News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • Do we need firmware and software updates forever?

    Posted on September 23rd, 2021 at 14:24 Comment on the AskWoody Lounge

    Check out this article:

    https://spectrum.ieee.org/we-need-software-updates-forever

    Consumers have relied on the good graces of device makers to keep our gadget firmware and software secure and up-to-date. Doing so costs the manufacturer some of its profits. As a result, many of them are apt to drop support for old gadgets faster than the gadgets themselves wear out. This corporate stinginess consigns far too many of our devices to the trash heap before they have exhausted their usability. That’s bad for consumers and bad for the planet. It needs to stop.

    We have seen a global right-to-repair movement emerge from maker communities and start to influence public policy around such things as the availability of spare parts. I’d argue that there should be a parallel right-to-maintain movement. We should mandate that device manufacturers set aside a portion of the purchase price of a gadget to support ongoing software maintenance, forcing them to budget for a future they’d rather ignore. Or maybe they aren’t ignoring the future so much as trying to manage it by speeding up product obsolescence, because it typically sparks another purchase.

  • Clearly they didn’t get my feedback

    Posted on September 22nd, 2021 at 11:15 Comment on the AskWoody Lounge

    The Surface Go device is one of the lightest, best devices for traveling if you need a Windows device.  But there is a BUT in there.  The keyboard is a little too small/off and I kept hitting the wrong keys. So I traded up for a Surface Pro 7 + but it is a little heavier.

    The Surface event is being held today and the Surface Go 3 doesn’t look like it got a larger keyboard.

    Next up Surface 8 devices.

    Interesting change that I didn’t realize was happening … my favorite business way to buy Surface devices WAS through the Liftforward/Surface all access program that you paid over time and then could upgrade/swap out as needed.  Looks like this shut down in March of 2021. Now they have Klarna as their partner.

    You can watch the recording here.

  • Real-time MS-DEFCON alerts debut!

    Posted on September 20th, 2021 at 02:45 Comment on the AskWoody Lounge
    AskWoody Plus Newsletter Logo
    ISSUE 18.36 • 2021-09-20

    MS-DEFCON

    Susan Bradley

    By Susan Bradley

    The new AskWoody SMS alert system is now available for Plus members.

    The MS-DEFCON system has been a staple of the AskWoody site for many years now. You know it as a visual system of numbers and colors that provides a quick indicator of the relative safety of applying updates (patching) to Windows and other Microsoft apps and services.

    Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).
    This story also appears in the AskWoody Free Newsletter 18.36.F (2021-09-20).

  • Back to School, Back to patching

    Posted on September 20th, 2021 at 02:39 Comment on the AskWoody Lounge

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    September is the month for in-the-wild patching.

    September is a month of change. From going back to school here in the United States to seasons changing all over the world, one thing remains constant: we have to patch. No matter what technology we have or use, it seems like this month, we’re patching it.

    From Apple devices that are getting a fix for the targeted attack that allowed journalists to be spied upon, to Chrome’s several vulnerabilities that have already been used in targeted attacks, to Microsoft’s ActiveX and Office bugs that have already been seen in active attacks, you will probably be patching sooner versus later.

    Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).

  • Tasks for the weekend – September 18, 2021 – it’s squirrel away time

    Posted on September 18th, 2021 at 23:38 Comment on the AskWoody Lounge

    (Video here) It’s squirrel away time. Time to download a copy of Windows 10 21H1 and ensure you have a copy in case you need it to do a repair install or a clean install.

    To do this go to the Windows 10 ISO page and download a copy and place it on your computer or to a spare flash drive.

    We think that 21H2 might be coming out soon but we’re not sure when. Microsoft is very focused on Windows 11 and I’ve yet to see an announcement surrounding the release of 21H2. Regardless I recommend downloading a copy and keeping it aside.

    The other day I reinstalled from scratch on my home Lenovo laptop due to the fact that I wanted to really clean it up and it was slow in connecting via RDP. Once I got done installing the Windows 10, I went into device manager to see if there were any missing drivers. There were some missing. Even looking at the optional updates via Windows updates didn’t find all of the drivers. I ultimately went to the vendor web site and downloaded the drivers from there. There are a lot of third party websites out there that advertise that they can update your drivers. I strongly recommend not using these sites as some of them have less than stellar reputations.

    As always if you have any issues with your computer, we’re here to help.

  • November 1 – basic auth is really being shut off

    Posted on September 16th, 2021 at 23:59 Comment on the AskWoody Lounge

    PK reminded me of this the other day:

    New minimum Outlook for Windows version requirements for Microsoft 365 – Microsoft Tech Community

    What is it?

