News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – .NET changes

    Posted on April 20th, 2019 at 18:00 Susan Bradley Comment on the AskWoody Lounge

    Back in the 7 and 8.1 era .NET was independently released and not part of the operating system – exactly – yes each shipped with a base .NET version, but other versions would come out and be offered up to those platforms.  On some platforms (you know we are talking about you Small Business Server) it became common knowledge that you did not upgrade .NET on that platform and just serviced it as is.

    Then along came Windows 10 with it’s cumulative patching model with everything patched in one shot.  If you wanted to upgrade to a newer .NET you didn’t install it, it came with the feature release.  And .NET updates on Windows 10 were not separate, they came with the cumulative update.  Well…. until 1809.  When 1809 was released the .NET updates separated back out from the operating system and you could separately install them.

    Coming with Windows 10 1903 .NET 4.8 will be released.  So far consistent, yes?  Well not so fast.  Once again Microsoft is changing .NET patching so that .NET is uncoupled again from the operating system.  .NET 4.7 was supported on Windows 10 anniversary edition  (I think that’s 1607? Can’t keep track of them)

    As noted in the .NET blog post

    Updates for .NET Framework 4.8 on Windows 10 versions 1607, 1703, 1709, 1803 and Server 2016 will now be delivered independently and side by side with Windows cumulative updates.

    Before to upgrade to a new .NET you had to go up a feature update to do so.  Now you can install .NET 4.8 on Windows 10 all the way back to 1607.  And when you do so, those .NET updates will be offered up separately from the Windows 10 operating system updates.

    I honestly think this is a good thing.  Lord knows my line of business apps don’t move to support new platforms as fast as they should.  But it is hard for me to try to keep track of what does what where on what platform and who’s on first and what’s on second and … you get the idea.  I honestly do not want to go back to the Windows 7 patch model of separate patches as I think the cumulative model – once we get the patch quality to where it should be – is what we need to do as it keeps our machines more secure – but at the same time you can tell that as Microsoft is listening to our complaints about patching, they are moving back to a model where things are more modular and optional.

    So Microsoft?  Good on you for listening and making changes in patching.  Now get that quality up.

  • Patch Lady – so I don’t get it

    Posted on April 12th, 2019 at 20:24 Susan Bradley Comment on the AskWoody Lounge

    By now you’ve seen the headlines… we have three antivirus documented as being down for the count when it comes to Windows 7 and 8.1 (and corresponding Server OS as well).  Per https://support.microsoft.com/en-us/help/4493448 , Sophos, Avira and Avast all are causing issues, with machines unresponsive.  Avast in particular has the nasty side effect of “additionally you may be unable to log in or log in after an extended period of time”.

    Yet in the patches there doesn’t see to be any extreme changes to the kernel (that my honestly untrained eyes) can see that would cause three pretty common antivirus engines to be totally making computers unusable.

    https://support.microsoft.com/en-us/help/4493472 (the monthly rollup KB) lists ArcaBit as another impacted one.

    Windows 10 1809 also refers to an issue with ArcaBit antivirus.  I am not seeing that reported on any other Windows 10 platform.

    In the cumulative update model it’s a bit harder to tell what exactly Microsoft is fixing.  Dustin Childs (ex-MSRC webcasts/blogger now at Zero day) lists out the patches in their “code” style not in the patch style.  Normally kernel code changes are the most historically and notoriously at fault for interactions with antivirus.  Because A/V hooks into the kernel, changes to that code often has ripple effects.

    Both kernel bugs this month (here and here) don’t give me clues that they might be the ones triggering all of these failures.

    Bottom line I’m giving you no answers tonight, just big warnings.  Don’t install updates just yet… but you knew that one already.

  • Patch Lady – yeah right pull the other one

    Posted on April 4th, 2019 at 00:35 Susan Bradley Comment on the AskWoody Lounge

    So an email comes into the office and at this time of year we will often get files.  The email is spoofing a person that normally has emailed our firm (it’s a person who is in charge of our professional business society), and the email content isn’t that odd.  Another person in the office forwards it to me to deal with as I’m normally the one who deals with the annoying dropbox or cloud links.  I honestly got as far as clicking on the link…. it’s a sharepoint link from a Microsoft/Office 365 link.  <The virustotal report is here>  Given that the SharePoint site technically isn’t malicious it comes up clean.

