Newsletter Archives

• MS-DEFCON 4: Install or defer updates? Your choice.

  Posted on October 25, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.43.1 • 2022-10-25

  

  By Susan Bradley

  I’ve got a slightly mixed message about the latest round of updates.

  In the most general terms, updates this month have proven safe and unlikely to cause many problems. It is for that reason I am lowering the MS-DEFCON level to 4. But there’s a grain of salt to go along with that recommendation.

  I continue to recommend that you not install the feature-release updates for Windows 10 or Windows 11 version 22H2. But I do recommend that you allow the rest of the updates to install. That’s the mixed message.

  Anyone can read the full MS-DEFCON Alert (19.43.1, 2022-10-25).

  AskWoody Plus Alert, MS-DEFCON AskWoody Alert, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts, Windows 10, Windows 11

• MS-DEFCON 2: Windows 10 22H2 expected this month

  Posted on October 6, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.40.1 • 2022-10-06

  

  By Susan Bradley

  We originally had the impression that Windows 10 and 11 updates would appear simultaneously, but — for this time at least — it looks like Windows 10 22H2 will be here in October, a month after Windows 11 2022 (22H2).

  As with Windows 11 2022, I am not expecting a major release. As per my usual recommendation, don’t accept the Windows 10 22H2 update right away. Instead, defer it until I’ve had a chance to test and review. That advice also comes with an elevation of the MS-DEFCON level to 2.

  Anyone can read the full MS-DEFCON Alert (19.40.1, 2022-10-06).

  AskWoody Plus Alert, MS-DEFCON AskWoody Alert, AskWoody Plus Newsletter, MS-DEFCON, MS-DEFCON 2, Patch Lady Posts, Windows 10, Windows 11

• Microsoft email zero day

  Posted on September 30, 2022 at 11:05 CDT by Susan Bradley • Comment in the Forums

  What is it?  Microsoft is investigating targeted attacks on their on premises Email servers.  Attackers have found a way into servers that are already fully patched.

  If we have online email with Microsoft, are we at risk?  No.

  Is this disturbing that EVERY time there is a zero day in Microsoft on premises email servers, Microsoft can conveniently scramble and get their online servers patched and meanwhile those that purchase on premises software are stuck holding the bag.

  If you are an Exchange admin and need help, pile on here

  (note I am sending this out as a defcon text alert but not an email alert)

  Follow the guidance in the MSRC post to protect your on premise email servers:

  The current mitigation is to add a blocking rule in “IIS Manager -> Default Web Site -> URL Rewrite -> Actions” to block the known attack patterns

  Note:

  If you don’t run Microsoft Exchange on premise, and don’t have Outlook Web App facing the internet, you are not impacted.

  MS-DEFCON AskWoody Alert, AskWoody Plus Alerts, Master Patch List, Patch Lady Posts

• MS-DEFCON 4: A well-behaved September

  Posted on September 27, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.39.1 • 2022-09-27

  

  By Susan Bradley

  September updates have few side effects.

  It’s always nice when the monthly update process is calm, with no storms. But due to a few snags, the best I can do is lower the MS-DEFCON level to 4.

  These side effects are limited to issues seen in businesses; we ordinary, consumer mortals are not much affected.

  Anyone can read the full MS-DEFCON Alert (19.39.1, 2022-09-27).

  AskWoody Plus Alert, MS-DEFCON AskWoody Alert, AskWoody Plus Newsletter, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts

• MS-DEFCON 3: Issues with bootloader patches

  Posted on August 23, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.34.1 • 2022-08-23

  

  By Susan Bradley

  This month’s updates are a great example of why my patching advice differs for consumers and businesses.

  For consumer patchers, whether using Windows 10 Home or Professional, I’m not convinced that you need to install KB5012170, Microsoft’s security update for Secure Boot DBX (the Secure Boot Forbidden Signature Database). Unless, that is, you think you will be targeted by an overseas attacker with a malicious bootloader installer. If your computer holds the keys to the nuclear codes, then by all means install this update instantly. The fact that this isn’t clear-cut is the reason I can lower the MS-DEFCON only to 3 this time around.

  But if you are a normal user, with normal levels of paranoia to get you through the normal security risks of daily life, I’m not convinced that this update is mandatory. In fact, I think it often causes more pain than benefit. Just read through the threads of many a forum poster trying to get this update installed.

  Anyone can read the full MS-DEFCON Alert (19.34.1, 2022-08-23).

  AskWoody Plus Alert, MS-DEFCON AskWoody Alert, bootloader, MS-DEFCON, MS-DEFCON 3, Patch Lady Posts

• MS-DEFCON 4: A mixed bag for May

  Posted on May 24, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.21.1 • 2022-05-24

  

  By Susan Bradley

  Good news! Most consumer and home users should be just fine after installing this month’s updates.

  I’m not seeing any major, trending issues with patches for the bulk of users, so I’m lowering the MS-DEFCON level to 4.

  But there’s a “but”: I’m still seeing some corner-case oddities and just can’t quite put my finger on the root cause. For example, reader Ray G reports:

  … after the updates are installed, I still have a black screen and have to wait for about 5 minutes for the desktop to appear.

  Anyone can read the full MS-DEFCON Alert (19.21.1, 2022-05-24).

  AskWoody Plus Alert, MS-DEFCON AskWoody Alert, AskWoody Plus Newsletter, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts

• MS-DEFCON 4: Protect yourself with patches

  Posted on April 26, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.17.1 • 2022-04-26

  

  By Susan Bradley

  I’ve been holding my breath.

  For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

  CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

  Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  AskWoody Plus Alert, MS-DEFCON AskWoody Alert, MS-DEFCON, MS-DEFCON 4, Patch Lady Posts

• Ensuring your safety

  Posted on April 5, 2022 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 19.14.1 • 2022-04-05

  

  By Susan Bradley

  MailChimp was compromised by attackers. Here’s what you should know.

  This is breaking news.

  An article at BleepingComputer on Monday, April 4, 2022, revealed the news that the MailChimp email and marketing service had been breached. The report has also been picked up by many different online services and will probably hit the bigger publishers by tomorrow. The attack focused on MailChimp’s internal tools, which allowed the bad guys to steal audience data and launch phishing attacks.

  Read the full Plus Alert (19.14.1, 2022-04-05).

  AskWoody Plus Alert, Security AskWoody Alert, MailChimp, Patch Lady Posts, Security
• « Older Entries