Newsletter Archives

• Ready for the new patching year?

  Posted on January 9, 2024 at 12:10 CST by Susan Bradley • Comment in the Forums

  We start the new year off with – what else – vulnerabilities and some fixes.  Windows 11 and 10 get releases today.  Looks like 11 won’t get too many new things given that we didn’t have a preview release last month. The video “tips” are all about existing items, not new stuff.  KB5034123 is fixing the issue where “This update addresses a known issue that might affect some Wi-Fi adapters. They might not connect to some networks. This might occur after you install KB5032288 or KB5033375. This issue is more likely to occur if the Wi-Fi networks use 802.1x to authenticate. It is not likely that home networks will have this issue.” Also remember that “After February 2024, there are no more optional, non-security preview releases for Windows 11, version 22H2”

  Windows 10 22H2 gets KB 5034122 which includes some fixes for smart cards.

  .NET 8.0.1, 7.0.15 and 6.0.26 have been released along with older .NETs (see some of the listings here).  I’ll have the full spreadsheet of patches updated tomorrow.

  Part of the updates include a fix for Bitlocker and if you do not have bitlocker or device disabled this will be a non issue. IF you have bitlocker enabled or device encryption enabled I’ll want you to take some extra precautions. More on this in the upcoming newsletter, stay tuned.

  Just a kind reminder that this is ‘testing time’ and I’ll be updating the Master patch list for issues I spot.  Also remember that not every user of technology sees issues. Just because someone reports an issue doesn’t mean that everyone will be impacted.

  Windows Security Patch Lady Posts

• Just a reminder – you don’t want this setting

  Posted on December 16, 2023 at 22:03 CST by Susan Bradley • Comment in the Forums

  

  Remember how I don’t recommend preview updates?  I also don’t recommend that you opt into them either.

  As Alex pointed out back in November, Microsoft is “backporting” into Windows 10 some of the same buttons and features that Windows 11 has. One of them is this button that you can turn on, or in my case, strongly recommend you keep off, the “Get the latest updates as soon as they are available.

  No, we don’t want to be beta testers anymore than we are now.

  Just a reminder, still haven’t approved updates, still monitoring for side effects.

  Windows Security Patch Lady Posts

• July’s Patch Tuesday is here

  Posted on July 11, 2023 at 11:45 CDT by Susan Bradley • Comment in the Forums

  For those of you in business, Microsoft decided that today – of all days – was the day to announce that “Microsoft rebrands Azure Active Directory to Microsoft Entra ID”  Azure AD is the cloud version of Microsoft active directory, which is what I’m probably going to call it for the rest of my life and not “Entra ID”.

  Meanwhile back in the real world of day to day workstations of Windows and Apple, those rapid release patches of yesterday have been pulled due to a bug in Safari (showcasing that testing is hard for everyone).

  On the Windows platform, I want you to be in deferral mode as we watch for the testing results.  I’ll add more details as the patches come out.

  Highlights for Windows 11, version 22H2:
  -Expands the roll out of notification badging for Microsoft accounts on the Start menu (aka annoy you to not use a local account)
  -Improves the sharing of a local file in File Explorer with Microsoft Outlook contacts
  -Adds live captions for several languages

  If you kept Edge as default and Chrome would launch app controls, this update should fix that. If you kept Chrome as default you probably didn’t notice it.

  Dustin Child’s Zero day blog.

  Ghacks link

  Remember Windows 10 22H2 is only receiving security updates now so it’s the stable/boring version of Windows.

  If you are a WSUS patcher, detection looks to be borked – as in it’s not seeing your machines as needing updates. Microsoft will have to fix the detection.

  Windows Security July Black Tuesday, Patch Lady Posts

• Master Patch List as of June 13, 2023

  Posted on June 15, 2023 at 01:22 CDT by Susan Bradley • Comment in the Forums

  I’ve updated the Master Patch list for the May releases.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.

  So far trending issues are:

  Consumers:

  Chrome may have some issues after the June updates – Triggered by malwarebytes – see their KB

  Business side effects:
  
  Users of Windows Hello may get an extra OOBE prompt.

  Manual registry keys have to be deployed to be fully patched. Testing the impact and will report back. I do not see this as a concern for consumers just potentially targeted businesses.

