Newsletter Archives

• MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed

  Posted on June 4, 2019 at 01:47 CDT by woody • Comment in the Forums

  If you’re running Windows 7, Vista, or XP — or Server 2003, 2008 or 2008 R2 — you need to get patched now. No, there aren’t any known BlueKeep exploits. But you don’t want to get caught with that ol’ “Kick me” sign stuck to your back. Tell  your friends.

  It’s also time to let nature run its course with the Win10 patches — don’t force anything, and rely on Windows Update to get you sorted out.

  I strongly advise against installing Win10 1903 at this point. It ain’t baked.

  Full step-by-step instructions in Computerworld Woody on Windows.

  Windows Patches/Security May 2019 Black Tuesday, MS-DEFCON 4

• Where we stand with the May 2019 Windows patches

  Posted on May 30, 2019 at 03:38 CDT by woody • Comment in the Forums

  Whotta mess.

  Again.

  I was tempted to come up with a list of the days that we had new patches and patches of patches, and finally gave up. You’d be much better off listing the days that we didn’t have screwy patches.

  Details in Computerworld Woody on Windows.

  I should’ve made this more explicit… I think XP, Vista and Win7 customers (and their related Servers) should patch now, but there’s still no pressing reason to update anything else.

  Give it a few more days.

  Windows Patches/Security May 2019 Black Tuesday

• New, one-off cumulative updates for all Win10 versions to fix that “gov.uk” HSTS bug

  Posted on May 20, 2019 at 07:30 CDT by woody • Comment in the Forums

  Yep, it’s Sunday.

  Looks like we have new cumulative updates for all versions of Win10 and all related versions of Server. That, combined with the Win7 and 8.1 patches released on Saturday, seems to fix all of the buggy gov.uk May patches.

  If you’re a glass-half-full kind of person, you can say that Microsoft fixed the bug it promulgated in less than a week.

  If you’re a glass-half-empty sort, you can say that it took Microsoft nearly a week to fix the bug it spread on Tuesday.

  Details in Computerworld Woody on Windows.

  Win10 Installation instructions from the KB articles:

  Install this update

  • UK customers : This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, Check for updates to apply the update immediately.
  • Customers outside of the UK: This update will not be applied automatically. If you are affected by this issue, we recommend that you apply this update from Windows Update and then restart your device.
  Windows Patches/Security May 2019 Black Tuesday

• For the second month in a row, McAfee and Sophos are having problems with the Win7/Server 2008 R2 Monthly Rollup and Security-only patches

  Posted on May 19, 2019 at 07:38 CDT by woody • Comment in the Forums

  After the debacle last month, you’d think that McAfee and Sophos would’ve figured out a way to work with Microsoft’s monthly patches.

  Not so.

  Microsoft says that its May 14 Monthly Rollup, KB 4499164 and Security-only patch KB 4499175, are triggering problems anew:

  Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

  We are presently investigating this issue with McAfee.

  Guidance for McAfee customers can be found in the following McAfee support articles:

  • McAfee Security (ENS) Threat Prevention 10.x
  • McAfee Host Intrusion Prevention (Host IPS) 8.0
  • McAfee VirusScan Enterprise (VSE) 8.8

  To be clear, this is in addition to the problems we all felt last month. The official Release Information status page says that this particular problem originated on April 9 and has been mitigated. McAfee disagrees: “May 16, 2019 Updated that this issue applies to Windows April 2019 update KBs or later Windows monthly updates.” You can choose which one you believe.

  Microsoft hasn’t yet admitted to the problems with Sophos, but I assure you they will. Here’s what Sophos says:

  We have had an increase in customers reporting that following on from the Microsoft Windows 14th May patches they are experiencing a hang on boot where the machines appear to get stuck on “Configuring 30%”

  Initial findings suggest that this relates to the below Microsoft Patches:

  May 14, 2019—KB4499164 (Monthly Rollup)
  May 14, 2019—KB4499165 (Security-only update)

  We have currently only identified the issue on Windows 7 and Windows Server 2008 R2

  Applies to the following Sophos product(s) and version(s)
  Sophos Endpoint Security and Control
  Sophos Central Endpoint Standard/Advanced

  Why does this feel like deja vu all over again?

