Newsletter Archives

• Patch List for August 13, 2024

  Posted on August 15, 2024 at 08:13 CDT by Susan Bradley • Comment in the Forums

  Once again I don’t recommend installing updates at this time.  I’ve updated the master patch list here.

  In my early consumer testing I’m personally not seeing anything but it’s way too early to be calling it at this point. There is a replaced update for KB5034440/KB5034441 updates, but be aware it’s only offered up IF you have enough free space.  Thus I don’t consider KB5042321 a true replacement for those updates. If you had size issues before, this update will not be offered up to you.

  As always, thank you all for supporting the cause! Remember we use the “name your price” model where you can choose how much you will pay for  a membership . Plus membership gives you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  More details about these updates in Monday’s newsletter.  You are missing out if you don’t sign up. All content is human made with our own blood, sweat, tears, fingers and brain power and 100% AI free.  Therefore, if I’ve fat fingered any KB numbers or if you have any questions, as always post in the forums and I’ll follow up!

  Windows Patches/Security Master Patch List, Patch Lady Posts

• Here comes August 2024 updates

  Posted on August 13, 2024 at 12:18 CDT by Susan Bradley • Comment in the Forums

  Ready or not, here we go for the August updates.

  First up Windows 11 23H2/22H2 KB5041585

  Microsoft indicates it will be addressing the following issues:

  • [BitLocker (known issue)] A BitLocker recovery screen shows when you start up your device. This occurs after you install the July 9, 2024, update. This issue is more likely to occur if device encryption is on. Go to Settings > Privacy & Security > Device encryption. To unlock your drive, Windows might ask you to enter the recovery key from your Microsoft account.
  • [Lock screen] This update addresses CVE-2024-38143. Because of this, the “Use my windows user account” check box is not available on the lock screen to connect to Wi-Fi.
  • [NetJoinLegacyAccountReuse] This update removes this registry key. For more information refer to KB5020276—Netjoin: Domain join hardening changes.
  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.

  Windows 10 22H2 KB5041580 

  Interestingly enough ALSO refers to those same issues being addressed…but only linked under the Windows 10 LTSC releases……I’ll be asking around as to what that means.

  As usual this is the time for us battle tested veterans to test and see how the waters are. For the rest of the Askwoody readership, put yourself on pause, ensure your backups are working and wait as I see what shakes out.

  More in Monday’s newsletter. Don’t forget to join so all the details can be sent to your inbox.

   

  Windows Patches/Security Patch Lady Posts

• Patch List for July 2024

  Posted on July 11, 2024 at 12:14 CDT by Susan Bradley • Comment in the Forums

  We’re still in testing mode for this month’s updates. I’ve updated the master patch list here.

  In my early consumer testing we’re seeing some folks having issues getting Office updated. My recommendation is to put it on defer and wait until Microsoft gets to the bottom of the issue.

  For business patchers this is a month with a lot of SQL updates.  If you rely on RDGateway be aware that some are reporting crashes in TSgateway after installing the updates.

  If you use radius server – be aware of  KB5040268

  Server print problems with SAP — see link

  As always, thank you all for supporting the cause! Remember we use the “name your price” model where you can choose how much you will pay for  a membership . Plus membership gives you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  More details about these updates in Monday’s newsletter.  You are missing out if you don’t sign up. All content is human made with our own blood, sweat, tears, fingers and brain power and 100% AI free.  Therefore, if I’ve fat fingered any KB numbers or if you have any questions, as always post in the forums and I’ll follow up!

  Windows Patches/Security Master Patch List, Patch Lady Posts

• July updates out – still tracking Office updating issues

  Posted on July 9, 2024 at 12:15 CDT by Susan Bradley • Comment in the Forums

  July updates are out and as usual Microsoft is dribbling out changes.

  At this time we are tracking an issue with SOME (not all) Office 2019 installs. My advice is to sit tight and not start ripping out Office.

  In addition, you might start seeing the name of Outlook change to “classic” Outlook. Remember we’re in this awkward transition right now between classic Outlook (aka the one that works) and New Outlook (aka the one that is missing features like offline use, support for plug ins – they have to be rewritten). My advice if you are on Microsoft 365 is to ensure you are on the slower patching channel. More in next week’s Patch Watch.

  For now settle in, ensure your backups are working, let those that test these patches do their thing and I’ll be running my own tests on various workstations, servers, etc., as well as keeping an eye out for side effects.