    Microsoft is finally (after a delay due to the pandemic) shutting off “basic” authentication to Microsoft 365. So if you have an older Outlook that you are using to access Microsoft 365 this will impact you as there is no longer any grace period. Basic authentication is older, less secure way of passing usernames and passwords to the hosted email.  Attackers go after basic authentication and can gain access, thus it’s EXTREMELY good that they are FINALLY shutting this off once and for all. But that said, it doesn’t make it easier for you if you love Outlook 2010.

    But I don’t have Microsoft 365, what do I care?

    Ah but do you have your email through a service like Godaddy which these days uses Microsoft 365 on the back end? I’ve also seen some ISPs offer their email through Microsoft 365.

    Bottom line if you use an older Outlook – like Outlook 2007 or 2010 you need to migrate off of those desktop versions if you connect to Microsoft hosted email.

    Remember if you are not a fan of the newer Outlook there are other options including the web based version of Outlook but be aware that Thunderbird may not work, especially in a business setting.

    How can I know what my ISP uses?

    I’d check their help forums (yea, I know that’s not a great answer), or ask here and we’ll see if we can figure it out for you!  I’ll remind you again in the newsletter when it gets closer to November 1.

  • September 2021 – it’s patch day!

    Posted on September 14th, 2021 at 12:53 Comment on the AskWoody Lounge

    This week is clearly “patch the zero day” week.  Yesterday we had Apple, also Chrome fix several zero days.

    Today we have the Microsoft version.  Now while Adobe doesn’t have any zero days in their release bundle, if you are (still) a user of Adobe Acrobat or Reader, you’ll be getting and wanting an update.

    Today we are fixing the Microsoft zero day MSHTML vulnerability I wrote about the other day. If you used the registry key to protect yourself, when I give the all clear I’ll remind you to undo that.

    One thing I’m not clear on from initial read of my usual sources of Dustin Childs and Bleeping computer is the situation with the print spooler. There are more print spooler bugs being fixed – but are they the ones we were concerned about that were carried over from prior months that kept me urging you to keep the print spooler service disabled? I’ll be digging into that question.

    Stay tuned, deeper analysis by this weekend.

    As always for those that DO have a backup, like to be the beta testers for the rest of us, do let us know of any issues you see. In the meantime I’ll be watching and accumulating the facts – and not the rumors – as we always do here on AskWoody.

    Don’t forget to sign up for either the twitter alerts or the newly minted text alerts:

    Want to get alerted when the AskWoody MS-DEFCON status changes?

    MS-DEFCON Alert system

    If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

    Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

    Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

  • Security patches for Apple – Sept 13

    Posted on September 13th, 2021 at 12:44 Comment on the AskWoody Lounge

    Security patches for Apple:

    https://support.apple.com/en-us/HT212807

    Apple is patching two “in the wild” zero days – 1 in CoreGraphics (aka CVE-2021-30860) and 1 in WebKit (CVE-2021-30858)

    Patches for iOS 14.8 and iPadOS 14.8

    1 zero-day fixed in Security Update 2021-005 Catalina
    2 zero-days fixed in macOS Big Sur 11.6


    2 zero-days fixed in iOS and iPadOS 14.8

  • PrintNightmare still a nightmare for patchers

    Posted on September 13th, 2021 at 02:41 Comment on the AskWoody Lounge

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    As we start to ready ourselves for the September updates, we’re still haunted by the PrintNightmare issues from the August updates.

    The good news for home users and consumers is that we haven’t seen the August updates triggering side effects with printers. For business users, there are still issues requiring vigilance.

    Read the full story in the AskWoody Plus Newsletter 18.35.0 (2021-09-13).

  • 20 years ago

    Posted on September 11th, 2021 at 20:39 Comment on the AskWoody Lounge

    (USA centric post)

    My first airplane flight to San Francisco – back when you dressed up for airline travel

    I’ve always been a fan of travelling. Cars, Trains, Planes. The anticipation is part of the fun. And with planes I’ve always been amazed at how this metal heavy thing can start down this pavement and magically lift off and …well…. fly. When an impressive plane flew over my house as a child, I’d stop.  I’d look up and marvel at the technology that the Wright Brothers had started us down the road to have. Being on the West coast of the Country my only complaint about flying is that I wish we would invent time travelling as I have to get up extremely early to take flights heading east.  Over time I got lulled into taking the sights and sounds of an Airplane taking off as normal and wouldn’t bother to stop and look up.

    What I remember from the days after 20 years ago was the quiet in the days after. I live in an area of my city where the planes typically take off over my head regularly. When the wind shifts and rain is forecasted the planes come in for landing over my house. I work next to the Airport so the sounds of planes taking off and landing is a normal sound that normally I take for granted and tend to tune out. So when all of the planes flying that day were grounded it went strangely quiet. Very very quiet. For the next few minutes and hours the only planes I heard were ones from our local Air National Guard that initially were scrambling to track and follow planes that were not following the diversion orders. Instead of their lazy oval where they would swing towards the Sierra Nevada mountain range and back to the Airport like they would normally do, they went due West to the Coast.