  Thx Kevin Beaumont @GossiTheDog.

  Windows Patches/Security May 2019 Black Tuesday, McAfee, Sophos

• Good news: The “wormable” security hole in XP, 7, and related Servers, isn’t being exploited yet

  Posted on May 16, 2019 at 08:21 CDT by woody • Comment in the Forums

  If you’re running

  • Windows XP (including Embedded)
  • Windows Server 2003, Server 2003 Datacenter Edition
  • Windows 7
  • Windows Server 2008, Server 2008 R2

  You still have time to install the May patches.

  https://twitter.com/2sec4u/status/1128782426954706950

  Windows Patches/Security May 2019 Black Tuesday

• MS-DEFCON 3: Get Windows XP, Win7 and associated Servers patched

  Posted on May 15, 2019 at 07:59 CDT by woody • Comment in the Forums

  If you’re running Win8, 8.1, 10 or related Server versions, stay on MS-DEFCON 2. Don’t install this month’s patches just yet.

  But if you have:

  • Windows XP (including Embedded)
  • Windows Server 2003, Server 2003 Datacenter Edition
  • Windows 7
  • Windows Server 2008, Server 2008 R2

  you need to get patched right away. The sky isn’t falling — there’s no worm making the rounds just yet — but at this point it looks like the benefits of patching outweigh the risks.

  If you’re running Vista, hang tight. Looks like Microsoft forgot to document that one.

  For XP and 7 users, I’m moving to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  Details in Computerworld Woody on Windows. And I’ll have an AskWoody Alert out soon.

  Windows Patches/Security May 2019 Black Tuesday, MS-DEFCON 3

• May 2019 Patch Tuesday arrives

  Posted on May 14, 2019 at 12:08 CDT by woody • Comment in the Forums

  The Update Catalog has 237 new entries. Jeeeez.

  The Security Update Guide lists 2,195 new individual patches today.

  Martin Brinkmann has posted his summary:

  • Microsoft released security updates for all supported versions of Windows.
  • All versions of Windows are affected by CVE-2019-0903,  a GDI+ Remote Code Execution Vulnerability critical vulnerability.
  • Windows 7 is the only client system affected by another critical vulnerability CVE-2019-0708 , Remote Desktop Services Remote Code Execution Vulnerability
  • Microsoft released a security update for Windows XP (KB4500331)

  Dustin Childs has his report posted for ZDI:

  security patches for 79 CVEs (separately identified security holes) along with two advisories… (Windows Error Reporting bug CVE-2019-0863 being exploited actively)… details about the use of the exploit are not available, it is likely being used in limited attacks against specific targets.

  Big news is the “wormable” security hole in RDP, CVE-2019-0708. From Simon Pope on the MSRC Technet blogt:

  Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

  Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.

  Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

  Yes, you read that correctly. There’s a downloadable fix for Win 2003 (not to be confused with Win10 “version 2003,” which is currently in the Insider Fast Ring) and WinXP.

  https://twitter.com/GossiTheDog/status/1128349050481328128

  But wait. That’s not all. There’s also a big hole in .NET versions 2.1 and 2.2. CVE-2019-0982. It’s a Denial of Service vulnerability.

  UPDATE: Poster Old School on Krebs on Security reports:

  KB 4494441 [that’s the Win10 1809 patch] had to be installed twice so be sure to run Windows Update twice. I was not amused.

  Windows Patches/Security May 2019 Black Tuesday

• MS-DEFCON 2: Keep the May 2019 patches off your machine for now

  Posted on May 13, 2019 at 07:43 CDT by woody • Comment in the Forums

  Tomorrow’s Patch Tuesday and, if it’s like other Patch Tuesdays for the past year or two, it’ll be accompanied by howls of pain.

  Don’t be an unpaid beta tester. Get Windows Update locked down.

  We’re at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  Full details in Computerworld.

  Windows Patches/Security May 2019 Black Tuesday, MS-DEFCON 2
• « Older Entries