Newsletter Archives

  • MS-DEFCON 2: 2004 is out of support

    alert banner

    ISSUE 19.18.1 • 2022-05-05

    By Susan Bradley

    Check your Windows version, then update accordingly.

    I regularly come across PCs that are running old, out-of-support versions of Windows because they aren’t on the Web long enough to be “serviced” by Windows Update. For example, there are two Surface laptops in my office that are used by people on cellular connections. As a result of sporadic use, they never get a feature update.

    Just the other day, I realized they were running Windows 10 2004 and thus no longer were getting security updates, a serious matter.

    Anyone can read the full MS-DEFCON Alert (19.18.1, 2022-05-05).

  • MS-DEFCON 4: Protect yourself with patches

    alert banner

    ISSUE 19.17.1 • 2022-04-26


    By Susan Bradley

    I’ve been holding my breath.

    For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

    CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

    Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  • MS-DEFCON 2: Deferring April

    alert banner

    ISSUE 19.14.2 • 2022-04-07


    By Susan Bradley

    Don’t let April showers rain on your PCs.

    I love April. It’s the end of the busy tax season at the office, and it’s spring where I live — the tulips are in bloom. But what I don’t love is updates disrupting my business before the end of the busy season. So I urge you to do what I do at the office: defer those updates.

    Anyone can read the full Plus Alert (19.14.2, 2022-04-07).

  • MS-DEFCON 4: March madness? Mostly quiet

    alert banner

    ISSUE 19.12.1 • 2022-03-22


    By Susan Bradley

    For the majority of computer users, it’s time to get the updates rolled out.

    I’m tracking some issues this month, but not so many as for a typical March. Thus I’m lowering the MS-DEFCON level to 4.

    An unusual occurrence is a problem with a Windows 8.1 update.

    Anyone can read the full AskWoody Plus Alert 19.12.1 (2022-03-22).

  • MS-DEFCON 2: Is it still safe to defer?

    alert banner

    ISSUE 19.09.1 • 2022-03-03

    By Susan Bradley

    Global troubles lead to patching worries.

    Even with all the heightened concerns regarding cybersecurity, my deferral strategy and recommendations for patching will not change. Use the time between now and next Tuesday (Wednesday for those of you outside the northern hemisphere) to wrap up whatever patching and updating you are doing, and get ready to defer updates. Hopefully, a window will open toward the end of the month, when we can have high confidence that applying patches and updates will be safe.

    Anyone can read the full AskWoody Plus Alert 19.09.1 (2022-03-03).

  • MS-DEFCON 5: A very quiet February

    alert banner

    ISSUE 19.08.1 • 2022-02-22


    By Susan Bradley

    For the first time in an extremely long time, this month of patching has been so quiet that I’m changing the patching status to the magical level of 5.

    All’s clear. Patch while it’s safe!

    Don’t blink, because it may not happen again. There are so few issues that it feels too quiet, like the calm before the storm. The only thing I’m tracking is a few reports on issues with the 2012 R2 print server, because it broke printing on DataMax label and badge printers. However, I’m not tracking any issues with standalone printers.

    Anyone can read the full AskWoody Plus Alert 19.08.1 (2022-02-22).

  • MS-DEFCON 2: Batten down the hatches again

    AskWoody Plus Alert Logo
    ISSUE 19.05.1 • 2022-02-03

    By Susan Bradley

    It’s time to wrap up updating or feature-release installations and pause as we wait for February’s Patch Tuesday.

    I am recommending that home and consumer users install the regular updates from January 11 and that business users install the out-of-band updates released on January 17. Get these done right away. Skipping them means you are vulnerable to some active attacks, especially CVE-2022-21882.

    Anyone can read the full AskWoody Plus Alert 19.05.1 (2022-02-03).

  • MS-DEFCON 4: A very complicated patching month

    AskWoody Plus Alert Logo
    ISSUE 19.04.1 • 2022-01-25


    By Susan Bradley

    Thanks, Microsoft, for a very messy January.