    The page resolves and then it urges me to “select my email provider” and “use my email and password to authenticate”.  The ultimate url is branded a phishing site…but not a lot of a/v vendors!!  <The virustotal report is here>

    Needless to say I did not.  But man…. 250% increase in phishing …no kidding.  And some of it hosted on Microsoft’s SharePoint sites no less.

  • Patch Lady – for all of you testing insider

    Posted on April 2nd, 2019 at 11:22 Susan Bradley Comment on the AskWoody Lounge

    Just a kind reminder as we get closer to 1903’s release I’ve been hearing murmurs of possible SD issues.  If you are seeing ANYTHING that you think are deal breaker issues run, don’t walk to the feedback app and make sure you BUG IT appropriately.

  • Patch Lady – 1809 could be worse

    Posted on April 2nd, 2019 at 11:17 Susan Bradley Comment on the AskWoody Lounge

    Just when you think you are having a bad day, someone comes along proving that things aren’t so bad after all.

    Take in point the poor 1809 workstation release.  It came out of the gate and stumbled with loss of data issues.  It took six months to be declared “ready for business”.  It still doesn’t release preview releases on a regular basis.  It’s been called a fiasco.

    But in reality, it’s not THAT bad.  It could be worse.   Seriously.  It could be Hyper V server 2019, the HyperV only release that allows folks to host other servers.  It came out and then was pulled back and has yet to be rereleased.

    Today comes this post.

    Microsoft Hyper-V Server has a new composition, and as a result we are finding new issues that are delaying the release.  We are working through solutions and apologize again for the delay. If you installed the original RTM version when it was available, you may not be offered updates via Windows update. Microsoft recommends installing the latest cumulative update (KB4489899) from the Microsoft Update Catalog. Microsoft remains absolutely committed to shipping Hyper-V Server – thanks to our wonderful community for your patience.

    Let that one sentence sink in for a second….  “If you installed the original RTM version when it was available, you may not be offered updates via Windows update. ”

    (note 1809 just came out with it’s C/D release on the April A release date)

  • Patch Lady – Hey 1809, we need to talk

    Posted on March 28th, 2019 at 00:25 Susan Bradley Comment on the AskWoody Lounge

    I posted this earlier to the Patchmanagement.org listserve and was urged by Crysta to post it here as well.

    Dear 1809. You are about to be replaced in the hearts and minds of patchers by your younger version 1903. And yet you keep acting like you aren’t ready for business.

    Take your March patching release. All your other older brothers have had a preview release come out on the C week (third Tuesday). You however, have been aloof and haven’t released your C/D week update this month. Last month you released your C/D week for February in the month of March.

    So can we settle down and act like you are ready for Business please? You promised a fix for the Audio bug introduced earlier this month. “Microsoft is working on a resolution and estimates a solution will be available in late March 2019.” Well it’s late March and still no fix.

    My big beef with your tardiness is that it makes determining when a zero day patch has been released harder. Please settle down and release your updates on Tuesdays, along with your older brothers. Thank you.

    (Seriously, it’s now the final week of March, and we’re past the Tuesday of the D week slot.  Releases need to be consistent in their release schedules otherwise it gets confusing to tell what is a zero day release.  The D week releases normally aren’t pushed but if you “seek” updates, that is click on windows update and then check for updates, you would get these D week ones.  I rely on the Windows update history pages and I’ll be giving feedback to Dona that they are used and some weeks I’m going to them on a daily basis to see what’s up.)

  • Patchmanagement.org listserve moving to a new location

    Posted on March 25th, 2019 at 14:21 Susan Bradley Comment on the AskWoody Lounge

    After trying to deal with all the dkim/dmarc listserve issues, we’re moving the patchmanagement.org listserve to a new location:  Google Groups.  The reason is that Google rewrites the header files so that emails from the listserve will play nice with today’s modern spam filters.  While the security person in me slightly freaks out that it’s rewriting headers, the person who still prefers email as a way to get key info accepts that it’s what we have to do.

    ===== Here’s what I wrote earlier:

    We are moving PatchManagement.org from Listserv to Google Groups as Listserv is no longer meeting the needs of our user base. We understand many companies have been enforcing stronger security measures that Listserv cannot support and this has caused some of our users to be unable to participate in PatchManagment.org. For this reason we have made the decision to transition PatchManagement.org.  (Don’t get me started on DKIM/DMARC and all that )

    As this transition occurs we will try to minimize disruption and we have also strived to keep the overall experience very simple as it has always been. The PatchManagment.org site will undergo some minor cosmetic changes and will provide full details on how to subscribe, unsubscribe, and how to access the Google Group. Access to the legacy archive will remain at this time, but new messages will be visible through the PatchManagment Google Group so you will be able to view discussions either through your email or through the Google Group directly.

