Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady on RunAsRadio Podcast

    Posted on August 9th, 2018 at 03:41 Kirsty Comment on the AskWoody Lounge

    To listen to Susan Bradley on the subject of patching and her recent patching surveys, you can download this week’s podcast from runasradio.com’s Show 596

  • Breaking: Susan Bradley to contribute to the AskWoody site

    Posted on February 21st, 2018 at 10:51 woody Comment on the AskWoody Lounge

    Miss your “Patch Watch” fix? Me, too.

    I’m absolutely bowled over that Susan Bradley has agreed to bring her Patch Watching to AskWoody. Her first post should appear shortly.

    Here’s what Susan admits about herself:

    Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (i.e. trying to buy something on ebay and wondering why the Internet was so slow). She wrote the Patch Watch column for Brian Livingston’s Windows Secrets, and was one of the authors of Windows Server 2008 Security Resource kit.

    In real life she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows Servers, an Exchange Server, desktops, a few Macs, several Windows mobile and iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm.

    What she’s too modest to say… Susan is, to my mind anyway, the foremost authority on patching in organizations. She’s long been my #1 guru on Microsoft patches, full stop. And I’m delighted that she’ll be posting on these pages.

    Susan and I don’t agree on everything — and that’s good! I tend to look at Microsoft patching through the bewildered users’ bloodshot eyes. Susan has a wider perspective, with constant exposure to SME and Enterprise patching problems in every corner of the globe.

    Join me in welcoming Susan and her new Patch Lady Posts.

  • MS-DEFCON 3: Get patched, but beware

    Posted on January 4th, 2013 at 21:20 woody Comment on the AskWoody Lounge

    It’s time to get caught up on your Microsoft patches.

    But there’s a problem. One of the patches is still causing problems – and we have several people posting here with details.

    Usually I try to use a green-light/red-light approach: either I recommend that you avoid all of the current patches, or I recommend that you install all of them. Keeping track of individual patches is a headache for most of you – and I don’t blame you for not wanting to sift through Microsoft’s detritus.

    This month, though, I really don’t have much of an option. The other December 2012 Black Tuesday patches are working well enough, and I figure you really should get them installed. 

    So here’s what I recommend. Go ahead and install all of the outstanding Microsoft patches EXCEPT MS12-078, which is identified in your Update list as KB 2753842. I haven’t heard of any real-world exploits that take advantage of that security hole, but I sure have heard a lot of wailing from people who have been zapped by it.

    While you’re thinking of it, if you run Internet Explorer 6, 7 or 8 (Nota Bene: if you have Windows XP, you are running IE 6, 7 or 8), you need to apply a Microsoft Fixit to plug a gaping hole in IE that’s currently being exploited. 

    A far better solution is to upgrade to IE 9, but if you have Windows XP that isn’t an option.

    To apply the Fixit, go to the Microsoft Security Advisory page, KB 2794220, scroll down and click on the first Fixit link that you see. (The second Fixit on the page is very poorly marked, but it’s the Fixit that undoes the first Fixit.) That’ll run a very simple program that plugs the security hole in IE 6, 7 and 8.

    To recap: Install all outstanding Microsoft patches, except MS12-078 / KB 2753842. And if you’re using IE 6, 7 or 8, and can’t upgrade to IE 9, run the Fixit.

    I’m moving us down to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Oh. One other important note. Usually Susan Bradley’s Patch Watch column in Windows Secrets Newsletter only appears in the paid version. (In a unique twist, you get to decide how much you want to pay for a subscription.) This week, though, Patch Watch appears in the free and online versions of the newsletter. If you’ve never read Susan’s columns, you should take a look. They’re by far the best source of understandable, detailed, unbiased advice about Microsoft patches you’ll find anywhere.

     

  • Best Practices for trouble-free Windows patching

    Posted on May 17th, 2012 at 11:31 woody Comment on the AskWoody Lounge

    Excellent Top Story by Susan Bradley, in this week’s Windows Secrets Newsletter.