|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
The sky is not falling
PATCH WATCH
By Susan Bradley
You may have seen the headlines: Outlook is getting a patch for a zero-day attack that can’t be fixed just by turning off the preview pane.
Don’t panic. The risk is greatest if you are connecting Outlook to an on-premises Exchange server.
Importantly, the attacks have been seen only in targeted firms. The risk is higher for government agencies. Microsoft has even provided a script to determine whether you are at risk.
Read the full story in our Plus Newsletter (20.12.0, 2023-03-20).
-
Don’t want search?
Now I will be the first to admit that I search. I search on Google. I search even on Bing. But when I search – I WANT TO SEARCH. So I’ve never quite understood why Microsoft has this thing about having the Operating system search from the taskbar. I open a browser.
Now I do use the search box to quickly jump to a setting. If you hop back and forth between Windows 10 and 11 sometimes the brain goes… where did they move that again?
So now we have Bing being added to search in the March updates.. but not just ANY search … it’s the chatgpt search.
Now I’m not adverse to change but really…. do we really need all of this ChatGPT stuff given that it feels very much to me that it’s a bit too new, too much the shiny thing and hasn’t been tested for security issues, side effects and what not?
Joe here posts about the registry key to disable or hide the search bar. You can find this by opening up the registry and
find: Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
Look for SearchboxTaskbarMode and right-click on it and select Modify. Change it to 0
I’d argue that you want it t0 search your computer, but not the web. For this you’ll add a new registry key for DisableSearchBoxSuggestions
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
“DisableSearchBoxSuggestions”=dword:00000001And let’s not forget about chatgpt coming to Microsoft 365 Copilot. Stay tuned, we’ll have lots more guidance and advice on how to navigate all of these vendors “rush to the AI” trend. And how to turn some of these settings off….
-
Special note for Samsung users (or Pixel users too!)
If you have any of the following read on….
Mobile devices from Samsung, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series;
Mobile devices from Vivo, including those in the S16, S15, S6, X70, X60 and X30 series;
The Pixel 6 and Pixel 7 series of devices from Google;
any wearables that use the Exynos W920 chipset; and
any vehicles that use the Exynos Auto T5123 chipset.What is this about? Google project zero have released a blog post about a security vulnerability that impacts these devices.
What does this mean? Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely. So if the attacker CALLS you, they could compromise your phone.
Note: Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.
What should I do?
How to turn off WiFi calling on a Samsung phone
- Open the phone on your Samsung phone
- Tap the three-dot menu in the top-right corner
- Select Settings
- Find the WiFi Calling option about halfway down and toggle it off
How to Disable VoLTE on any Samsung Galaxy Phone
- Head over to the Settings page on your galaxy device.
- Then go to the Connections section.
- Scroll to the Mobile network section.
- Within that, you should see the VoLTE Calls option. Just disable the toggle and that’s it. (note I think this should be default disabled and is probably not enabled by default)
No patch is available at this time. As soon as I hear word of one, I’ll add it to the master patch listing.
Please note – each vendor of the phones can customize the deployment and thus you may not see these options in your phone.
-
Master Patch list as of March 15, 2023
I’ve updated the Master Patch list for the March releases.
Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there. Right now the big trending issue is the issue where Windows 10 22H2 doesn’t seemingly reboot if you manually check for updates. If you use Start11, StartAllBack, and ExplorerPatcher make sure you update to the latest on Windows 11.
I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.
- Windows 11 22H2: Not recommended
- Windows 11 21H2: If you have a Windows 11 PC, recommended
- Windows 10 22H2: Recommended
- Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
- Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.
As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.
-
March madness here we come
Ready or not – here comes the March updates. Remember by this time you need to have a backup and defer updates (unless you are one of the souls who like to be the beta testers for the rest of us.
Interesting items of note: Outlook vulnerability used in TARGETED only attacks and impacting NTLM (translation – businesses with Exchange servers not consumers/home users. If you have click to run Office this will be auto updated.
There is also a ‘smartscreen’ vulnerability where Edge can be tricked into thinking something isn’t from the web and not scan it. This will be auto updated when Edge updates. When we finally update Windows the smartscreen as a whole will be updated. But again, we don’t blindly download things do we?
Both are more business only – not consumer/home targeted so I’m not changing my “hold off and wait to patch” stance in any way.
Remember Windows 11 22H2 gets “moments” releases – I’ll be reporting if my registry key works on Windows 11 Home computers.
More links as they come live…..
Also business impact:
This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.
This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’” For more information, see KB5020276.
Dustin Childs’ zero day blog
-
Ensuring you can recover
PATCH WATCH
By Susan Bradley
Anyone reading the title of this edition of Patch Watch may think I’m talking about a Windows update issue.
But no matter what your technology, I want to remind you that having a backup means that you will be able to recover.
A good friend of mine, totally ensconced in the Apple world, reported that her older Apple computer running Monterey was not a happy camper. She had been traveling and did not want to install updates. Once at home after her travels, she attempted to update. That’s when the “fun” started.
