By Susan Bradley

If you recall, earlier this month Microsoft released an update that needed some additional steps — manually adding registry keys — to fully protect your machine.

My position on this matter has been that I did not recommend taking the additional steps unless you knew that you or your firm was specifically being targeted. Microsoft’s notes indicated that it would be releasing a future update that would not require manual intervention — and that if you did not install it, you might experience side effects.

Microsoft did not provide any hints about which side effects. Helpful, don’t you think?

I decided to experiment. On one office PC running Windows 10 22H2 and one home PC running Windows 11 22H2, I manually applied the registry changes. Two weeks later, I can’t determine exactly what side effect I should be looking for. I’ve seen no blue screens of death. No extra error messages. No extra event log entries. Nothing that would give me pause. That said, my stance is unchanged — unless you are specifically targeted, don’t bother with these registry keys.

At any rate, I can find no widespread problems that prevent anyone from applying the June updates. Any lingering side effects are either corner cases or won’t be fixed between now and next Patch Tuesday. Therefore, I am lowering the MS-DEFCON level to 4.

Highlights:

If you still do not have 22H2 on Windows 10 PCs, try downloading the enablement package patch that should quickly install the feature release. If that doesn’t work, I recommend a repair install over the top because any errors at this point indicate corruption.

If you do get an error message, I strongly recommend that you come to the forums and list which security and third-party software you have on your machine. It is not a normal scenario when an operating system becomes corrupted — something has impacted Windows. So think back and let us know what you’ve installed in the past, and we’ll try to get to the root cause.

Although I’m using Windows 11 22H2 on one of my personal PCs, I’m still not quite ready to give the all-clear. Windows 11 22H2 seems fairly stable, but there are still some issues that give me pause. Businesses may face some lingering VPN bugs, including some with Always on VPN. Consumers are obviously less likely to hit these issue; apparently, they will be fixed in the June’s preview releases and will make it into the July patch releases. Of course, if you’re buying a new PC, Windows 11 is now your only choice.

Once again, I urge you to review your router’s firmware to be sure it is up to date. ASUS is now reporting that certain routers need patching to fix a security issue. For consumer routers and computers, it’s wise to do a mid-year review of all firmware, PC and network devices alike. If you have a name-brand computer or router, visit the vendor’s support site looking for such updates. For those more adventurous, remember that you can often get better security and a better interface by installing third-party firmware in a router. This is not for the faint of heart — you can brick your router. Be prepared to have a spare, or immediately order an overnight replacement so you can get your network back online as quickly as possible.

I am seeing some reports of users not being able to open applications after the June updates. Because I use Microsoft Defender and have not seen this behavior, I recommend you consider uninstalling and reinstalling your antivirus software. It’s annoying to do so, but my experience is that the AV solution gets a forced update this way and thus has the latest code.

There are several “hardening” issues that have been enforced this month. Don’t forget to read KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023. In the timing section, Microsoft states:

The Windows updates released on July 11, 2023 will remove the ability to set value 1 to the RequireSeal registry subkey. This enables the Enforcement phase of CVE-2022-38023.

Also remember the Kerberos changes. You’ll specifically want to look in your domain controllers for Event ID codes in the range 5838-5841. 5840 codes are warnings, but the rest are errors that need fixing. You’ll want to dig into the link above for details.

Here’s a special piece of advice for those of you still patching Server 2016: Do yourself a favor and move to Server 2019 or 2022. Server 2016 has issues with slow patching and rebooting. Often fixes that were introduced into later server releases cannot be backported. Make your patching life easier and ask for an upgrade budget. You’ll thank me.

The other day at the office, several folks were reporting that they were getting an error message that “Actionable Messages” were not available. Microsoft indicates that these messages will occur when there is a card or add-in that is using up the number of actionable slots. However, in my network we use only Outlook’s default actions. Therefore, I believe that Microsoft’s tools that generate the follow-up messages were triggering this bug. I have not seen it in the last few days, but I’ll be keeping an eye out for this, now that I know what’s triggering it.

Microsoft also indicated that an issue with Yahoo — being unable to set up app passwords for log-in purposes — has been resolved as well. For more information, see the article How to add a Yahoo IMAP account to Outlook Desktop without an App Password.

Resources

Join the conversation! Your questions, comments, and feedback about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.