Newsletter Archives

• June updates are out

  Posted on June 14, 2022 at 12:15 CDT by Susan Bradley • Comment in the Forums

  Where I live it’s stone fruit season – Peaches and plums are sweet and ripe.

  Where we ALL live around the world, it’s that time of the month where Redmond releases Windows updates. Even if you don’t use Windows anymore it’s the day I always review browsers on all of my devices to ensure they are up to date.

  And here we go… https://patchtuesdaydashboard.com/

  Remember today is not the day to be installing updates unless you are one of those kind people that LIKE to be our beta testers and have a backup. The rest of us have deferrals in place.  I’ll be updating this post during the day with early trends, and keep an eye on the Master Patch list that I will update at the end of the date and consistently after that with info.  The full report will come out in next Monday’s newsletter.

  60 vulnerabilities

  3 critical

  0 under active attack.

  Unsure if the zero day has been fixed, hang loose.

  Zero day Follina and Dogpatch has been fixed, if you used the group policy workaround you can decide if you want to leave it or not, I would leave the Attack surface reduction rules in place.  If you are using 0Patch it will leave resident memory once you’ve installed the update. Dogpatch has not bee fixed, but I honestly don’t see as much concern on that one – more about this in the newsletter.

  IE drops out of support BUT not removed from your computer. More on this in the newsletter.

  SQL server has security updates – haven’t seen that in a long time https://www.catalog.update.microsoft.com/Search.aspx?q=Security+Update+for+SQL+Server

  6/15/2022 edit:  Possible wifi connectivity issues  after June patches installed on Windows 10 and Windows 11 — link here.

  Windows Security June 2021 Black Tuesday, MS-DEFCON 2, Patch Lady Posts

• Print Nightmare is going to be a nightmare

  Posted on June 30, 2021 at 14:38 CDT by Susan Bradley • Comment in the Forums

  

  This is me. This is me trying to figure out what best to do with a security issue in the news today. CVE-2021-1675 Or rather it’s what I’d like to be doing but I can’t.

  So here’s the deal. There’s a security vulnerability for Print spooler that was patched back on June 8th but the patch didn’t fully fix the issue.  On June 21, the vuln was updated to critical severity as a potential for remote code execution was found. There is now a zero day proof of concept of this issue out on Github and various places.  Specifically the proof of concept is for Windows Server 2019 but as I understand it, it impact more platforms as well.

  Edit:  Turns out this appears to be a new bug and not an unfixed vulnerability. Bottom line it’s still just as bad but now just a regular old zero day instead of a slightly unfixed zero day. And it also works on Windows 11 as well.

  Edit 7-2-2021 Micropatches from 0patch have been released for this issue 

  Action items if you are a consumer and DO print.

  As I’m reading it, this is a big deal on domain controllers – not so much on stand alone computers. This allows attackers to wiggle in via a remote authenticated user and raise the rights of that account.  Since home computers do not have “remote authenticated users”  I’m not freaking out here and recommending that you disable print spooler (yet).  I don’t know about you but I DO print so I cannot disable the print spooler service without severely impacting my productivity. I’ll keep monitoring the situation and update if I see anything where I think consumers/home users/small peer to peer networks should be taking action other than the usual “be careful out here” and watch what you click on. So for now if you run windows and print, take no action, other than to be your normal, careful, slightly paranoid self.

  Action items if you are a consumer and DON’T print.

  Print spooler lately has been a big target. If you know you don’t ever print or print to pdf or anything like that you can proactively click on the search box and type in “services”, scroll down to print spooler, double click and click to change the service to stop and then to disable the startup type. Note you need to be an administrator (or have admin rights) to be able to stop this service.

  Action items if you are a IT pro or MSP.

  Determine if you can follow this post and disable the print spooler service especially on Servers, Domain controllers in particular. You might want to go through server hardening guidance while you are at it.  Bottom line evaluate your risk for this attack and take action accordingly.  Recommendation is to disable the print spooler service on the Domain controllers first. If you are a SMB consultant where your Domain controller is ALSO your Print server there’s no good alternative especially if your folks have to print.

