Threats to businesses

Topic

New Reply

ISSUE 21.34 • 2024-08-19 PATCH WATCH By Susan Bradley This month’s updates include fewer vulnerabilities than normal. What is not normal is that some
[See the full post at: Threats to businesses]

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

abbodi86, fisher75, DLivesInTexas, lmacri

Reply | Quote

Replies

Susan Bradley wrote:

Patching recommendations for consumers

I still don’t have any good news for users of Office 2019 retail, some of whom are having problems getting their machines updated. I’ll be closely monitoring this issue and will provide workarounds if needed. So far, the only resolution Microsoft is pointing to is an uninstall or a repair install. Meanwhile, it’s still occurring with the August updates. Ugh! Stay tuned!

This was fixed a couple of days ago:

lmacri wrote:

Affected users should go to; File | Office Account | Update Options | Update Now and try another manual update.
…
Kudos to Gunter Born for posting a heads up today on page 11 of Prius 04’s Microsoft 365 Update Error 30088-27 in the MS Answers forum. Here’s hoping Microsoft has released a permanent fix on their end that works for all MS Office C2R users.

Reply | Quote

Susan Bradley wrote:

For now, defer updates until I notify you otherwise.
…
I consider updating now prudent.

This direct contradiction is very confusing.

Reply | Quote

Susan Bradley wrote:

Even though Windows 11 24H2 is not out yet, we are already seeing updates for fixing security issues unique to systems that have been shipped starting mid-June and that included 24H2 components. One such component is the “snapshot feature” called Microsoft Recall. Strangely, I haven’t heard much about Recall lately. Hopefully, Microsoft is hard at work to ensure that Security is included every step of the way. Better yet, maybe Redmond is starting over.

None of the security updates for version 24H2 have been for issues unique to 24H2 components.

Reply | Quote

Patches have to be targeted for the released builds. While the release isn’t officially out, Microsoft has sold and shipped Copilot+ builds in a few Windows laptops and thus they had to release 24H2 code for those that bought these units.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I was only disputing “unique” in “updates for fixing security issues unique to … 24H2 components”.

Reply | Quote

I, too, am confused by the advice in this column.

In the second paragraph, Susan says, “For now, defer updates until I notify you otherwise.”

Then in a subsequent paragraph, Susan says, “Consumers and businesses can apply the August updates.”

Finally, later in the column, Susans says, “Even with all these zero days, I’m still not ready to scream “everyone patch now!” at the top of my lungs”.

I am not intentionally taking any of these statements out of context. If I have, I apologize. However, to me, these statements contradict one another.

In short, as a consumer, should I apply the August windows updates to windows 10 and 11 or not.

1 user thanked author for this post.

Cijan

Reply | Quote

My apologies.  In my zeal to get the alert out I forgot to pull back the wording in this article.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I am thinking the article was edited/added to and the suggestion was just not thought of to delete.

ROTFL guess I missed Susan’s response 😁

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Although I use my system both for work and play, I consider myself a consumer when it comes to updates.
However, given the precarious situation, I decided to install Windows 10 22H2 KB5041580 – after making a backup.

All went well, but after I rebooted a second time my dual boot Windows-Mint pc wouldn’t start (no Grub boot menu) and I got the error message
“Verifying shim SBAT data failed: Security Policy Violation.
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation” and the pc shut down.

Luckely the web provided the solution: https://forums.linuxmint.com/viewtopic.php?p=2510718&sid=b052f39ccc46129bed219c179178a4b2#p2510718

Steps to solve the problem:
1. Disable Secure Boot
2. Log into your Ubuntu (Mint) user and open a terminal
3. Delete the SBAT policy with:
sudo mokutil –set-sbat-policy delete   *
4. Reboot your PC and log back into Ubuntu (Mint) to update the SBAT policy:
sudo mokutil –set-sbat-policy latest   *
5. Reboot and then re-enable secure boot in your BIOS.

*Please beware: on my pc the font makes the command look like there’s only 1 hiphen before “set”, but there are/should be 2 hiphens in front of “set”.

Don’t ask me why, but the solution worked. All is well now

LMDE is my daily driver now. Old friend Win10 keeps spinning in the background

3 users thanked author for this post.

jburk07, Lars220, wavy

Reply | Quote

Turns out that the second command is not necessary.

After the first command and subsequent reboot, the new policy is created automatically.

LMDE is my daily driver now. Old friend Win10 keeps spinning in the background

Reply | Quote

Hi Susan,
“… This fixes various issues to protect from maliciously crafted PDFs that are often used in ransomware. …”
I am curious … How can a PDF carry/unleash a “payload”?
Please explain.

Reply | Quote

Adobe patched eight critical vulnerabilities in Adobe Acrobat/Reader which allow remote code execution:

Adobe Patches for August 2024

However, I’m probably most concerned about the update for Acrobat and Reader, as maliciously crafted PDFs are often used in ransomware.

Zero Day Initiative — August 2024 Security Update Review

Exactly how that would be accomplished is not published, but JavaScript has been used in the past:

Malicious PDFs | Revealing the Techniques Behind the Attacks

1 user thanked author for this post.

Lars220

Reply | Quote

I had tried all the recommendations from Susan & others without success. But I finally resolved the issue and thought you might want to publish for others having the same problem.

Per Susan’s advice I normally don’t do updates until just before the new ones come out. After reading her warning re. TCP/IP Remote Code Execution Vulnerability where she recommended doing latest updates immediately this time I followed her advice. One of the updates failed: KB5042352 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2. So I rebooted & requested retry. After several failures finally got it to work after which I was able to successfully run latest update for Office 2019 Professional!

 

Reply | Quote