Newsletter Archives

  • Apple zero days out – September 2023

    Apple has fixes for zero days that have been under attack. It appears most are triggered by a specially crafted web content.

    • CVE-2023-41991 – A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.
    • CVE-2023-41992 – A security flaw in Kernel that could allow a local attacker to elevate their privileges.
    • CVE-2023-41993 – A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content.

     

    📱 iOS and iPadOS 17.0.1 – 3 bugs fixed
    📱 iOS and iPadOS 16.7 – 3 bugs fixed
    ⌚ watchOS 9.6.3 – 2 bugs fixed
    ⌚ watchOS 10.0.1 – 2 bugs fixed
    💻 macOS Ventura 13.6 – 3 bugs fixed
    💻 macOS Monterey 12.7 – 1 bug fixed

    Mind you iOS 17 *just* came out the other day.

    These security vulnerabilities have been seen in attacks in the wild.

  • Zeroing in on zero days

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    September’s updates are out, with several zero days and several interesting vulnerabilities.

    The good news is that for consumers and home users, many of these are unique to a business network and won’t be seen in a home network.

    What will be seen this month is that the update installation and reboot process will take longer. I’m not sure what is triggering the slowness, but note that this month’s updates also include .NET updates. Patience.

    Read the full story in our Plus Newsletter (20.38.0, 2023-09-18).

  • Got a Windows configuration update?

    Did you receive a Windows configuration update that demanded a reboot?

    I got it at the office where my patches are normally controlled and I’m not 100% sure what the “configuration” was updating.

    I believe – but I’m not sure – it was a Moments release as the update history points to this page.

     

    If so, it really was not a great experience. No notification, just an alert I needed to reboot and not a great deal of information about exactly what was installed. Furthermore in my LONG experience with Windows, machines do weird things if patches are installed and machines are not rebooted so I really don’t like to see machines with pending updates.

    So did you receive this as well on your Windows 11 22H2? Let me know in the comments.  Needless to say I’ll be investigating as to why Microsoft handled this like this.

  • Master Patch List for September 12, 2023


    I’ve updated the Master Patch list for the September updates.  Remember to always review the known issues we are tracking on the Master Patch List page. I will keep the latest info there.

    The updates are taking longer than normal to install. Many are reporting this, but it doesn’t mean anything bad is happening to your machine.

    Consumer tip:  If you are on Windows 11 and have any sort of third party menu or file explorer program, ensure that it’s up to date. If the start menu won’t launch be prepared to remove it. While I haven’t seen issues in my testing, it’s still too soon to be installing updates.

    I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

    • Windows 11 22H2: Recommended
    • Windows 11 21H2: Will be recommended these get updated to 22H2 at the end of the month.
    • Windows 10 22H2: Recommended
    • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • September patches, Apple headlines and Browsers!


    Lots of headlines today. Today is the day they hold their event to announce new product releases. Rumor has it that iPhone 15 will be announced.

    Next up is our usual release of security patches from Microsoft.  Remember today is the day that I start testing, and the rest of you hold back. We have adventurous souls on the site that also test and report back (and for that thank you!) .  In early review we have for Windows 11 in addition to security patches additional “enhancements” (annoyances?) such as “new hover behavior for the search box gleam, fixes an issue that impacts the search box size. It also “This update removes a blank menu item from the Sticky Keys menu. This issue occurs after you install KB5029351.”

    Remember for businesses, you need to be aware of the full enforcement phase for updates that impact Kerberos protocol changes. Before you install updates this month ensure you have reviewed your Domain controller event logs looking for Event 43 with the text “The Key Distribution Center (KDC) encountered a ticket that it could not validate the
    full PAC Signature. See https://go.microsoft.com/fwlink/?linkid=2210019 to learn more. Client : <realm>/<Name>” in the System law.

    Finally and in my mind, more importantly as an action item that I DO want you to do, is to launch each browser you have on any device and review that it’s up to date. Chrome has a zero day out and just released a fix for it. Firefox is out with 117.0.1 today. So regardless if you patch your operating system – whether that’s Windows, Mac, or various flavors of Linux, DO launch your browser, to into the settings and then about to make it ‘kick’ a self update.  Make sure you do this on all browsers today.

    Dustin Child’s zero day blog

    As a reminder I’ll be watching for bugs and side effects and will call them out on the Master Patch List page.

     

  • The death of a hard drive

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    I got a call. “Susan? Can you help me with my laptop? It won’t boot up, and it’s making a weird noise.”

    “Sure,” I said to the friend on the other end of the phone call.

    But when my friend brought the laptop and I turned it on, I went from feeling certain I would tame the tech (after all, it’s me) to knowing it wasn’t looking good and that I might not be able to help after all.

    Read the full story in our Plus Newsletter (20.37.0, 2023-09-11).

  • Got notifications?

    I’m linking a thread in the forums about something I’ve seen lately on both Windows 10 as well as Windows 11 and both on and off a domain.

    Microsoft is now “suggesting” and doing so annoyingly.

    Thanks but no thanks, Microsoft I really don’t want Tik Tok templates.  I’ve seen suggestions about Paint at the office.

