch Lady
    It’s nearly the end of the month and it’s time to recap and review our computer systems for the month. Updates have been disruptive this month to say the least.

    For those of you that are not Plus members, one of the key items I work on and update several times during the month is the “Master patch list”. In it I recap the updates released during the month and track if you should – or should not – install the updates.  I place the listing on an Excel spreadsheet and also save it in csv, pdf and html formats. For those of you that would like a sneak peak, you can see it hereNote I’ve opened it up for a sneak peek at the end of the month for your use and review for anyone – plus member or not – given that this has been a rough month.

    For those of you that are Plus members, remember that I update the spreadsheet on a regular basis and post additional notes on this page. (Plus members only)

    Currently we also send out an alert that gets emailed when we change the MS-DEFCON and alert you to patching issues. In addition, there is a twitter account you can follow as well as sign up for text alerts.

    Question for those that follow the twitter account and the blog?  Would you want me to post a new post when I update the Master Patch Listing?  I don’t want to send out an email or an alert as we reserve those actions for the newsletters and the MS-DEFCON alerts, but I can certainly put a note here so that you know when it’s updated. Please let me know in the comment section as to your preferences!

     

     

  • MS-DEFCON 4: A very complicated patching month

    AskWoody Plus Alert Logo
    ISSUE 19.04.1 • 2022-01-25

    MS-DEFCON 4

    By Susan Bradley

    Thanks, Microsoft, for a very messy January.

    This month will be somewhat convoluted for patching, due to the high number of side effects. To make it worse and more complicated, Microsoft has left it up to us to figure out what to install — rather than pushing out the fixed updates via Windows Update or WSUS. The side effects for those with servers are extreme. In some cases, you’ll need to install two updates before rebooting the servers you manage to successfully patch this month.

    I’m lowering the MS-DEFCON level to 4 in spite of these difficulties, but business users must be cautious.

    Anyone can read the full AskWoody Plus Alert 19.04.1 (2022-01-25).

  • MS-DEFCON 4: The printing issues continue

    AskWoody Plus Alert Logo
    ISSUE 18.37.1 • 2021-09-28

    MS-DEFCON 4

    By Susan Bradley

    Printing or security — you decide

    We’re back to reasonable levels of safety and of understanding the nature of recent updates, so I’m recommending the resumption of update installation — but not without some major caveats. Sadly, there are still some side effects with printing, which is getting to be an annoying trend. It’s been months now.

    These updates also include new and expanded categories plus registry keys that allow you to officially defer Windows 11 and then choose to push off the upcoming 21H2 release. More about that later.

    Consumer and home users

    I haven’t seen printing problems with directly attached printers, the most likely scenario for home users. Therefore, I recommend applying the September updates now. The reason is that this month’s updates include expanded sections to choose various versions of Windows 10 or Windows 11 and specifically block what you don’t want.

    For those of you on Windows 10 Professional, after installing the September updates you’ll be able to click on the search box and type in “edit group policy.” Next, scroll down to Computer Configuration, Administrative Templates, Windows Components, Windows Update, and Windows Update for Business. Find the setting for Select the target Feature Update version. Click on Enabled, fill in the product version in the first box (“Windows 10”), and then the feature release version you want to keep.

    Of course, Windows 10 Home can’t do group policy. Instead, use registry keys to defer Windows 11 and stay on the version of Windows 10 you want. You’ll be adding a value under

    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    Manually add the values “TargetReleaseVersion”=dword:00000001, “ProductVersion”=”Windows 10”, and “TargetReleaseVersionInfo”=”21H1”.

    I’ve made it easier for you by including links to download these registry keys. If you want to stay on 21H1, click on this link and install it on your system. If you plan to let your machine upgrade to 21H2, click on this link. And if you leave the setting alone and do nothing, and your computer does not have the hardware capabilities for Windows 11, you will not be offered the upgrade. If you do have hardware that can handle Windows 11, you’ll be offered — but not pushed to — Windows 11.

    Business users

    First the good news: Microsoft has finally acknowledged what we’ve known for weeks now — its updates trigger issues if your users do not have administrator rights. The bad news is that it hasn’t yet acknowledged the issues we’ve seen this month, nor are any fixes planned. Microsoft will only urge us to

    Verify that you are using the latest drivers for all your printing devices and where possible, use the same version of the print driver on the print client and print server.

    Microsoft indicates that the trigger is

    … caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file.