    The current plan is to perform the transition on April 18th. A 2nd communication/invite will go out to all subscribers of patchmanagement.org a week before we are transitioning off of listserv. Finally, on April 18th, the day of transition, a notification will be sent to all users informing that the cutoff is happening today.

    ACTION ITEM:

    If you would like to join the PatchManagement Google Group please visit the following URL and apply to join the group this time with the RIGHT URL:

    https://groups.google.com/forum/#!forum/patchmanagement

     IF YOU READ NOTHING ELSE, READ THE LINE ABOVE ^^^^^

    We apologize for any inconvenience and thank you so much for participating in patchmanagement.org.

    Q and A:

    Do I have to have a gmail account or google linked account?  No.  Any email address will do.  The only thing a google account will give you is access to the web interface.

    Will it act like just plain email?  Yes.

    Did you consider other alternatives?   Yes, but still for many email is the best platform to get the content in your face.  With the addition of the web interface we’re hoping that this provides the best of both worlds for all.  I’ve personally used Slack, Teams, and am old enough to remember nntp and instant messenger.  It’s always a balance picking a right community platform.

    Again, all of us that benefit from all of you sharing thank you very very much as we make this transition.  Memberships have to be approved, so we beg your forgiveness and ask for patience during the transition.

    ====

    To unsubscribe from this group and stop receiving emails from it, send an email to patchmanagement+unsubscribe@googlegroups.com.
    To post to this group, send email to patchmanagement@googlegroups.com.
    Visit this group at https://groups.google.com/group/patchmanagement.
    For more options, visit https://groups.google.com/d/optout.

    ====

    So … if you are a current member of the Patchmanagement.org listserve AND you do NOT want a google profile, do the following:

    https://groups.google.com/group/patchmanagement/subscribe

    To sign up without a google profile.

    Go there.

    Go through the annoying captcha.

    Do not complete setting up the profile.

    You will be able to post/use email/just not use the web interface.  Note you may need to do inprivate browsing for it to NOT try to hook into your existing Google profile.

    If you DO want to use the web interface, you’ll need to either use a google account one one associated with a google account, or complete setting it up.

    ====

    What is patchmanagement.org?  It’s the firehose of patching information.  As we see issues with patching, that’s where we all go “Hey, I’m seeing this are you seeing it too?”  It may not be for all, it can be chatty (that’s why the web interface will be good as that way you can monitor without having your inbox flooded).  But bottom line, there’s no better place to get the raw info about patching and patch management.  (edit:  okay so Askwoody is also great too 😉

  • Patch Lady – recovery options fun

    Posted on March 24th, 2019 at 22:29 Susan Bradley Comment on the AskWoody Lounge

    We’re in the process of redoing our Kitchen at home and we’re staying at my Dad’s house during the remodeling process.  With the kitchen being right smack dab in the middle of all traffic patterns, it means that there’s no way we could live at the house during the remodel unless we wanted to walk out the garage and in through the front door each morning. In getting ready to temporary move out I was moving a small factor Windows 10 home built machine and accidentally hit the power button a bit too often. Needless to say Windows 10 was not a happy camper.  And on this particular setup, dual hdmi monitor card along with an onboard video card, when the Windows 10 is sitting there with a diagnostic message on the screen, the diagnostic message is wanting to show up on the vga monitor, not on the attached hdmi monitors.

    So I needed to move the computer over to Dad’s anyway, and figured that the root cause of the machine not booting was not that it spontaneously died when I was in the process of moving out from our house, but rather that the error message would be easily seen once I dragged the base out of the house, found an old fashioned vga cable and old fashioned vga based monitor and hit the needed button it was prompting me to do, but I couldn’t read.

    Sure enough, once I dug out a vintage vga monitor out of the storage at the office, connected it to the vga connector, it was sitting there at a recovery window waiting for me to take an action.  In my case, I opted to not do any of the recovery options and instead hit escape and choose to boot into windows.  Off it went and booted up like a charm.

    So the moral of this story is, no matter how fancy your computer, keep an old VGA monitor around.  You’ll probably need it.