  June turns on Enforcement by Default comes with the June updates regarding CVE-2022-38023 ( KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 – Microsoft Support ).

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Drops out of support this month
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level

  Windows Security Master Patch List, Patch Lady Posts

• Ready for June updates?

  Posted on June 13, 2023 at 10:26 CDT by Susan Bradley • Comment in the Forums

  Remember this is the final month that Windows 10 22H1 will receive updates. This is the final time that version will receive a security update. So for Windows 10 I want you to be on 22H2.

  But for Windows 11, unless you’ve recently purchased a Windows 11 machine and are already ON Windows 11 22H2 I still recommend staying on 21H2.

  Remember you can use the SAME tools to control updates on Windows 11 as you can on 10. So InControl, works to keep that 11 on 21H2. The www.blockapatch.com tools all work.

  So now, buckle our seatbelts, here comes June updates!

  (As you can tell I STILL cannot name the dang versions worth a darn)

  Random thoughts and notes for the upcoming newsletter:

  There is a vulnerability that in order to fully enable the fix you have to enable a registry key that is different on each OS – see here. Say what?

  Side effects being seen:  If you use the Windows hello for authentication – you’ll get a Windows hello “pop” after the installation of the patch.  Ignore it – appears to be a bug.

  Windows Security June 2023 Black Tuesday, Patch Lady Posts

• Master Patch List as of May 9, 2023

  Posted on May 10, 2023 at 22:41 CDT by Susan Bradley • Comment in the Forums

  I’ve updated the Master Patch list for the May releases.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.

  So far trending issues are:

  Business patchers – In order to fully patch systems for potential UEFI/Secure Boot there are a series of manual steps. I am NOT convinced that this is needed for anyone other than targeted nation state organizations. I’ll have exact instructions and a video should you want more information.

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level

  Windows Security Master Patch List, Patch Lady Posts

• It’s May updating time!

  Posted on May 9, 2023 at 10:45 CDT by Susan Bradley • Comment in the Forums

  It’s that time of the month that I’ll urge you to pause your updates on your Windows platforms, but review any pending updates on your Apple platforms.  Recently Apple’s “Rapid response” patches weren’t quite as “rapid” as we would all like.  In fact on my iPhone iOS 16.4.1 is still pending even though I have auto updates enabled.

  

  I’ll be discussing what SHOULD have occurred in Sunday’s newsletter.  In the meantime, let’s keep an eye out for this month’s Windows releases:

  49 vulnerabilities if the count here is correct

  Windows 11 22H2 has a new toggle button

  • New! This update adds a new toggle control on the Settings > Windows Update page. When you turn it on, we will prioritize your device to get the latest non-security updates and enhancements when they are available for your device. For managed devices, the toggle is disabled by default. For more information, see Get Windows updates as soon as they’re available for your device.

  As well as fixing issues in both Windows 11 22H2 and 21H2 as well as Windows 10  in the newly released Windows Local Administrator Password Solution

  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is 0xc0000005.

  Remember if you aren’t on Windows 10 22H2 at this time, I’ll want you to move to 22H2 as June 13, 2023 is the last time Windows 10 home and Pro 21H2 get updates. Windows 10 Enterprise and Education, Windows 10 IoT Enterprise, and Windows 10 Enterprise multi-session will still be serviced (apologies had that backwards). 20H2 is now fully out of support.

  Ugh.  There is a secure boot vulnerability that is being “fixed” with code in the May updates, but not fully implemented.  Because you need PHYSICAL access or administrative rights to install code, this is yet another of those updates that will need to be “risk” rated for additional action.  I’ll go into this more in the newsletter.

  Windows Security May 2023 Black Tuesday, Patch Lady Posts

• Master Patch List April 11, 2023

  Posted on April 13, 2023 at 15:05 CDT by Susan Bradley • Comment in the Forums

  I’ve updated the Master Patch list for the April releases.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.

