|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
MS-DEFCON 4: The gift of patching
ISSUE 21.52.1 • 2024-12-24 
By Susan Bradley • Comment about this alert
’Twas the night before Christmas, and all through the house and office, not a creature was stirring — except yours truly, because I was checking my systems to see whether they were all fully up to date.
Seriously, I always find that the time around the holidays is a good moment to do your patching. After the holiday dinner has been served and everyone is in their holiday ham or turkey coma, I can sneak away to review my technology. The end of the year is just a week away, and as I always say, you should start the new year with everything polished and shiny. Therefore, I’m lowering the MS-DEFCON level to 4.
Anyone can read the full MS-DEFCON Alert (21.52.1, 2024-12-24).
-
Lessons learned from CrowdStrike
ISSUE 21.31 • 2024-07-29 ON SECURITY
By Susan Bradley
It’s been over a week since the technology meltdown that impacted airlines, some banks, and even my sister’s Starbucks order through Uber Eats on Friday morning.
Despite the carnage, only a very small segment of computer systems was impacted. In the Official Microsoft Blog, the post Helping our customers through the CrowdStrike outage pointed out that less than one percent of all Windows machines were affected.
So why was this so impactful? More important, what lessons have we learned from this event? Is there anything we can do better next time?
Read the full story in our Plus Newsletter (21.31.0, 2024-07-29).
This story also appears in our public Newsletter. -
Bad antivirus definition triggers shutdowns
ISSUE 21.29.1 • 2024-07-20 By Susan Bradley
It was a really bad day for IT admins.
Late Thursday night, the security protection company CrowdStrike sent a bad antivirus definition file to its entire customer base. Because this faulty data file inserts itself into the Windows kernel, Windows does what it was designed to do — it goes directly to the blue screen of death (BSOD).
Most of us can rest easy. CrowdStrike is not a product for the consumer or for a very small business. It’s an enterprise product, and thus its impact was widely seen in very large companies, triggering service interruptions for airlines, banks, healthcare providers — worldwide.
Read the full Plus Alert (21.29.1, 2024-07-20).
-
If an advanced government-sponsored hacking team is out to get you, kiss your keester goodbye
Security research firm Crowdstrike just published a report that should bring a chill to the heart of anyone working in security for a large firm or organization. They found that the “breakout time” — the amount of time from first penetration of a network to completely taking it over — varies depending on the source of the attack. If you’re up against an attack from one of the advanced Russian APT groups you have, on average, under 20 minutes to discover the intrusion and plug it.
Twenty minutes.
It is quite remarkable to see that Russia-based threat actors are almost 8 times as fast as their speediest competitor — North Korea-based adversaries, who themselves are almost twice as fast as intrusion groups from China.
So if you’re getting attacked by a Chinese APT group, on average, you have five hours to knock them out.
You have to sign up in order to get the report, but it makes very interesting reading. The graphics alone are worth the price of admission.
(Bear = Russia, Chollima = North Korea, Panda = China, Kitten = Iran, Spider = ecrime groups)
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Latest Firefox requires Password on start up
by 44 minutes ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 3 hours, 57 minutes ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 1 hour, 42 minutes ago
-
How Much Daylight have YOU Saved?
by 31 minutes ago
-
A brief history of Windows Settings
by 2 hours, 26 minutes ago
-
Thunderbolt is not just for monitors
by 37 minutes ago
-
Password Generators — Your first line of defense
by 10 minutes ago
-
AskWoody at the computer museum
by 10 minutes ago
-
Planning for the unexpected
by 1 hour, 8 minutes ago
-
Which printer type is the better one to buy?
by 5 hours, 43 minutes ago
-
Upgrading the web server
by 4 hours, 8 minutes ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 23 hours, 12 minutes ago
-
Creating a Google account
by 21 hours, 57 minutes ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 1 day, 4 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 1 day, 15 hours ago
-
AI *emergent misalignment*
by 1 day, 16 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 39 minutes ago
-
Trouble signing out and restarting
by 17 hours, 15 minutes ago
-
Windows 7 MSE Manual Updating
by 2 days, 1 hour ago
-
Problem running LMC 22 flash drive
by 23 hours, 51 minutes ago
-
Outlook Email Problem
by 23 hours, 57 minutes ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 1 day, 7 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 2 days ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 2 days ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 3 days, 1 hour ago
-
Windows 11 Insider Preview Build 22635.5025 (23H2) released to BETA
by 3 days, 1 hour ago
-
Sysprep issue
by 3 days ago
-
Android Security Bulletin—March 2025
by 3 days, 3 hours ago
-
23h2: PIN TO START randomly available on right-click
by 3 days, 3 hours ago
-
Microsoft Defender
by 3 days, 9 hours ago
