Replies

Instead of de-selecting the IPv6 protocol in the UI, I run in this mode:

Disable IPv6 on all nontunnel interfaces (except the loopback) and on IPv6 tunnel interface

from here:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows

I feel like this is sufficient mitigation for CVE-2024-38063, since it disables IPv6 on all Ethernet ports.  Would anyone disagree?

1 user thanked author for this post.

Noel Carboni

Articles like this are a discouragement for me to pay a membership fee.

Confirming the NPS issues.  We have two NPS proxy servers backed by NPS on three DCs.  Patched the DCs and started having issues with a VPN product that authenticates with computer certificates.  Rolling back now…

I have a 7-node Velop system I share with my neighbor. I feel every part of your story – every single part. They work great until they don’t.

I was very excited when they added Client Steering and Node Steering capabilities. But stability is orders of magnitude better when they’re off. So they stay off.

And I keep my old Nexus 6 for only two reasons. Reliable bluetooth programming of Velop nodes with their gods-forsaken app, and backing up my Google Auth configuration.

Yours in suffering.

Hi There,

Dropping comment since I missed the survey.

I’m going to make a concerted effort to give you more of a bullet-point view up front to give you actions to take on patching. My goal is to make this more concise. The MS-DEFCON ranking will also stay as is, giving you a quick and easy way to know when to install updates and when to hold back.

This is my primary reason for being here!  The local govt. I work for lacks the resources for proper testing…  I depend on not releasing patches and waiting for others feedback on patch stability.  I also depend on knowing if there’s a very critical need to release sooner.  So thank you – your feedback is invaluable.

Also, even though I cut teeth on a TRS-80 Model I, I do encourage the younglings to view your content.

Thank you for all you do.

1 user thanked author for this post.

baggins

I want to stay on a specific version

If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the Select the target Feature Update version setting instead of using the Specify when Preview Builds and Feature Updates are received setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don’t update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.

Other sources confirm this… So if I want to stay on 1909 until I choose otherwise (or July 10, 2022, whichever comes first), I should use 1909 as the version parameter. If I’m understanding correctly.

Hi folks,

I installed the v2004 ADMX policies to gain access to the “Select the target Feature Update version” option.

Does anyone know the abilities/limitations of this?  I’d love to be able to enter a target version of 2050 for effectively manual control, if this truly works for all versions since 1803.