Yes, you do need to patch sooner or later

Topic

New Reply

You know how I say that there’s no reason to patch as soon as the patches come out — but you need to patch sooner or later? Those of you running Wind
[See the full post at: Yes, you do need to patch sooner or later]

2 users thanked author for this post.

abbodi86, lurks about

Reply | Quote

Replies

Yes you do need to start using a newer OS sooner or later.

People holding out on Windows 7/8 will eventually realize that more and more things get difficult or impossible as more and more vendors drop support for products they use to concentrate on making their products better for Windows 10.

Are there any people out there still flogging along on CP/M?
Oh wait, they wouldn’t be able to read this.

Byte me!

Reply | Quote

PH, of course you are right, but I think that time may be yet a long time off. Today, there are still 100,000,000 Win7 systems using the web. That’s a big market for most of those providers to walk away from.

The vast majority of home users use their systems for email and occasional web browsing — more often than not prompted by an email. For them, the only software they use is Chrome, their AV and possibly windows Live Mail.

CT

5 users thanked author for this post.

Kranium, SueW, doriel, Charlie, Moonbear

Reply | Quote

I agree with phrozen_ghost, that this is unavoidable. But for me, internet place is more about HTML, PHP and other communication standards, not about OS – look at myriads of mobile phones and still, all can access world wide web.

I have an old notebook UMAX from year 2008. I was using WinXP and in 2014 I went to fedora 19. Until today, it still fuctions and I can visit most of websites. Sometimes some certificate is missing and I have to go through “Continue on this site (Not Recommended)” notification in Firefox, but it still works.
Its not safe for ibanking, but I can play video on Youtube, play mp3 in rythmbox and play Heroes III in Wine, or some DOS game from OlderGeeks
I simply love that machine

Canadian tech wrote:

These machines are steady state absolutely predictable machines. They just work like they did the day before. Day after day after day.

An I second that opinion. Updating havoc is so unscessary. Somehow I feel it lacks elegance, doesnt it..

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

1 user thanked author for this post.

Kranium

Reply | Quote

Everything breaks down. That includes computers. Many of the existing computers with older OSes will eventually die. Parts are going to be difficult to obtain.

Many software vendor HAVE walked away from Windows 7/8.

Newer technologies are not going to be available on older PCs. I am quite certain there are not a lot of Windows 3.1 machines out there now. They were so limited in functionality.

Reply | Quote

Security issues are often over-hyped when the patch is released and the bugs are real, often there is not pressing need to update yesterday before the patches were released. But at some point the system should be patched, maybe a couple of weeks after the patches are released. Susan and Woody try to give advice for business and home users as to when to patch Windows so the system is reasonably up to date and any major security issues are taken care of in a timely manner. While other OSes do not necessarily have someone like Woody and Susan monitoring the patches and reports the same basic rules apply, updates are issued for a reason but patching does not need to be done stat except in rare occasions.

Reply | Quote

My 120 Win7 client systems have not seen a single Microsoft Update since May 2017. That’s 40 months or some 4800 computer use months. Not one single instance of any kind of a problem. Again: these are typical home use computers that use Chrome, not IE, have Bit Defender Antivirus +, and have Flash, Adobe Reader and Java removed. windows Update service disabled. Windows Update set to Never.

These machines are steady state absolutely predictable machines. They just work like they did the day before. Day after day after day.

Meanwhile, Microsoft updates all around us are reeking havoc with everyone else’s machines.

CT

6 users thanked author for this post.

Kranium, doriel, lanceboil, RamRod, Moonbear, Alex5723

Reply | Quote

Canadian Tech wrote:

Microsoft updates all around us are reeking havoc with everyone else’s machines.

That statement (particularly the “everyone else’s” part) is simply not true.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

Microfix

Reply | Quote

I’d certainly HOPE network admins would know this and also have the knowledge to understand which “security” updates are real and which are meh.  Maybe I assume too much.  At some point, I’d expect long delayed updates to wreak havoc with a network.

Not the same as what’s described here but I have a home server running Ubuntu that updates constantly and I never even think about it.

As an individual, I usually choose later, usually based on what is said here and a few other good sites.  A few years ago, I hardly ever installed updates.  Had one XP desktop with two kids pounding on it for year with no AV operating (oops!) and no issues beyond all the junkware they downloaded.

I still wonder if all the sky is falling stuff about updates and security, for the average user, matters.  It’s definitely a way for MS to collect data and reset machines to forward data on all the Home installs out there.

Thing is, they don’t seem to have a clue what to do with it!  Windows reality distortion field

1 user thanked author for this post.

RamRod

Reply | Quote

anonymous wrote:

A few years ago, I hardly ever installed updates. Had one XP desktop with two kids pounding on it for year with no AV operating (oops!) and no issues beyond all the junkware they downloaded.

The key words here are Kids and Junkware they downloaded.  In general, kids will click on anything that grabs their attention.  You just can’t do that anymore.  Thanks for bring up a very good point.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Besides W7, 0patch pro can also be used for W10 as a second layer of protection with their micro-patches.

Reply | Quote

[Moonbear]

Two questions:

Can this attack effect systems that aren’t running servers or domain controllers at all?

In the ZDnet article it says that there will be a more complete patch released in February 2021, why is Microsoft waiting so long?

 

• This reply was modified 4 years, 6 months ago by Moonbear.

1 user thanked author for this post.

