Newsletter Archives

  • Who is Susan Bradley?


    Chris Husted

    By Chris Husted

    In a fast-changing world where new apps and devices are released by the month and updates by the week, all driven by a vigorous dose of planned obsolescence, it comes as a blessing to meet someone who keeps the big picture in mind while making sure the day-to-day essentials are looked after.

    Read the full story in the AskWoody Plus Newsletter 18.21.0 (2021-06-07).

  • Patch Watch: February Patch Tuesday and yet more problems with the new Japanese calendar

    Patching insight from Patch Lady Susan Bradley, including an overview of this month’s voluminous Windows, Office, .NET, and other patches.

    If you’ve been following along, you know that Microsoft has had a wretched time fixing Windows and Office so they’ll work with the new Japanese date system. Here’s what’s going on — and why there’s so much energy being devoted to fixing the furshlugginer thing.

    In the new AskWoody Plus Newsletter issue 16.6.0 – out this morning. Now available – yes, for free — on AskWoody.

  • Patch Lady: Still on Win7? Get over it, for security’s sake

    Are you still running Windows 7? And if so, are you ready for its official end early next year?

    Here’s why I think moving to Windows 10 now is wiser than sticking with an OS that will become more and more unsecure.

    Susan Bradley takes a look at the risks of continuing beyond Jan. 14, 2020, with everybody’s favorite operating system. Well, almost everybody’s.

    In the new AskWoody Plus Newsletter issue 16.5.0 – out this morning.

  • Patch Lady on RunAsRadio Podcast

    To listen to Susan Bradley on the subject of patching and her recent patching surveys, you can download this week’s podcast from’s Show 596

  • Breaking: Susan Bradley to contribute to the AskWoody site

    Miss your “Patch Watch” fix? Me, too.

    I’m absolutely bowled over that Susan Bradley has agreed to bring her Patch Watching to AskWoody. Her first post should appear shortly.

    Here’s what Susan admits about herself:

    Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (i.e. trying to buy something on ebay and wondering why the Internet was so slow). She wrote the Patch Watch column for Brian Livingston’s Windows Secrets, and was one of the authors of Windows Server 2008 Security Resource kit.

    In real life she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows Servers, an Exchange Server, desktops, a few Macs, several Windows mobile and iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm.

    What she’s too modest to say… Susan is, to my mind anyway, the foremost authority on patching in organizations. She’s long been my #1 guru on Microsoft patches, full stop. And I’m delighted that she’ll be posting on these pages.

    Susan and I don’t agree on everything — and that’s good! I tend to look at Microsoft patching through the bewildered users’ bloodshot eyes. Susan has a wider perspective, with constant exposure to SME and Enterprise patching problems in every corner of the globe.

    Join me in welcoming Susan and her new Patch Lady Posts.

  • MS-DEFCON 3: Get patched, but beware

    It’s time to get caught up on your Microsoft patches.

    But there’s a problem. One of the patches is still causing problems – and we have several people posting here with details.

    Usually I try to use a green-light/red-light approach: either I recommend that you avoid all of the current patches, or I recommend that you install all of them. Keeping track of individual patches is a headache for most of you – and I don’t blame you for not wanting to sift through Microsoft’s detritus.

    This month, though, I really don’t have much of an option. The other December 2012 Black Tuesday patches are working well enough, and I figure you really should get them installed. 

    So here’s what I recommend. Go ahead and install all of the outstanding Microsoft patches EXCEPT MS12-078, which is identified in your Update list as KB 2753842. I haven’t heard of any real-world exploits that take advantage of that security hole, but I sure have heard a lot of wailing from people who have been zapped by it.

    While you’re thinking of it, if you run Internet Explorer 6, 7 or 8 (Nota Bene: if you have Windows XP, you are running IE 6, 7 or 8), you need to apply a Microsoft Fixit to plug a gaping hole in IE that’s currently being exploited. 

    A far better solution is to upgrade to IE 9, but if you have Windows XP that isn’t an option.

    To apply the Fixit, go to the Microsoft Security Advisory page, KB 2794220, scroll down and click on the first Fixit link that you see. (The second Fixit on the page is very poorly marked, but it’s the Fixit that undoes the first Fixit.) That’ll run a very simple program that plugs the security hole in IE 6, 7 and 8.

    To recap: Install all outstanding Microsoft patches, except MS12-078 / KB 2753842. And if you’re using IE 6, 7 or 8, and can’t upgrade to IE 9, run the Fixit.

    I’m moving us down to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Oh. One other important note. Usually Susan Bradley’s Patch Watch column in Windows Secrets Newsletter only appears in the paid version. (In a unique twist, you get to decide how much you want to pay for a subscription.) This week, though, Patch Watch appears in the free and online versions of the newsletter. If you’ve never read Susan’s columns, you should take a look. They’re by far the best source of understandable, detailed, unbiased advice about Microsoft patches you’ll find anywhere.


  • Best Practices for trouble-free Windows patching

    Excellent Top Story by Susan Bradley, in this week’s Windows Secrets Newsletter.