    This month will be somewhat convoluted for patching, due to the high number of side effects. To make it worse and more complicated, Microsoft has left it up to us to figure out what to install — rather than pushing out the fixed updates via Windows Update or WSUS. The side effects for those with servers are extreme. In some cases, you’ll need to install two updates before rebooting the servers you manage to successfully patch this month.

    I’m lowering the MS-DEFCON level to 4 in spite of these difficulties, but business users must be cautious.

    Anyone can read the full AskWoody Plus Alert 19.04.1 (2022-01-25).

  • MS-DEFCON 1: Business patchers be on alert

    AskWoody Plus Alert Logo
    ISSUE 19.02.1 • 2022-01-12


    By Susan Bradley

    For those running a network with a domain controller, the side effects this month are extreme. Don’t patch.

    MS-DEFCON 1 is a very rare occurrence. When I raise the level that high, it’s because I’m seeing critical issues with patches.

    Microsoft has a technology called Active Directory that allows workstations to authenticate with a “domain controller.” This month’s updates are causing such drastic issues with domain controllers that they can become stuck in a boot loop. That is definitely an MS-DEFCON 1 condition. You should not release patches.

    Anyone can read the full AskWoody Plus Alert 19.02.1 (2022-01-12).

  • MS-DEFCON 2: Batten down the hatches for January

    AskWoody Plus Alert Logo
    ISSUE 19.01.1 • 2022-01-06

    By Susan Bradley

    Microsoft has started off the patching year — and not in a good way.

    Soon after midnight all across the world, mail administrators running Exchange 2013 and Exchange 2016 started noticing that mail was not being delivered in their organizations. Horror of horrors, this has been dubbed the “Y2K22” bug — just what we wanted to hear.

    Anyone can read the full AskWoody Plus Alert 19.01.1 (2022-01-06).

  • We listened, we listened!

    Here’s the thing. Susan and I get a lot of email (we do our best to answer everyone). We grin and light up when complimented; we grit our teeth and bear it when our correspondents are less kind. And we listen.

    Unexpectedly, one of the top complaints we’ve both received has to do with the MS-DEFCON banner images we changed back in May. At the time, we conformed the colors of the levels to the US military DEFCON system, with white (level 1) being the most dangerous condition and blue (5) the safest. I thought that made sense because the origin of this site’s MS-DEFCON system was, in fact, the military’s.

    The question we kept getting, almost daily, was which was worse, one or five, white or blue? It was politely explained to us that we should have used red and green. We thought this would die down, but the tea leaves were speaking to us – change it!

    So we did. We did not quite return to the original colors, which used a shade of green for both levels four and five. Instead, we used blue for level four. What we’ve adopted now is, in effect, the same set of colors used by the US Homeland Security Advisory System (aka terror alert levels). The new images are in effect now, everywhere. They’ll even be updated in older emails if you happen to have saved them.

    Now maybe our inboxes will settle down a bit.

  • A change to Alerts!

    Alert Logo

    Our MS-DEFCON system has proven extremely popular. It’s the reason the banner on our home page is so prominent.

    Early in 2021, we decided to post an abbreviated version of MS-DEFCON alert newsletters in our blog, reserving the full alert for Plus edition members. We’ve been pleased that this change met with general acceptance, but a review of our alerts for 2021 has shown that the difference between our blog post and the full alert is minimal. Therefore, I’ve decided to make a change.

    We publish two kinds of alerts, one for a changed MS-DEFCON level and one for other types of information. Henceforth, all MS-DEFCON alerts will be available to anyone visiting the site. Other alerts will continue as an exclusive benefit of Plus membership, as will emailed alerts and text message alerts.

    I’m happy to bring the MS-DEFCON coverage to a wider audience. It’s my contribution to promoting safe and sensible patching strategies.