  So far trending issues are:

  Business patchers – weird Google chrome issue after installing kb5025221 if your group policy is used to set Chrome as default

  Also I’ll update the list for the SQL updates but I wanted to get the other updates out for you

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Security Master Patch List, Patch Lady Posts

• The patching showers of April

  Posted on April 11, 2023 at 12:14 CDT by Susan Bradley • Comment in the Forums

  Apple did their patching showers yesterday – another zero day fix

  iOS and iPadOS 15.7.5 – 2 bugs fixed
  macOS Monterey 12.6.5 – 1 bug fixed
  macOS Big Sur 11.7.6 – 1 bug fixed

  Now it’s Microsoft’s turn….

  97 vulnerabilities, 7 critical, 1 exploited

  Also out today… The AD team at Microsoft is proud to announce that with today’s Patch Tuesday updates, our new Windows Local Admin Password Solution (aka Windows LAPS) is available in all in-market builds of Windows – Win10 & Win11 clients and Server 2019 & 2022 SKUs!

  As usual, time to sit back, watch the testing occur and see what shakes out this month.

  Note that Windows 10 21H2 drops out of support in June unless you have edu or enterprise – so check what version of Windows 10 you are on. There’s no big changes for Windows 10 so I honestly don’t anticipate seeing any side effects. As always I will keep you up to date on the Master patch listing.

  This is interesting… there is only a security release for Publisher this month.

  No non security Office updates were released either. A VERY light Office release this month.

  Windows Security April 2023 Black Tuesday, Patch Lady Posts

• Are you checking your backup tonight?

  Posted on March 31, 2023 at 21:59 CDT by Susan Bradley • Comment in the Forums

  As Alex pointed out …. today is World Backup day.

  Just a reminder, issues like ransomware can be thwarted by having a backup. Specifically, something that the bad guys can’t touch. So rotate out those hard drives. Have a cloud backup with versioning that is protected from access. Make sure you are protected.

  Now while this is a marketing session that demands you sign up and register – I still enjoy Jessica Payne and her talks how how we can do better against ransomware. From the recent Microsoft Secure session.

  Windows Security Patch Lady Posts

• Master Patch list as of March 15, 2023

  Posted on March 16, 2023 at 00:54 CDT by Susan Bradley • Comment in the Forums

  

  I’ve updated the Master Patch list for the March releases.

  Remember to always review the known issues we are tracking on the Master Patch List. I will keep the latest info there.  Right now the big trending issue is the issue where Windows 10 22H2 doesn’t seemingly reboot if you manually check for updates. If you use Start11, StartAllBack, and ExplorerPatcher  make sure you update to the latest on Windows 11.

  I am recommending at this time that you install Apple updates, I’m not recommending Windows updates at this time. I’ll have more details in the newsletter on Monday.

  • Windows 11 22H2: Not recommended
  • Windows 11 21H2: If you have a Windows 11 PC, recommended
  • Windows 10 22H2: Recommended
  • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)
  • Apple Ventura – Recommended for newer hardware – as always check with the applications you rely on if they recommend this release.

  As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  Windows Security Master Patch List, Patch Lady Posts

• March madness here we come

  Posted on March 14, 2023 at 12:50 CDT by Susan Bradley • Comment in the Forums

  Ready or not – here comes the March updates. Remember by this time you need to have a backup and defer updates (unless you are one of the souls who like to be the beta testers for the rest of us.

  Interesting items of note:  Outlook vulnerability used in TARGETED only attacks and impacting NTLM (translation – businesses with Exchange servers not consumers/home users. If you have click to run Office this will be auto updated.

  There is also a ‘smartscreen’ vulnerability where Edge can be tricked into thinking something isn’t from the web and not scan it. This will be auto updated when Edge updates.  When we finally update Windows the smartscreen as a whole will be updated. But again, we don’t blindly download things do we?

  Both are more business only – not consumer/home targeted so I’m not changing my “hold off and wait to patch” stance in any way.

  Remember Windows 11 22H2 gets “moments” releases – I’ll be reporting if my registry key works on Windows 11 Home computers.

  More links as they come live…..

  Also business impact:

  This update implements phase three of Distributed Component Object Model (DCOM) hardening. See KB5004442. After you install this update, you cannot turn off the changes using the registry key.

  This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is, “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’” For more information, see KB5020276.

  Dustin Childs’ zero day blog

  Windows Security March 2023 Black Tuesday, Patch Lady Posts
• « Older Entries

  Newer Entries »