  TrueSec have come out with a workaround that allows you to deny permissions to keep attackers from gaining system rights and leave print spooler service as is.

  And if you are running Mint, Chromebook, Apple, etc. etc.  just try not to look so smug, okay?

  Windows Security CVE-2021-1675, June 2021 Black Tuesday, Patch Lady Posts

• June’s Patch recap so far

  Posted on June 16, 2021 at 10:51 CDT by Susan Bradley • Comment in the Forums

  Matt on twitter reports that….

  Office 365 CDN updates for ConfigMgr have been busted for 7+ days now; Enterprise customers who were told to #SplitTunnelAllTheContent unable to download patches for MSFT’s premier Office app

   

  Adding to this issue as well is that the May 21H1 CU’s that include the SSU are required to be installed before the June 21H1 CUs. So if you thought “oh cumulative updates are cumulative” …. uh well at least last month where it includes a mandatory Servicing stack update, this mandates that you install May before installing June. You can’t skip May’s release.

  So to recap so far we have…..

  Consumer issues:

  • Blurry weather icons on our task bar
  • Some people reporting printing issues (note I am not seeing this widespread so I still believe it’s an older printer driver issue)

  Enterprise/Business issues:

  • Issues with 365 patches for those that use ConfigMgr
  • Issues with remote event log viewing and other management tools if you patch workstations before you patch desktops

  And I’m honestly STILL not seeing major widespread attacks using the zero day bugs that were fixed in this month’s updates.  We’re still at DefCon2.  This is the week where I always say, if you have a backup and feel confident in your processes and WANT to patch, that’s always your choice, but I still haven’t given the all clear (when clearly it still isn’t clear).

  Let’s be careful out here.

  Windows 10 Releases June 2021 Black Tuesday, Patch Lady Posts

• June updates bring news

  Posted on June 9, 2021 at 01:05 CDT by Susan Bradley • Comment in the Forums

  It’s been a little bit funny seeing some of the reactions online to the News and Interests feature that is included in the June updates. As Askwoody readers know, this first started to trickle out in May but in the June security updates they are included in everyone’s Windows 10 including Enterprises.

  Just a reminder, you can right mouse click on the weather info, go up to news and interests, and either adjust the options (as it does take up a bit of real estate) or turn it off completely.

  Optionally you can use this registry key to do so. To use it, simply click on the download in the upper right, click to run the file, it will warn you it’s not digitally signed, click through that, next click through the UAC prompt and you’ll get to this page warning you about adding it to your registry.

  

  Click yes and it will turn off the News feature. You’ll need to reboot (I had to) to get it to turn it off.

  I’m keeping an eye on the early beta testers in the forums, so far I’m not seeing anything trending.  As always full details of the updates will be in the Newsletter, in the meantime if anyone needs assistance or help, you know where we are.

  In other patching news, keep an eye out for Apple 14.6 for your iphone/ipad and remember that Apple 15 will be offered up to even iphone 6 models. Androids, keep an eye out for your updates as well.

  Windows 10, Windows 7, Windows Security June 2021 Black Tuesday, Patch Lady Posts

• The June 2021 Office non-Security Updates have been released

  Posted on June 1, 2021 at 13:06 CDT by PKCano • Comment in the Forums

  The June 2021 Office non-Security updates have been released Tuesday, June 1, 2021. They are not included in the DEFCON-4 approval for the May 2021 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

  Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

  Office 2016
  Update for Microsoft Office 2016 (KB5001948)

  Office 2013
  Update for Microsoft Office 2013 (KB5001937)

  There were no non-security listings for Office 2010 (which reached EOS on October 13, 2020).
  On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support will end for Office 2013 on April 11, 2023.
  Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

  Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

  Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

  Office Patches/Security June 2021 Black Tuesday, June 2021 Office non-Security Updates, Office 2010, Office 2013, Office 2016