  Adobe released updates for Premier Pro, InDesign and Bridge (nothing for PDF)

  Here are some of the changes for Windows 10:

  Note this is JUST for EU:

  • New!  We are advancing the Copilot experience on Windows. The Copilot app is now pinned to the taskbar and behaves like an app. This gives you the benefits of a typical app experience. For example, you can resize, move, and snap the window. For existing Windows 10 PCs, the timing of availability and delivery method will vary. This might not be available to all users because it will roll out gradually.Important This feature only applies to new Windows 10 PCs and new Copilot+ PCs that ship to the European Economic Area (EEA)and other markets where Copilot is available.
  Windows Patches/Security Patch Lady Posts

• April updates pour in

  Posted on April 9, 2024 at 12:23 CDT by Susan Bradley • Comment in the Forums

  It’s that time again when we look to not only Microsoft but other vendors and whether or not we should patch. As always, I recommend that you hold back, get the lay of the land, see if we are issue free (or not), if the issues from last month have been resolved.

  In the meantime:

  149CVEs this month, we’re patching SQL server so if you have a database you weren’t aware of on your PC you might see an update.

  Looks like another bitlocker/secure boot fix.

  Bottom line this definitely is a hang back and don’t patch immediately month.  Windows 11 has “moments”, Windows 10 adds features to the lock screen.

  Dustin Childs’ zero day blog

  Ghacks blog

  I’ll be giving my take on the driver that prevents Edge browser take overs (hint it’s not as evil as the headlines is trying to make it out to be)

  BE AWARE if you have Bitlocker enabled:

  The April releases includes the following fix

  BitLocker Recovery: Some devices may go into BitLocker recovery. Be sure to retain a copy of your BitLocker recovery key before enabling the mitigations.

  Known Issues

  Firmware Issues: Not all device firmware will successfully update the Secure Boot DB or DBX. In the cases that we are aware of, we have reported the issue to the device manufacturer. See KB5016061: Secure Boot DB and DBX variable update events for details on logged events. Please contact the device manufacturer for firmware updates. If the device is not in support, Microsoft recommends upgrading the device.  (see the KB for the firmware impacted

  I’m still working on the Master Patch List (sorry Tax season combined with having a difficult time tracking down the KB numbers for SQL patches).  Will try to get it out by Friday night.

  Windows Patches/Security Patch Lady Posts

• March Madness begins

  Posted on March 12, 2024 at 12:08 CDT by Susan Bradley • Comment in the Forums

  Ready or not, here comes the March updates for Windows.

  Windows 10 22H2 gets KB5035845

  Known issues include:  “Copilot in Windows (in preview) is not currently supported when your taskbar is located vertically on the right or left of your screen.  To access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or bottom of your screen. We are working on a resolution and will provide an update in an upcoming release.”  This also removes the backup app from domain machines.

  Windows 11 23H2 and 22H2 get KB5035853.  This fixes the issue seen in earlier updates: “This update addresses a known issue that might affect the February 2024 security and preview updates. They might not install, and your device might stop responding at 96%. The error code is “0x800F0922.” The error message is, “Something did not go as planned. No need to worry – undoing changes. Please keep your computer on.””

  61 CVEs – see https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar 

  Exchange needs updating see – https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/ba-p/4075348

  If you are running Sonoma – remember 14.4 came out last week – https://support.apple.com/en-us/HT214084

  Zero day blog indicates it’s a mild March – now let’s see if it is in deploying these updates. Already got an early report that KB5035849 on Server 2019 is failing to download with an 0xd000034 error.

  Can repro personally:

  

  Windows Patches/Security KB5035845, KB5035853, Patch Lady Posts

• KB5034441 and KB5034440

  Posted on January 23, 2024 at 16:36 CST by Susan Bradley • Comment in the Forums

  I’ve been getting some emails regarding our coverage of the Windows Recovery partition problem. One question was whether this applies to Windows 10 only, or both Windows 10 and 11.

  It could be both.

  There are two specific Microsoft knowledge base posts about this  — KB5034441 for Windows 10 and KB5034440 for Windows 11. Both refer to CVE-2024-20666, BitLocker Security Feature Bypass Vulnerability.

  As I have previously noted, the problem showed up rapidly on Windows 10 PCs and, so far, rarely on Windows 11 PCs. That accounts for our slightly one-sided coverage. Also note that KB5034440 only calls out Windows 11 21H2. For Windows 11 22H2 and 23H2, the vulnerability noted in  CVE-2024-20666 is being patched as part of the cumulative windows update of KB5034123. We’ll have more on these nuances in next week’s alert.

  Windows Patches/Security CVE-2024-20666, KB5034440, KB5034441, Windows Update

• Master patch list for December 12, 2023

  Posted on December 13, 2023 at 23:14 CST by Susan Bradley • Comment in the Forums

  
  I’ve updated the Master Patch list for the December updates.  I’ll be updating the page for any known issues or issues that we are tracking. I will keep the latest info there.  There are no .NET updates this month so the updates are installing pretty quickly.

  Mind you at this time I still have not given the go ahead. But I know some of you are testing updates at this time.

  Windows 10 unmanaged PCs may start to see Copilot.  To disable this use Download reg file to disable Windows Copilot  I’ve seen it dribbled on some, but not all machines.