    But here’s the problem: We never installed a newer driver on the server. We did nothing but install the software update to the server. I know that many of these notifications are triggered by the use of v3 (older) printer drivers versus v4 printer drivers. If you cannot upgrade to v4 drivers, you have a couple of options to “re-push” out drivers to fix this issue.

    Unfortunately, in this era of cumulative updates you can’t break out the parts of the update you want from the parts you don’t want. So if you don’t install this update this month, you put your business at risk from MSHTML-based ransomware attacks (CVE-2021-40444).  If you make the decision to not install these updates, make sure you use the registry keys I wrote about earlier to block the MSHTML vulnerabilities. Don’t go unpatched and unprotected.

    References

    Read the full story in the AskWoody Plus Alert 18.37.1 (2021-09-28).

  • MS-DEFCON 4: All clear for consumers, less so for businesses

    AskWoody Plus Alert Logo
    ISSUE 18.32.1 • 2021-08-25

    MS-DEFCON 4

    By Susan Bradley

    This month has been a bit bumpy for business users needing to print.

    This month’s change to a technology called “Point and Print” has triggered side effects for information technology professionals who deployed workstations without administrator rights.

    Although I’m reluctantly recommending installing these updates, because you need to be protected from all the other vulnerabilities this month, I must acknowledge that even after you patch, you still won’t be protected from printer vulnerabilities. There is yet another Print Spooler issue out there. Right now, the only way you can protect yourself from the remote Print Spooler attack described by CVE-2021-36958 is to keep your Print Spooler service disabled unless it is absolutely needed.

    Consumer and home users

    Install the August updates. In a change to my past update recommendations regarding .NET, I now recommend installing the .NET updates as well. For the last year, I’ve not experienced any side effects with the nonsecurity .NET updates and feel confident about their safety.

    I’ve also not been tracking any side effects with Chromebook 92 after its release on August 2. Unlike last month, there’s been no need to roll back this version.

    Business users

    For those of you in charge of business patching, there’s no good resolution for the side effects of the August updates, not to mention the risks of the unpatched Print Spooler vulnerability. If you deploy print drivers using group policy and your users do not have administrator rights, they are being prompted to install a printer-driver update even though the printer driver has not changed — the only thing that has occurred is that the patch was installed. You can deploy a registry key to

    HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

    with the name RestrictDriverInstallationToAdministrators and a DWord value of 0, but unfortunately, this opens up your workstations to attack. It’s not a good solution.

    The root cause appears to be v3 versions of printer drivers. In the short term, I recommend several possible solutions.

    • Temporarily allow administrator rights via group policy to allow your end users to install the updated print driver, and then revert them back to non administrator rights.
    • Use the registry key workaround (above) that will allow printer drivers to be installed, with full knowledge that this opens your machine up to attack.
    • Review the printer drivers you have installed and ensure that they are v4 and not earlier versions.

    References

    Read the full story in the AskWoody Plus Alert 18.32.1 (2021-08-25).

  • MS-DEFCON 4: Get those June updates installed

    AskWoody Plus Alert Logo
    ISSUE 18.23.1 • 2021-06-24
    MS-DEFCON 4: Get those June updates installed

    MS-DEFCON 4

    By Susan Bradley

    It’s time to deal with “News and Interests.”

    Consumer and home users

    If you’ve been procrastinating with the June updates so you didn’t have to deal with the new “News and Interests” feature and its side effects, the time has come.

    Microsoft has released KB5003698 to fix issues with blurry images in 1909 for Enterprise. Windows 10 2004/20H2 and 21H1 received KB5003690 to fix the blurry text on the News and Interests button for some screen resolutions. KB5003690 also fixes a problem with search box graphics on the Windows taskbar, which occurs if you right-click the taskbar and turn off News and Interests. This graphics issue is especially visible when using dark mode. If it is a problem for you, install this optional update.

    There are other issues to work out, such as interactions with the desktop if you are using Classic Shell or other menu programs. AskWoody readers have noted cases in which sign in to customize the news selections did not work. If you have problems with the News and interests feature, try setting it to icons only instead of icons and text.

    For Office updates, open up any Office software application, click on File, Account, Office Updates, and enable updates. Then click on Update Now to trigger their installation.

    Business users

    This month’s releases showcase that timing is everything. If you apply updates to workstations before applying them to servers and then attempt to use remote event-log tools, you will find that you cannot access the event logs. As noted by Microsoft, affected apps are using certain legacy Event Logging APIs. Ensure that you apply the updates for both workstations and servers before attempting to use such software.

    References

    Read the full story in the AskWoody Plus Alert 18.23.1 (2021-06-24).