Read the full story in our Plus Newsletter (20.11.0, 2023-03-13).
-
Don’t forget about….
The other day I was reminded that sometimes it feels like we focus on the new shiny thing instead of the thing we’ve had for years. Not to worry…. all of this Windows 11 coverage isn’t going to crowd out me making sure that you have all the information you need to use your Windows 10 machine. We still also have forums for Windows 8.1, Windows 7 and even older operating systems. If anyone starts to wax poetic about Windows NT, however, I draw the line. Dealing with drivers and dip switches on that platform was NOT fun.
Windows 10 is going to be supported until October 14, 2025 and if you are like me, you are going to squeeze every single last bit out of that operating system – or rather – until the hardware won’t run it or it it’s too risky to run it anymore. Like many other businesses and consumers of every size and budget, I have too many systems still running it and even with budgeting for upgrades, I still predict that once 2025 comes, they will allow extended security updates – but probably with a hook to Microsoft 365 subscriptions.
Therein is my first reminder of anyone using hardware that is starting to get a bit older. Make sure you take care of it. Start always with having a backup of that operating system. I will once again urge everyone to ensure you have a backup method that makes sense to you. If you want an EXACT image of your computer, make sure you have a third party backup software that makes an exact copy.
It annoys me that to this day Microsoft stresses backing up to their cloud (onedrive) as a preferred way to backup rather than making sure we backup the operating system. Sorry Microsoft, Apple is superior here with their built in backup solution versus your “Windows 7” era backup solution.
So it’s the weekend before Patch Tuesday. Set your deferrals to ensure that you won’t receive updates right away?
If you do have Windows 11 Home, look out for a registry key in Monday’s newsletter that I’m hoping will keep Home systems from receiving “moment” updates.
So? Got your backup running this weekend?
-
When you are flagged as malicious
ON SECURITY
By Susan Bradley
We rely too much on automated reporting in our security solutions.
Most of the time, such automation works pretty well. When it doesn’t, the consequences can be quite damaging. We can think back to many times when antivirus updates accidentally flagged a file as malicious, and all sorts of fun ensued.
Just recently, an update to Microsoft Defender interacted with Attack Surface Reduction rules and removed shortcuts on the desktop. If you were on Defender and had the “Block Win32 API calls from Office macro” Attack Surface Reduction rule in place, then updated to security intelligence builds between 1.381.2134.0 and 1.381.2163.0, you would find your icons missing. IT admins were scrambling for days to fix the resulting mess.
Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).
-
Is your backup encrypted?
Just a reminder that if you are an iphone user, you can turn on Advanced Data Protection. This enables end to end encryption on your iCloud backups so that you and only people you choose (and not attackers that gain access to your password) get access to your photos and data.
Now that said… be aware of some limitations. If you have an older Mac computer you won’t be able to enable this.
Also once you enable it, you’ll need to approve access when you log into icloud on the web.
And THEN, make sure you document that encryption password and have various recovery methods to ensure should you need to get back in, you can. Therein lies the rub. Only turn on encryption if you’ve ensured that you have documented how to recover.
Requirements
To turn on Advanced Data Protection for iCloud, you need:An Apple ID with two-factor authentication.
A passcode or password set for your device.
At least one account recovery contact or recovery key. If you don’t already have one, you’ll be guided to set one up when you turn on Advanced Data Protection.
Updated software on all of the devices where you’re signed in with your Apple ID:
iPhone with iOS 16.2 or later
iPad with iPadOS 16.2 or later
Mac with macOS 13.1 or later
Apple Watch with watchOS 9.2 or later
Apple TV with tvOS 16.2 or later
HomePod with software version 16.0 or later
Windows computer with iCloud for Windows 14.1 or later -
Being legal, supported, and secure
ON SECURITY
By Susan Bradley
Who regulates your software decisions?
As an operating system comes to the end of its life span, we users have to decide what to do with our technology. Do we continue using it as is, with no consideration of risks? Do we stop using the technology and look for alternatives? Or do some of us do a combination of both?
With proprietary software, our decisions are often driven by what type of customer we are.
Read the full story in our Plus Newsletter (20.09.0, 2023-02-27).
-
Beware of the fine print
The other day I retired an HP color laser all in one that I had here at home because my Sister was about to chuck it out the window. It would get jammed. It would stop and “clean” constantly. So I replaced it with a Lexmark MC3426i unit. Now this unit is not for the faint of heart. First off when it says it’s a “Multifunction Wireless Printer with Print, Copy, Scan and Cloud Fax Capabilities” beware on that last part. When it says “Cloud fax” it does NOT mean a plain old analog fax that uses a phone line. Nor does it mean a free cloud faxing service built in. Rather it means a trial for a cloud fax service and if you want it to continue you have to pay for it. I found it fascinating that there is a hole in the back of the unit where the faxboard USED to be. So if you go shopping for a multi-function fax machine – beware of devices that include “cloud fax”. That just means it has a hook into an online faxing service.