  As always, thank you all for supporting the cause! Remember we use the “name your price” model where you can choose how much you will pay for  a membership . Plus membership gives you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.  More details in Monday’s newsletter.  You are missing out if you don’t sign up. All content is human made with our own blood, sweat, tears, fingers and brain power and 100% AI free.  Therefore, if I’ve fat fingered any KB numbers or if you have any questions, as always post in the forums and I’ll follow up!

  Windows Patches/Security Master Patch List, Patch Lady Posts

• We need a little December Copilot

  Posted on December 12, 2023 at 12:48 CST by Susan Bradley • Comment in the Forums

  Well…. some of us want the present of Copilot and some of us would rather get that gift after the bugs get worked out.  Once again we have the December updates – the LAST updates to be installed for 2023.  Remember we are in test and watch out for issues mode right now.

  To see what changes are coming to Windows 10 you can check out the details in the November 30 preview update.

  I’ll be researching and documenting the side effects on the Master Patch list. In the meantime if you have an Ipad or iphone, especially an older version, ensure you update it ASAP for zero day patches out yesterday.

  This is a small release month.  Four critical bugs, 29 important. NO zero days (unlike Apple)

  Two of them look prime for being abused by Ransomware actors, the MSHTML bug of CVE-2023-35628 and the Outlook bug of CVE-2023-35636 both look like attackers will use these to allow remote unauthenticated attackers to use email as a vector to gain more access as well as disclose NTLM hashes.

  Windows Patches/Security CVE-2023-35628, CVE-2023-35636, Patch Lady Posts

• Need to uninstall an update?

  Posted on November 18, 2023 at 22:17 CST by Susan Bradley • Comment in the Forums

  It’s really easy to uninstall an update and then pause updates while we investigate what’s going on with the patches. Remember I have NOT approved installing updates at this time and if you have installed them and are seeing interactions with third party menu or file explorer programs you can uninstall the updates.

  I’ve uploaded a video here of the process for both Windows 10 as well as Windows 11. Once you’ve uninstalled the update, don’t forget to pause updates so that it won’t attempt to reinstall again tomorrow.

  If you HAVE installed the updates and are not seeing issues, keep them installed. If you haven’t yet installed the updates, remember I have not changed my recommendations at this point in time, I’m still in pause mode and I’m personally testing and monitoring for issues.

  Got questions?  Ask in the forums!

  Windows Patches/Security Patch Lady Posts

• Copilot coming to Windows 10

  Posted on November 16, 2023 at 12:19 CST by Susan Bradley • Comment in the Forums

  

  Just confirmed on the Windows update twitter feed, Copilot will be coming to Windows 10

  But don’t panic, we will have registry keys and information to block it if you don’t want it.

  I kinda figured this was coming, they have to justify the price tag somehow.

  Just like with 11, it won’t be pushed to “managed” devices.  For unmanaged (those controlled only by Windows update as in Home computers), we will have registry keys and blocking info on the Master Patch List page and articles coming in future newsletters.  Don’t worry, we got your back and will keep you in control of your operating system.

  Windows Patches/Security Master Patch List, Patch Lady Posts

• Master Patch List as of November 14, 2023

  Posted on November 16, 2023 at 01:53 CST by Susan Bradley • Comment in the Forums

  
  I’ve updated the Master Patch list for the November updates.  I’ll be updating the page for any known issues or issues that we are tracking. I will keep the latest info there.  Some people are reporting that updates are taking a bit longer to install.

  I’ve also seen some reports of interactions with the start menu for some users. It’s unclear to me right now if these are folks with third party start menu customization. But remember you can ALWAYS uninstall and defer an update while we wait to see if others are reporting issues.

  Click on start, Open Settings. Click on Update & security. Click on Windows Update. Click the Update history link. On Update history, you can view which updates were installed. Click on the update number to uninstall the update.

  If you have an HP computer with ” HPAudioAnalytics Service ” this may delay the installation of updates and appear to get stuck at 30%. If you are impacted, temporarily stop the service.

  For business patchers it’s mandatory that you update your VMware tools – ensure you update your VMware servers to https://www.vmware.com/security/advisories/VMSA-2023-0024.html

  Windows 11 22H2 and 22H3 unmanaged PCs may start to see Copilot.  To disable this use Download reg file to disable Windows Copilot  I’ve seen it dribbled on some, but not all machines.

  As always, thank you all for supporting the cause! Remember we use the “name your price” model where you can choose how much you will pay for  a membership . Plus membership gives you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.  More details in Monday’s newsletter.  You are missing out if you don’t sign up. All content is human made with our own blood, sweat, tears, fingers and brain power and 100% AI free.  Therefore, if I’ve fat fingered any KB numbers or if you have any questions, as always post in the forums and I’ll follow up!

  Windows Patches/Security Master Patch List, Patch Lady Posts
• « Older Entries

  Newer Entries »