  • MS-DEFCON 4: It’s quiet out there

    AskWoody Plus Alert Logo
    ISSUE 18.19.1 • 2021-05-27
    MS-DEFCON Level 4

    By Susan Bradley

    This month has been relatively quiet with respect to patching side effects. It’s now time to install the May updates.

    Consumer and home users

    Most of the issues and complaints have not been about the May update. Instead, there has been dissatisfaction with a new feature called News and Interests. As this feature rolls out, more and more people are asking how to remove it. I have provided a registry update file that will automatically disable News and Interests. The only known side effect is audio issues in some machines; these can be bypassed by using stereo settings.

    More details will be provided in my upcoming Patch Watch article.

    Business users

    For small businesses that still have an on-premises Exchange email server, make sure you install this month’s Exchange patches, as described in KB 5003435.

    Note that some users reported issues if they had manually removed the new version of Edge, proving once again that Microsoft doesn’t test the edge cases (pun intended).

    Read the full story in the AskWoody Plus Alert 18.19.1 (2021-05-27).

  • MS-DEFCON 4: Patching is approved

    AskWoody Plus Alert Logo
    ISSUE 18.15.1 • 2021-04-30
    Susan Bradley

    By Susan Bradley

    Proceed to update.

    I’m separating my patching guidance into two categories — one for consumer or home users and one for business users. And I’m changing our MS-DEFCON level to 4. At this time, I’m not seeing major issues with updating.

    Consumer and home users

    The April updates have been much better behaved and I’m not seeing any major issues with the releases. Problems identified in 2004/20H2 as impacting performance in games have been automatically mitigated by Microsoft, using its Known issue rollback process. The April updates also resolved the lingering issues with printing triggered with the March updates. Importantly, the April updates install the new, Chromium-based Edge as the default browser and remove the old, “legacy” Edge. Be aware that this update will reset default programs, such as your PDF reader, to the new Edge; you’ll need to make manual adjustments to restore your preferences.

    Note: Going forward, when AskWoody mentions “Edge,” you should assume we mean the new, Chromium-based Edge. Otherwise, we will refer to legacy Edge.

    If you are still using Windows 10 Home or Pro 1909 you have only until May before that version is no longer supported. If you have not already upgraded to 20H2, I recommend taking this opportunity to do so. Remember, my favorite way to upgrade is to use the Update now button on the Software download page.

    Business users

    Coming with the preview releases for Windows 10, and included in the May Security releases, Microsoft will be including a new “News and Interests” taskbar item that will feature topics of interest to your users. If you want to proactively block it, use the Group Policy editor or adjust registry keys.

    References

    Read the full story in the AskWoody Plus Alert 18.15.1 (2021-04-30).

  • MS-DEFCON 4 – February updates trigger few issues

    PATCH WATCH

    MS-DEFCON 4 – February updates trigger few issues

    By Susan Bradley

    All-clear for February patches

    It’s that normal time of the month when I’ll urge everyone to get the February security updates installed. For consumers, I’m not tracking any major issues. l also recommend that those of you still on 1909 consider installing 2004 or 20H2, unless they are not yet being offered on your PCs. I’ve now installed 2004/20H2 on enough systems to be comfortable recommending either one on your machines. Remember, the complete list of February updates that I recommend — or not — can be found at any time on the Master Patch List.

    Read the full story in AskWoody Plus Newsletter 18.8.0 (2021-03-01).

  • MS-DEFCON 4: Install the February updates, skip that Secure boot

    More details will be in tomorrow’s newsletter along with a Plus membership only video that discusses my patching recommendations for the month.

    I always use the weekend for maintenance tasks, so for those of you that were waiting for the Defcon 4 green light I just flipped the beacon so you can do so anytime this weekend.

    As a reminder I am not recommending installing KB4535680 and recommend you to use Wushowhide (or your favorite patching hiding tool).

    If you aren’t a plus member, you can sign up now and you’ll get not only the private video but all of the other great newsletter articles coming out tomorrow.  Hope to see you on the Plus side!

  • MS-DEFCON 4 – Make sure January updates are installed

    It’s time to make sure January updates are installed. More details are in the AskWoody Plus newsletter out  tonight/tomorrow (sign up for it here).

    I’m recommending that Win10 Home and Pro users move to version 2004 (or 20H2) if you haven’t already done so.  Remember you can set the Targetreleaseversion setting and make sure you only get to the version you want.

    I also have advice and information about the supposed NTFS “bug” upcoming Computerworld.  Stay tuned!