Should we panic?

Topic

New Reply

Gordon Kelly is out with a headline regarding to Quit Windows. Once again he has overblown the problem and overestimated the impact. First regarding s
[See the full post at: Should we panic?]

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

armond, teuhasn2, bbdokken, kewlputergeek, curious leo

Reply | Quote

Replies

Thank you for putting this issue in perspective.  I read Gordon Kelly’s article a few days ago and was surprised at how over-the-top his conclusions were.  I do appreciate Gordon Kelly’s review of Apple updates because he one of very few reviewers to not follow Apple’s update immediately recommendations.
During this time where we all need to be vigilant about our computer/device security it is not helpful to cry “wolf” at every reported vulnerability.

1 user thanked author for this post.

Susan Bradley

Reply | Quote

I have also long relied on his observations whenever iOS updates arrive.

It would be disappointing if his judgment is failing him when it comes to Windows security vulnerabilities. Fortunately we’ve got the AskWoody community to provide solid info about that.

---
Home machines: Windows 10 Pro (21H2), Windows 7 Home (Group B)
Work machines: Windows 10 Enterprise (21H2)

Reply | Quote

My panic bin is full, thank you, and if the sky is falling, it’s probably rain or snow or sleet.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

3 users thanked author for this post.

OldMainframeGuy, Myst, Cybertooth

Reply | Quote

Why would we listen to him when we have you !!!

Cheers!!
Willie McClure
“We are trying to build a gentler, kinder society, and if we all pitch in just a little bit, we are going to get there.” Alex Trebek

2 users thanked author for this post.

wavy, The Surfing Pensioner

Reply | Quote

Unfortunately, many people compulsively criticize to a) attract attention to themselves, and b) deflect any possible criticism that might come their way.

Reply | Quote

KevinTMC wrote:

I have also long relied on his observations whenever iOS updates arrive.

Just like with Windows Gordon Kelly cries wolf with every iOS updates.
Never took him seriously.

Reply | Quote

My method was to frequent the macRumors forum once iOS updates were issued for relatively quick feedback since circa 2012.
Found actual user feedback to be much more reliable, who had nothing to strive for, other than reporting issues and warning others. YMMV

If debian is good enough for NASA...

Reply | Quote

thanks for this update. I usually follow Gordon Kelly’s advice for IOS. But good to know about Macrumors – I am familiar with their website.  In general, it is just good to wait and see before installing updates (as is promoted here!)  However, after waiting a period of time, one must decide when is the right time to pull the trigger and knowing when to install immediately due to security risks is equally important.  So having good advice from reliable online sources is essential.  (what is ymmv?)

 

Reply | Quote

https://twitter.com/toxicreverend/status/1272744447390789633
“Microsoft Just Gave A Billion Users A Reason To Quit Windows 10

By Gordon Kelly, Forbes, June 14, 2020”
And this isn’t the first time….

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

The sky is falling! The sky is falling!

Ah no, that’s just Gordo being his usual hyperbolic, click-bait headline, self.
We love ya anyway Gordy.

If you haven’t done so already, please update your Edge and Chrome browsers ASAP.

Bleeping Computer
Emergency Google Chrome update fixes zero-day used in attacks

1) Open Edge and then hamburger menu
2) Click “Help and Feedback”
3) Click “About Microsoft Edge”

2 users thanked author for this post.

Dan, windbg

Reply | Quote

I didn’t think Edge’s update was out yet (ergo the issue of piggybacking on Chrome).  And yes, that’s what we SHOULD be doing today.

Chrome you need to be on 99.0.4844.84

Edge had an update on 3/24 but based on the fact that Chrome came out today, it normally takes Edge another day to get it in their builds.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

[b]

There will be confusion as this is the second Chrome/Edge zero-day announced since yesterday (although the first was patched five weeks ago).

ADDED:

March 25, 2022

Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security patch.

• This reply was modified 2 years, 11 months ago by b. Reason: Added MS ack

1 user thanked author for this post.

Carl

Reply | Quote

I think you are correct Sue.

Reply | Quote

Have a look at threat response times in a recent article by the same source linked in the main blog:
Google Project Zero
The results may surprise you….as well as the quality of patches 😉

If debian is good enough for NASA...

1 user thanked author for this post.

windbg

Reply | Quote

Overall, I’m somewhat encouraged by the slow and steady improvement of vendor response time. As much as I hate to admit it, Project Zero (Google) probably deserves some credit here.

1 user thanked author for this post.

Microfix

Reply | Quote

Can’t log into UPS MyChoice after upgrading Chrome to version 99.0.4844.84. Thought to let you know.

Reply | Quote

Not seeing that issue here?  What plugins/extensions are running?

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

armond

Reply | Quote

Well I only have IDM Integration Module. Disabling it also not helped. Restoring Chrome to an earlier build fixed the issue. Just wanted to share my experience. Thanks.

Reply | Quote

I don’t see any update for Fx ESR 91.7.1 from March 14.

Why go on about inferior browsers with problems?

Reply | Quote

@Mele20 –

The browser patch/update being talked about in this thread is for Chrome and Edge. FF (both regular and ESR versions) is not affected by the vulnerability that created a need for the patch/update.

R/

Bob99

Reply | Quote

Because the bulk of the users use Chrome and Edge is on many Windows 10.  With Security issues I always make sure that I cover the major browsers and/or the shipped browsers on systems.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

anonymous wrote:

The browser patch/update being talked about in this thread is for Chrome and Edge

I know. I just thought about Brave which is Chromium based. I use it ONLY to look at the weekly Safeway ad wiithout having to login and allow Safeway to track me more than it does already.

