Newsletter Archives

• March Madness patching begins

  Posted on March 8, 2022 at 12:00 CST by Susan Bradley • Comment in the Forums

  While over at Apple they are having a livestream event, Microsoft is releasing their updates. Will Apple release updates today as well?

  Windows 11 gets weather on the left hand side where start menu is in Windows 10.  You know you are getting old when moving the weather icon around annoys you.  While Microsoft said that Windows 11 would only get feature releases once a year, they are dribbling out these task bar changes constantly. Remember the changes that were in preview last time, will be in the Windows 11 updates this month. My advice?  Use Start11 or any of the other classic menu offerings if you are on Windows 11.

  Meanwhile, for those of us on Windows 10, 8.1, 7 and server operating systems, keep an eye out for the security updates releasing today.

  Also be aware that Windows 10 20H2 Home and Pro edition drops out of support on May 10, 2022 and Windows 10 1909 Enterprise and Education drops out on May 10, 2022 as well.

  For those on Linux, look out for “Dirty pipe” a vulnerability that recently came to light and has been fixed in Linux versions 5.16.11, 5.15.25, and 5.10.102 as of February 23, 2022.  A proof of concept has been released.

  As always, pop that popcorn, sit on the sidelines as we weed through the releases and see what side effects will occur.

  I’ll be adding links and resources as the patches and information is released. Of course, full analysis will be in next week’s newsletter.

  Updated info:

  92 vulnerabilities, 2 publicly disclosed, 3 critical

  If you have an on premises Exchange server – once again you want to test and patch as soon as you can.

  Remote Desktop client needs a patch- but it needs a malicious server to trigger the remote control execution.

  Windows 10 2004 and later (only) have a SMBv3 bug and Xbox has a bug unique to it and it alone.

  HEVC video extensions are getting a patch which means if you are one who blocks updates through the Microsoft store, you’ll need to manually update this.

  Gunther Born reports that Remote desktop connection role on Server 2022 is impacted. Note I am not seeing this on Server 2019 or earlier versions.

   

  Security, Windows Patches/Security March 2022 Black Tuesday, Patch Lady Posts

• March 2022 Office non-Security Updates are now available

  Posted on March 1, 2022 at 15:17 CST by PKCano • Comment in the Forums

  The March 2022 Office non-Security updates have been released Tuesday, March 1, 2022. They are not included in the DEFCON-5 approval for the February 2022 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

  Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

  Office 2016
  Update for Microsoft Office 2016 (KB5002160)
  Update for Skype for Business 2016 (KB5002106)

  There were no non-security listings for Office 2013.
  On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support will end for Office 2013 on April 11, 2023.
  Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

  Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

  Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

  Office Patches/Security March 2022 Black Tuesday, March 2022 Office non-Security updates, Office 2013, Office 2016