    For the next several days and nights the only jet sounds I heard was the air national guard and the after burner boost they’d kick in when climbing to patrol the California coastline. Needless to say it was eerie to just hear those jets and no other Airplane in the sky. No Cessnas, no Commercial Jets, no Propellers.

    I knew of several folks that were at an industry conference that had to scramble to find ways home (including trains and cars) because planes were grounded for several days. When the airline traffic got back to “normal” several days later, that 6 a.m United flight that took off over my house made me pause once again and look up. It was honestly reassuring to hear that flight take off.

    So as we come up to the 20th anniversary, I’m looking at the technological aspects of the anniversary. Some of the iconic historical coverage is now lost due to the loss of Flash in our browsers. We now have much more technology than we did back then to be able to communicate with each other (some might argue that social media is not such a good thing).

    The loss of life is incalculable. But I also grieve at the loss we have now of how the Internet is dividing us more than it should.  On this anniversary take the time to stop. Look up the next time you see an Airplane. Marvel at the technology it now uses to be where it’s at. But at the same time, enjoy life. Because you never know.

    (Note: I’m skipping the tasks for the weekend in honor of the anniversary – I’m doing step by step posts on setting up EaseUS and Macrium to make sure you do a backup before the upcoming patching week.)

     

     

  • Zero day CVE 2021-40444

    Posted on September 10th, 2021 at 21:49 Comment on the AskWoody Lounge

    What is it?

    It’s (yet another) zero day attack that is a TARGETED only attack using Office and RTF file  to take ownership of your machine. Microsoft has updated it’s security advisory with mitigation advice.

    Who is getting attacked?

    At this time just targeted folks – meaning large companies, governmental entities, I’m not seeing widespread buzz that it’s being widely seen. I’m not seeing chatter that it’s impacting smaller firms or individual users at this time.

    What if I want to protect myself just in case?

    I’ve put together a registry key to fully enable all of the protections which include disabling word documents and rtf files in the preview pane.

    To enable this protection click on THIS registry file.

    Download THIS file to reenable it should Microsoft patch it next Tuesday.

    What does the enable registry key do?

    I bundled all of the settings included in that advisory in one reg file.   Note while I did include the setting for removing [-HKEY_CLASSES_ROOT\.docm\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]  for the docm value in my registry my system didn’t have that value from the get go. Yours may have it so I’ve included it in the registry file.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    “1001”=dword:00000003
    “1004”=dword:00000003

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
    “1001”=dword:00000003
    “1004”=dword:00000003

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
    “1001”=dword:00000003
    “1004”=dword:00000003

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
    “1001”=dword:00000003
    “1004”=dword:00000003

    [-HKEY_CLASSES_ROOT\.docx\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]

    [-HKEY_CLASSES_ROOT\.doc\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]

    [-HKEY_CLASSES_ROOT\.rtf\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}]

    What does the reenable reg file do?

    It removes the Internet Settings and then puts all of those values regarding ShellEx back.

    Are there any side effects after making these registry changes?

    Honestly I didn’t see any, but then again, I don’t enable the preview pane in Windows Explorer in the first place.  I’ve only enabled it if I have a special project and I need to see a bunch of images. 99.9999999% of the time I don’t have it enabled.

    So why aren’t you sending out an AskWoody alert?

    Well I strongly believe that the AskWoody folks are smarter than the average bear. You know that you shouldn’t be clicking blindly on Office files. You know you shouldn’t be blindly opening up .rtf files. You probably don’t turn on preview pane in Windows explorer anyway.  I don’t. I find that it slows my computer down.  We know not to turn on preview pane in Outlook.

    Bottom line, if I see more chatter and change my mind I’ll let you know. But for now, I know that you are too smart to fall for this.  Look for more information in Monday’s newsletter.

    (Impacts all supported versions of Windows including Windows 11)

    Want to get alerted when the AskWoody MS-DEFCON status changes?

    MS-DEFCON Alert system

    If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

    Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

    Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

  • Where’s the security?

    Posted on September 10th, 2021 at 14:44 Comment on the AskWoody Lounge

    …so the average Windows 11 user launches Xbox game pass (extra fee), launches into teams (extra subscription), searches for hummingbird, falls into a museum (I don’t get that?), does a dance off in a video (keeping in mind that HEVC codecs are not included in Windows so …. how are we watching the teacher giving the tango lesson?)

    Uh… where’s the security? Isn’t that what we’re buying this for?

    (in the fine print:  Apps and services sold separately)