On the back of the unit they even still have a plastic hole where the fax machine USED to be connected with an analog fax board, but clearly the manufacturer deems faxing with a phone line to no longer be used.
Slowly but surely faxing is starting to die out. Once upon a time we lived on faxing. Everything was faxed. Now we are emailing or sending PDFs. Back in the day there was a specific fax board that was the best computer faxing board around. If you depended on faxing, this was the board to have. The Brooktrout board.
So here’s a dirty little secret about faxing. We think it’s more secure than email. It’s not. If someone intercepted that screeching sound transmission and had a receiving device listening, they could read that transmission. It’s not protected as it transmits across phone lines. It’s just HARDER to hack into a fax machine versus a computer. A fax machine also can’t be phished like a human can be with email. Typically as well the fax machine is less connected to the rest of the network. Especially with fax machines connected to phone lines, they typically were not connected to the RJ45 connection. If, however you had a device like the Brooktrout in your workstation or server, and if the attacker knew your fax machine answered at a certain number, and if the attacker send a specially crafted signal to the fax/brooktrout board, then they could, in theory, do potential bad things on a network. But as you can see from that, there are a lot of “ifs” in there. It’s easier to phish someone. But that’s not to say in theory fax machines connected to network devices bring vulnerabilities, but then too do humans and keyboards.
So what technology did you rely on then, is now being slowly killed off? Did you rely on faxing?
-
Microsoft kills off Internet Explorer — mostly
ISSUE 20.08 • 2023-02-20 PATCH WATCH
By Susan Bradley
Not feeling the love from Microsoft this month?
That might be because the company is saying goodbye to its aged Internet Explorer Web browser (IE), albeit only on certain platforms.
For Windows 10, the death of IE is not part of this month’s Windows update but rather part of the update to the Edge browser. That update would have been in the background, silent, and you may not have noticed it. Even if you did, you probably didn’t pay much attention. Unless, of course, you had moved from IE to Edge a while back. For you, the update re-migrated your favorites and bookmarks, making a duplicate list.
Read the full story in our Plus Newsletter (20.08.0, 2023-02-20).
This story also appears in our public Newsletter.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
CCleaner’s Driver Updater – does it work?
by 1 hour, 28 minutes ago
-
Issue 2439: CentOS Stream 9: missing kernel security fixes
by 3 hours, 55 minutes ago
-
Microsoft to throttle emails to online email if you are running old stuff
by 3 hours, 59 minutes ago
-
fre-ac updates
by 4 hours, 18 minutes ago
-
Windows 10 lost start up password
by 4 hours, 10 minutes ago
-
Windows 11 Insider Preview Build 22621.1470 and 22623.1470 released to BETA
by 5 hours, 10 minutes ago
-
Windows 11 Insider Preview build 25324 released to Canary
by 6 hours, 30 minutes ago
-
Windows 11 Insider Preview build 23419 released to DEV
by 6 hours, 57 minutes ago
-
Dribble?
by 8 hours, 32 minutes ago
-
Allow defenderbootstrapper.exe to phone home?
by 3 hours, 9 minutes ago
-
KB 5022836 will not install
by 1 hour, 27 minutes ago
-
Windows 11 desktop for Windows 10 user
by 8 hours, 24 minutes ago
-
GNOME 44 ‘Kuala Lumpur’ released
by 1 day, 4 hours ago
-
Emotet adopts Microsoft OneNote attachments
by 1 day, 4 hours ago
-
US : The Spy Law That Big Tech Wants to Limit
by 3 hours, 36 minutes ago
-
Ferrari confirms customer data breached following ransomware attack
by 1 day, 5 hours ago
-
Outlook bookmarks redirects to a different location, Help!
by 1 day, 6 hours ago
-
Should I go to win11?
by 3 hours, 42 minutes ago
-
The Framework Laptop – Fully Modular
by 1 day, 12 hours ago
-
Windows Snipping Tool is vulnerable to Acropalypse too.
by 22 minutes ago
-
Pale Moon updates
by 1 day, 15 hours ago
-
“Local Security Authority protection is off.” with persistent restart
by 1 day, 4 hours ago
-
Self-encrypting drive setup on Linux
by 1 day, 17 hours ago
-
Windows 11 Moments and local account setup
by 10 hours, 33 minutes ago
-
Older versions of Roboform
by 8 hours, 18 minutes ago
-
Long string filenames
by 1 day, 21 hours ago
-
Windows 11 Build 22621.1483 released to Release Preview
by 2 days, 1 hour ago
-
Will adding RAM to re-purposed PCs trigger activation again?
by 10 hours, 37 minutes ago
-
Digital Photography Review to close
by 1 day, 12 hours ago
-
Dish Network Hacked
by 1 day, 4 hours ago
