|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
Patch Tuesday poll – how is the testing going?
[yop_poll id=”4″]
Well how is everyone doing the day after in your early testing of the updates?
-
April Patch Tuesday out – Exchange once again
Patches are just coming out.
Small business guidance up first:
Exchange (Microsoft’s on premises mail server) has an update. This time I’m ignoring any guidance that might say “targeted attacks only” and saying – if you have on prem Exchange patch TODAY just to be safe. I totally understand that to ask any business large or small to have them take down the mail server on a business day is asking a lot, but I’m not taking chances this time with my small business peeps getting nailed.Patch them.Do it.Reboot that Exchange server ahead of time.Ensure you open a command prompt and run as admin to run the commands to update Exchange. Ensure you watch that services fully restarted after the box is rebooted.– CVE-2021-28480/28481 – Microsoft Exchange Server Remote Code Execution VulnerabilityBoth of these CVEs are listed at a 9.8 CVSS and have identical write-ups, so they both get listed here. Both code execution bugs are unauthenticated and require no user interaction. Since the attack vector is listed as “Network,” it is likely these bugs are wormable – at least between Exchange servers. The CVSS score for these two bugs is actually higher than the Exchange bugs exploited earlier this year. These bugs were credited to the National Security Agency. Considering the source, and considering these bugs also receive Microsoft’s highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible.For consumers and home users, pop that popcorn and we’re going to be in patch testing mode watching for the dead bodies. As usual the full write up will be coming up in Monday’s Plus newsletter. Biggies to watch out for – old Edge goes, and… for how many months past October end of life for Office 2010 we are STILL patching Office 2010. -
April 2021 Office non-Security Updates are now available
The April 2021 Office non-Security updates have been released Tuesday, April 6, 2021. They are not included in the DEFCON-3 approval for the March 2021 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.
Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.
Office 2016
Update for Microsoft Office 2016 (KB4486672)There were no non-security listings for Office 2010 (which reached EOS on October 13, 2020) nor for Office 2013.
On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support will end for Office 2013 on April 11, 2023.
Office 2016 also reached End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.Updates are for the .msi version (perpetual). Office 365 and C2R are not included.
Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Sycophancy in GPT-4o: What happened
by 7 hours, 4 minutes ago
-
How can I install Skype on Windows 7?
by 5 hours, 47 minutes ago
-
Logitech MK850 Keyboard issues
by 32 minutes ago
-
We live in a simulation
by 21 hours, 12 minutes ago
-
Netplwiz not working
by 7 hours, 47 minutes ago
-
Windows 11 24H2 is broadly available
by 1 day, 9 hours ago
-
Microsoft is killing Authenticator
by 17 hours, 9 minutes ago
-
Downloads folder location
by 1 day, 16 hours ago
-
Remove a User from Login screen
by 11 hours, 42 minutes ago
-
TikTok fined €530 million for sending European user data to China
by 1 day, 7 hours ago
-
Microsoft Speech Recognition Service Error Code 1002
by 1 day, 7 hours ago
-
Is it a bug or is it expected?
by 1 day, 11 hours ago
-
Image for Windows TBwinRE image not enough space on target location
by 1 day, 6 hours ago
-
Start menu jump lists for some apps might not work as expected on Windows 10
by 5 hours, 50 minutes ago
-
Malicious Go Modules disk-wiping malware
by 1 day, 20 hours ago
-
Multiple Partitions?
by 1 day, 20 hours ago
-
World Passkey Day 2025
by 2 days, 14 hours ago
-
Add serial device in Windows 11
by 3 days, 5 hours ago
-
Windows 11 users reportedly losing data due forced BitLocker encryption
by 1 day, 6 hours ago
-
Cached credentials is not a new bug
by 3 days, 9 hours ago
-
Win11 24H4 Slow!
by 3 days, 9 hours ago
-
Microsoft hiking XBox prices starting today due to Trump’s tariffs
by 3 days, 7 hours ago
-
Asus adds “movement sensor” to their Graphics cards
by 3 days, 12 hours ago
-
‘Minority Report’ coming to NYC
by 3 days, 8 hours ago
-
Apple notifies new victims of spyware attacks across the world
by 3 days, 20 hours ago
-
Tracking content block list GONE in Firefox 138
by 3 days, 20 hours ago
-
How do I migrate Password Managers
by 3 days, 4 hours ago
-
Orb : how fast is my Internet connection
by 3 days, 5 hours ago
-
Solid color background slows Windows 7 login
by 4 days, 8 hours ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 4 days, 7 hours ago
Remembering Woody
