Newsletter Archives

• Am I part of the attack bot?

  Posted on December 30, 2024 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  The other day, a headline popped up that made me stop and read the news story.

  It was all about the American government’s considering blocking the vendor TP-Link from selling routers. TP-link happens to be a vendor I rely on for my wireless access point, but it has also been called out by Microsoft and other vendors who say its products may be used in attacks.

  Many of these units not been updated by the vendor to fix issues that allow them to be used by other bad actors in group attacks.

  Read the full story in our Plus Newsletter (21.53.0, 2024-12-30).

  On Security DNS, Edge Devices, Exchange, Firewalls, Firmware Update, ISPs, Newsletters, Patch Lady Posts, Routers, TP-Link

• Closing the books on a buggy year

  Posted on December 16, 2024 at 02:41 CST by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  We’re closing the patching year with an AI-related bug that — fortunately — is not related to Copilot, Recall, or any other AI-related product released by Microsoft in the last few months.

  In fact, you may not have heard of it at all. Called Microsoft Muzic, it’s a research project in understanding music via deep learning and artificial intelligence. It also introduced a vulnerability into your computer if you installed it.

  Read the full story in our Plus Newsletter (21.51.0, 2024-12-16).

  Patch Watch CVE-2024-49063, CVE-2024-49112, CVE-2024-49117, CVE-2024-49138, Exchange, Google Workspace, Hyper-V, KB5002652, Newsletters, Outlook, Patch Lady Posts, TPM, Windows 11 24H2

• You clicked on that phish?

  Posted on November 11, 2024 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  It happens. You fell for it. You clicked on something you shouldn’t have. You followed a link. You entered your password on a site that wasn’t legitimate.

  In these instances, you didn’t suffer an intrusion to your computer. Instead, your login credentials were impacted. What should you do?

  First, don’t panic. In the case of many attacks these days, your operating system is still intact — not impacted in any way. The once standard reaction “I got hacked, so I’ll restore my computer from a clean backup or reinstall from scratch” probably isn’t necessary. In fact, it may be irrelevant to your response.

  Read the full story in our Plus Newsletter (21.46.0, 2024-11-11).

  On Security Adversary-in-the-middle, CISA, Credentials, Exchange, Microsoft Compliance Portal, Microsoft Purview portal, Multifactor Authentication, Newsletters, Passwords, Patch Lady Posts, phishing, Security, Trusted Devices, Two-factor authentication

• A serving of zero days

  Posted on November 20, 2023 at 02:43 CST by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  In a lighter-than-usual November release, Microsoft is patching 63 vulnerabilities, including three already under targeted and limited attacks and three deemed critical.

  Even though you and I will see the same number of patch installs, the number of underlying vulnerabilities for the month is down compared to past years. But that doesn’t mean you should change how you install updates — wait to see what side effects may occur, my usual recommended practice.

  Read the full story in our Plus Newsletter (20.47.0, 2023-11-20).

  Patch Watch CVE-2023-23583, CVE-2023-36025, CVE-2023-36033, CVE-2023-36036, CVE-2023-38545, Exchange, Newsletters, Patch Lady Posts, Remote Desktop Connection, VMWare, Windows 10 22H2, Windows 11 23H2

• When newer isn’t more secure, or better

  Posted on October 10, 2022 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  It’s a dirty little secret in software — when new code is added to existing code, it doesn’t always result in a more secure system.

  Let me give you a specific example. Recently, Microsoft announced that there had been targeted attacks against ten organizations using fully patched Exchange servers. To gain access, the attackers needed rights on the server.

  That meant they had already employed a successful phishing attack.

  Read the full story in our Plus Newsletter (19.41.0, 2022-10-10).

  On Security Exchange, Newsletters, Patch Lady Posts, System upgrades

• November cleans up October’s mess

  Posted on November 15, 2021 at 02:42 CST by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  Could we still see printing issues?

  Even though the 55 vulnerabilities fixed in November do not include any new Print Spooler updates, we are still to some extent in clean-up mode. Microsoft is at least acknowledging that issues remain that it is trying to fix.

  Read the full story in the AskWoody Plus Newsletter 18.44.0 (2021-11-15).

  AskWoody Plus Newsletter, Patch Watch AskWoody Plus Newsletter, Exchange, Patch Lady Posts, Patch Watch, Print Spooler

• Time to block vNext

  Posted on October 4, 2021 at 02:42 CDT by Susan Bradley • Comment in the Forums

  PATCH WATCH

  

  By Susan Bradley

  Not ready to move to Windows 11? PC not compatible? Block it!

  Microsoft has expanded the setting we love at AskWoody: “TRV,” or TargetReleaseVersion. Previously, we were able to set the specific feature release we wanted for Windows 10. Now we get the option to ensure that we stay on Windows 10 — and only on Windows 10.

  (Why do I always insist that we are better off holding back and not installing the latest thing? Because unless you want to be a beta tester, you shouldn’t have to become a beta tester.)

  Read the full story in the AskWoody Plus Newsletter 18.38.0 (2021-10-04).

  AskWoody Plus Newsletter, Patch Watch AskWoody Plus Newsletter, Exchange, Patch Lady Posts, Windows 11, Windows Update

• Outlook, Windows Live Mail problems – caused by Exchange?

  Posted on January 21, 2016 at 13:18 CST by woody • Comment in the Forums

  Just got this interesting letter from reader LL:

  Hi Woody, I really do not like to beat a dead horse, but the problems that MS is having with their web mail service and their email client continues and has become a nightmare for many home and corporate users. Office users get hit due to the link to Outlook.com or Outlook Preview.  

  MS appears to be fiddling at the server end because Outlook has been up and down since January 18th. Users are reporting a myriad of issues, especially in the UK. 

  https://downtoday.co.uk/outlook-problems/

  I no longer user WLM/Outlook, but a friend of mine uses Hotmail and tells me that they have received emails over the past 3 days but they can not delete them after they are read,  nor can they move the ones they want to save to a storage folder. They get a popup which just states that an error has occurred. This has just happened out of the blue. 

  It may be that the MS new Exchange Protocol is the real issue (an assumption on my part – I have no proof). I say this because MS has still not been able to fix the syncing problem which they have admitted resides on their servers. 
  If there is an upside to all of this, maybe MS is putting some priority on fixing the syncing problems. The outages may be the result of them testing different fix scenarios. However, they should back them out when they do not work. Days on end of problems is just not acceptable. MS has some weird idea that negatively  impacting users has no consequences.
  Other Exchange, Outlook, Windows Live Mail