    While the thread points out how to disable it, I hope that this is a temporary behavior on Microsoft’s part and enough of us complain. Now while I fully expect that if they only did this to consumer or home users, Microsoft would continue the behavior, I HOPE that with enough businesses start to grumble about the suggestions and pop ups in a business operating system that enough customers that have Satya on speed dial will complain so that they will knock off this behavior.

    Just the other day I helped someone who got a notification from a web site stuck in their Chrome browser to the point where there was a pop up nearly every second. These suggestion pop ups, while not QUITE as annoying are a close second.

    Microsoft stop being malicious and pushy. Put the adults back in charge and leave the suggested Tik Tok’s out of my operating system.

  • MS-DEFCON 2: Windows 11 21H2 nears end of life

    alert banner

    ISSUE 20.36.1 • 2023-09-07
    MS-DEFCON 2

    By Susan Bradley

    On October 10, 2023, the Home and Pro editions of Windows 11 21H2 will no longer be supported by Microsoft.

    Anticipating next week’s Patch Tuesday, I’m raising the MS-DEFCON level to 2. When (and if) the dust settles, we’ll enter another period of safe patching toward the end of the month. I’ll say more then, but you should prepare.

    Anyone can read the full MS-DEFCON Alert (20.36.1, 2023-09-07).

  • The season of devices

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    It’s the time of the year when PSLs hit the menu.

    What? You don’t know what PSL means? Of course you do, because Pumpkin Spice Lattes arrive at those coffee shops you find on nearly every street corner. You can’t miss them.

    As summertime fades into fall, it’s also the season of rumors about the new phones and tablets that will soon hit the headlines. And that means it’s time for me to take a hard look at all my devices in this category.

    Read the full story in our Plus Newsletter (20.36.0, 2023-09-04).

  • It’s the first of the month, how’s your backup?

    Susan BradleyAlways at the first of the month, no matter what tech item I’ve got, whether it’s a tablet, a phone, a computer, a server, a laptop, a thing, I always take stock and review if I’ve got a backup of that thing.

    Depending on the “thing” I may back up to an online location or I may backup to an external hard drive or other storage location. The other day I came across an iphone that hadn’t been backed up since June of 2022.  Why so long? Because there wasn’t enough storage on icloud and the person hadn’t been paying attention to the fact that no backup had been occuring. I used to backup my phone to my computer but now that I typically have more storage in my iphone than I have free space on many of my computer hard drives, I backup to the cloud.

    But make sure you can backup to SOMETHING. I can’t stress this enough. Bad patches, ransomware, all of it can be dealt with as long as you have a backup.

    iPhone last successfully backed up at 12:02 am.  Check.

    Laptop: last backed up at 4 a.m. to a tiny external usb flash drive.  Check.

    Computer upstairs backed up to external drive.  Check.

    Surface device at the office: Honestly because I merely use that to remote INTO other devices I don’t install much on it and thus don’t back it up. I can rebuild it my merely reinstalling Windows.

    Sister’s computer backed up to external drive. Check.

    Sister’s ipad backed up to cloud. Check.

    Dad’s iphone and ipad backed up to cloud. Check. and Check.

    Relatively new Mint computer…. ooh don’t have a backup on that one yet.

    Chromebook. All data is in the cloud, don’t need to backup local operating system. Check.

    All of the workstations at the office backed up to a NAS.  Check.

    Servers backed up.  Check. As well as rotating to offsite storage. Check.

    Get the idea?  At least once a month take inventory of all of the computing devices you care about and ensure they are backed up. If you don’t care about them and know you can quickly reinstall then the lack of a backup is an acceptable risk.

    So when is the last time you checked?

  • Chrome moves download indicator

    Susan BradleySo my 95 year old Dad calls me up this morning and says “I need help”.  He was on his computer and working on a tax return (yes he still works on returns at 95 years of age) and says “The zip file download isn’t working”.  He’s on the cloud version of tax software which downloads zip files of pdfs and he uses Chrome.

    Well as you can guess recently as I’m sure many of you know, Chrome moved the download indicator from the bottom left to the top right. Now if you are used to using different browsers you’ll know that many of them use top right (Edge) as well as bottom left.

    You CAN change it back.

    You can also merely deal with the change and cuss at software developers that love to change things as my Dad did when I pointed out that the zip file REALLY was being downloaded but now look for that bubble in the top right.

    “Dumb a-……s”  is what Dad muttered. I figured many could relate to my tale. And yes, just a reminder, you CAN change it back.

    Public service announcement for the day:

    Launch Chrome and go to chrome://flags/.
    Search for “Download Bubble” or “Download Button”.
    Disable both flags.
    Click on “Relaunch” to restart Chrome.
    After following these steps, the downloads bar should be moved back to the bottom of the Chrome window.

  • Ready to retire your servers?

    SOFTWARE

    Susan Bradley

    By Susan Bradley

    Last week, I urged users to review their software needs and consider options other than sticking with outdated and unsupported operating systems for their personal PCs.

    This week, I’m going to discuss what businesses need to think about when it comes to server operating systems. They have a lifecycle that should be reviewed, just like workstations. For example, October represents the end of the road for Server 2012 and 2012 R2. It’s time to look ahead and plan accordingly.

    Read the full story in our Plus Newsletter (20.35.0, 2023-08-28).