|
To prevent further data damage, we addressed this issue in the May 24, 2022 preview release and the June 14, 2022 security release. After applying those updates, you might notice slower performance for almost one month after you install them on Windows Server 2022 and Windows 11 (original release).
support.microsoft.com
|
Hmmm… when did this occur? Susan hits view of details of web page to see when it was posted.
Susan can’t find the publish date (they got rid of it a year or so ago and I can’t remember how you find it now – found via the RSS feed that it was today = https://support.microsoft.com/en-us/feed/rss/4ec863cc-2ecd-e187-6cb3-b50c6545db92
Susan goes to review original previews to see if they talked about this (this maybe?
-
Addresses a known issue that affects certain GPUs and might cause apps to close unexpectedly or cause intermittent issues that affect some apps that use Direct3D 9. You might also receive an error in the Event Log in Windows Logs/Applications, and the faulting module is d3d9on12.dll and the exception code is 0xc0000094.
Susan doesn’t see this on the health release dashboard
I’ve seen a report in comments that the only consumer impact they’ve traced it back to is bitcoin mining.
Comment on bleeping computer
“So the only consumer level applications I could find in a quick search that seemed to possibly be able to make use of VAES were cryptocurrency mining apps. Granted that doesn’t mean there weren’t other more obscure uses, however this doesn’t sound like it will impact the vast majority of home users. Enterprise use on the other hand, that could be significantly impacted depending on what sort of workloads actually use VAES.”
Susan remembers an upcoming Blackhat presentation by Dustin Childs
Calculating Risk in the Era of Obscurity: Reading Between the Lines of Security Advisories
Brian Gorenc | Senior Director, Trend Micro Zero Day InitiativeDustin Childs | Sr. Communications Manager, Trend Micro Zero Day Initiative
Date: Thursday, August 11 | 11:20am-12:00pm ( Islander EI (Level 1) )
Format: 40-Minute Briefings
Tracks:
Compliance with industry standards as well as various government regulations also requires a robust servicing and patching strategy. Beyond compliance, you must understand the risk to your resources from poor servicing. To help with this effort, standards exist to help assess risk. However, vendors can manipulate these standards, which can lead to errors when enterprises attempt to accurately gauge risk. Over time, vendors reduced the clarity of language in their advisories to the point where plain language about a bug no longer exists, leaving network defenders to speculate what the real risk from a product may be.
There are occasions when vendors release patches that are nothing more than placebos – patches that make no code changes at all and leave administrators with a false sense of security. Similarly, vendors release incomplete patches that do not properly mitigate the vulnerability. Not only does this leave software in a vulnerable state after applying what should be a fix, it doubles the cost of patching, since now another patch must be applied to mitigate the risks incurred from applying the first patch and increases the risk of attack.Our conclusions are based on disclosing over 9,500 vulnerabilities over 17 years. This talk provides examples of systemic problems with security patches and how those problems negatively impact enterprise security. We propose methods to incentivize vendors to improve their servicing habits, including alternative disclosure timelines for failed patches. We encourage others disclosing vulnerabilities to adopt similar timelines and for customers to prioritize purchasing based on how vendors impact their risk through servicing.
How about we include in that talk following RSS feeds of KB articles because where this stuff should be documented… it isn’t.
Yes Susan is now talking to herself
Susan Bradley Patch Lady/Prudent patcher