Charlie

Reply | Quote

Canadian Tech wrote:

Win7 client systems have not seen a single Microsoft Update since May 2017.

We have a Win7 at home which hasn’t seen Microsoft’s updates since ~2016 after forced upgrade to W10 and reverted to W7.
This W7 laptop is a work PC connected to the Internet and works as new with 0 problems, bugs, crashed, viruses, slowness… all that time. It will remain in use until a sever hardware crash.

2 users thanked author for this post.

Kranium, Canadian Tech

Reply | Quote

If you are a business entity, it is probably required that you patch and remain in compliance with stipulated industry regulations.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

What’s the name of the update that fixes this vulnerability? (1909)

Reply | Quote

The vuln is fixed by all of the August (and later) Windows Cumulative Updates.

1 user thanked author for this post.

doriel

Reply | Quote

[doriel]

https://www.bleepingcomputer.com/news/microsoft/windows-zerologon-poc-exploits-allow-domain-takeover-patch-now/

CVE-2020-1472 does not seem to be too much difficult for somebody to make it happen. And since this is about domain networks, I consider this as very serious. Why Microsoft hesitates to patch right now? Using some sort of Out-Of-Box update?
I know admins can (and should) patch manually, but I dont understand. We are fed with security fairy tales every day and then it takes month to patch possibility to takeover whole domain? mmm…

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

• This reply was modified 4 years, 6 months ago by doriel. Reason: spelling errors

Reply | Quote

All my Win10 Pro boxes have feature update deferrals set to 120 days and quality update deferrals set for 14 days…. have been this way for over a year, and I have yet to have a problem. Started on 1803, now on 1909 as my time expires here and there. Not a single issue in several years. Win10 runs like a top for me on everything from my monster workstation (R9 3900X / 5700XT / 64GB DDR4) to my weaker desktops (a variety of i5’s and Xeon W3’s).

Reply | Quote

[Moonbear]

Moonbear wrote:

Two questions:

Can this attack effect systems that aren’t running servers or domain controllers at all?

In the ZDnet article it says that there will be a more complete patch released in February 2021, why is Microsoft waiting so long?

 

• This reply was modified 4 years, 6 months ago by Moonbear.

As it requires physical access it doesn’t matter if it affects non-domain PCs. If you let dodgy people access your PC…

MS are wise to take their time to release a patch that has no in-the-wild attacks. We know the mess they can create with W10 patches, imagine that on a domain controller with thousands of clients.

cheers, Paul

1 user thanked author for this post.

woody

Reply | Quote

[Alex5723]

anonymous wrote:

Many software vendor HAVE walked away from Windows 7/8.

On the other hand Windows 10 doesn’t run many Windows 7 applications and buying new/comparable software may cost $thousands.

• This reply was modified 4 years, 6 months ago by Alex5723.

1 user thanked author for this post.

Kranium

Reply | Quote

Win10 runs ALL of the Win7 applications I use. I haven’t had to buy “new/comparable software may cost $thousands.”

Reply | Quote

My experience today – I installed update for fixing vulnerability CVE-2020-1472 on the domain controller and we were stuck in an infinitebloop of restarting and safe mode. Luckylly, our second DC did all the job. Restoring from VEEAM backup did not help, primary DC remained stuck. That was the last time, Ineas hurry.

Server was Windows Server 20

Paul_T: words of wisdom indeed!

Reply | Quote

Restoring DCs is not normally a place I’d go, unless it was the last DC left.

I’d rebuild the DC and then add it to the domain. Once it is running OK you can try the patch again – after checking for updates from others with similar issues.

cheers, Paul

Reply | Quote

PKCano wrote:

Win10 runs ALL of the Win7 applications I use. I haven’t had to buy “new/comparable software may cost $thousands.”

Not the software we use on a W7 so we blocked W10 for eternity.

Reply | Quote

Woody:  Do you happen to know if and where small businesses can purchase Extended Security Updates (ESU) for Windows Server 2008 R2?  It seems that ESU is only available under Enterprise Agreements or other license agreements with significant minimum quantities required.  ESU for Windows 7 is available from Cloud Solution Providers at low quantities, but what about for Windows Server 2008 R2?  Given the potential severity of this vulnerability, it seems that Microsoft needs to provide some option to small businesses to acquire ESU, so they can patch legacy domain controllers immediately.  I suspect we aren’t the only small business with few IT staff who have limited time to implement significant migrations, such as upgrading one or more Active Directory domains.  Not to mention the increase in demands on IT staff associated with work at home requirements due to the pandemic.  We need access to the patches now, to buy more time to complete the Active Directory migrations!

Reply | Quote

This is old, but see the link in #6. Amy (Harbor Computer Services) has been handling ESUs for many of our readers. The email address is at the top of the form.

1 user thanked author for this post.

SuperMJT

Reply | Quote

Thank you for providing that link.  I remember seeing that post a while back, but I could not find it when I searched early this morning.  Unfortunately, the post states “Remember as a small business you can purchase for $61(US) the first year of extended security updates for Windows 7 (Amy’s form to request more info here).  However this will not protect your Server.”  Thus, I think I’m still probably out of luck since I need ESU specifically for Windows Server 2008 R2.  I’ll check with Amy nevertheless.  Thanks. 

Reply | Quote

0patch has developed a micropath: https://blog.0patch.com/ .

Moderator note: Please do not post the same content in multiple threads.

Reply | Quote