Brave has an update. I’ve had no problems in the past updating it on Windows 10 21H2 but it won’t update today. It says I need to reboot to finish the update. That does NOTHING. One of the reasons I don’t use Brave (except to see the Safeway ad) is because it has too many, too frequent updates. I hate that with any browser so I use browsers that work for me and don’t update constantly. (A need to update for a security patch is an exception and that is why I was trying to update it).

Reply | Quote

…Brave has an update. I’ve had no problems in the past updating it on Windows 10 21H2 but it won’t update today. It says I need to reboot to finish the update. That does NOTHING. …

@Mele20 –

If you haven’t done so already, I strongly advise you to reboot, per the request from Brave, so it can finish installing the update, which, since Brave is Chromium-based, will patch the vulnerability that exists.

 

Reply | Quote

Bob99 wrote:

…Brave has an update. I’ve had no problems in the past updating it on Windows 10 21H2 but it won’t update today. It says I need to reboot to finish the update. That does NOTHING. …

@Mele20 –

If you haven’t done so already, I strongly advise you to reboot, per the request from Brave, so it can finish installing the update, which, since Brave is Chromium-based, will patch the vulnerability that exists.

 

Reading the comment, it seems there is a problem with Brave not updating when restarted. Try installing over the top. If that fails, uninstall and reinstall. If that fails.https://community.brave.com/

Reply | Quote

‘blinkers’ off, don’t panic just update

25/03/22 Chrome released version 99.0.4844.84 current stable for desktop.
https://chromereleases.googleblog.com/
for CVE-2022-1096 (rated High) ‘Type Confusion in V8. Reported by anonymous on 2022-03-23’
which is in-the-wild.

Expect Edge/ brave and other webkit browsers to issue yet another update over the weekend…

If debian is good enough for NASA...

Reply | Quote

I wish Gordon Kelly would quit getting paid to write articles.

1 user thanked author for this post.

Alex5723

Reply | Quote

anonymous wrote:

Try installing over the top

What do you mean by “over the top”?

Reply | Quote

Install over the previous version without uninstalling first.

1 user thanked author for this post.

Mele20

Reply | Quote

Gordon Kelly is a tech sensationist in his articles. I am surprised the WSJ allows such crappy journalism. He has always been a Chicken Little sky is falling type person. I don’t bother reading his stuff anymore.

Reply | Quote

Sorry, I meant Forbes not WSJ.

Reply | Quote

well, Vivaldi have issued an update today:
https://vivaldi.com/blog/desktop/minor-update-five-5-1/
nothing yet from MS or Brave /tsk

If debian is good enough for NASA...

Reply | Quote

Microfix wrote:

25/03/22 Chrome released version 99.0.4844.84 current stable for desktop.

0-day security bug that is exploited in the wild.

Reply | Quote

As of the writing of this post (10:30 am CDT/Server time), my version of Edge is 99.0.1150.52, and it says it’s fully up to date.

However, the day (Match 26th) is still young in my neck of the woods, so time will tell.

R/

Bob99

Reply | Quote

Edge update now out:

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: March 26, 2022
**************************************************************************************

Summary
=======

The following CVE was assigned by Chrome. Microsoft Edge
(Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see
Google Chrome Releases (https://chromereleases.googleblog.com/2022) for more information.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Alex5723

Reply | Quote

Edge Version 99.0.1150.55

Reply | Quote

Brave version update to 1.36.122 available.
# changelog: https://chromium.googlesource.com/chromium/src/+log/99.0.4844.88

If debian is good enough for NASA...

Reply | Quote

[Bob99]

Per a MS Edge Release Notes page I found a few minutes ago, Edge version 99.0.1150.55 is indeed the current version that patches CVE 2022-1096. I guess I might need to update my other machine on which I typed my post above earlier this morning, since it’s “only” on version 99.0.1150.52.

I typed “might” in italics, because Edge on that machine might have updated itself by now.

EDIT: I just checked the other machine, and it indeed was on 99.0.1150.52. It promptly updated itself to 99.0.1150.55 while I watched and restarted it when it asked me to. The same thing happened immediately prior to my other anon post this morning, it updated itself from 99.0.1150.46 to 99.0.1150.52 while I watched and restarted it after being prompted to.

P.S. Aren’t we getting off topic here? After all, isn’t the O/P mostly about Gordon Kelly’s “sensationalistic” (my word) articles?

• This reply was modified 2 years, 11 months ago by Bob99. Reason: Added info about update on other machine

Reply | Quote

dmt_3904 wrote:

thanks for this update. I usually follow Gordon Kelly’s advice for IOS. But good to know about Macrumors – I am familiar with their website.  In general, it is just good to wait and see before installing updates (as is promoted here!)  However, after waiting a period of time, one must decide when is the right time to pull the trigger and knowing when to install immediately due to security risks is equally important.  So having good advice from reliable online sources is essential.  (what is ymmv?)

 

YMMV means “Your mileage may vary.” It is an American expression related to the fuel consumption of vehicles which the manufacturers always state as “your mileage may vary” to avoid any legal liability when you get 20mpg rather than the 30mpg they claim! Use outside that context means that what is true for one person isn’t necessarily true for another. (Edit: can’t even spell YMMV correctly!)

Reply | Quote