|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
SMB security changes in Windows 11 might affect your NAS, too
WINDOWS 11
By Mary BranscombeIt’s going to get harder and harder to connect to your NAS as a guest with SMB. That’s a good thing for security, but it could be a problem if your hardware is older.
The Server Message Block (SMB) network file-sharing protocol lets Windows applications read and write files stored on servers in your network, including Network Attached Storage (NAS) systems. SMB underpins a lot of Windows network technologies, such as Storage Spaces Direct and even network printing. The print spooler is essentially just a file, after all.
Read the full story in our Plus Newsletter (20.35.0, 2023-08-28).
-
MS-DEFCON 2: Are you still on Windows 10 21H2?
ISSUE 20.23.1 • 2023-06-08 
By Susan Bradley
We’re nearly halfway through the 2023 patching year, almost to the end of the road for Windows 10 21H2.
But before we delve into that: Patch Tuesday is just around the corner, so it’s time to get conservative and defer patches. Accordingly, I’m raising the MS-DEFCON level to 2.
Microsoft is indicating that it will “force” 21H2 machines to 22H2, but I have news for them — if you don’t have 22H2 and you are not using one of the methods to hold off on feature releases (Group Policy, registry key, etc.), chances are you have some sort of issue that is blocking the install. Some of the blocks may be driver-related, and some may be the result of underlying corruption in the code that handles patching.
Anyone can read the full MS-DEFCON Alert (20.23.1, 2023-06-08).
-
Win10 1709 and later are supposed to uninstall SMBv1 if it isn’t used — but 1803 doesn’t work that way
Many of you have read about the evils of SMBv1, one of the great Windows malware attack vectors of all time.
Microsoft fixed much of the problem back with Win10 1709. Here’s the story, with lots of specifics:
In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3) and later versions, the Server Message Block version 1 (SMBv1) network protocol is no longer installed by default…
Windows 10 Home and Windows 10 Professional still contain the SMBv1 client by default after a clean installation. If the SMBv1 client is not used for 15 days in total (excluding the computer being turned off), it automatically uninstalls itself.
But there’s a catch. Per Ned Pyle, the “uninstall if not used” feature in 1709 doesn’t happen if you do a fresh install of 1803. It also doesn’t happen if you upgrade directly from 1703 to 1803.
Pyle also says that the latest beta versions of Win10 1809 (or whatever it’ll be called) have the same problem.
Oh boy.
Thx @sb
-
Patch lady – Scanners and SMBv1
So if your older scanner suddenly doesn’t work consider this: In 1709 if you did an in place upgrade, you retain the SMBv1 in your networking configuration. However because this is deemed very unsafe (and it is a risk to keep it enabled), Microsoft does a check to see if you are still using it. “In-place upgrades and Insider flights of Windows 10 Home and Windows 10 Professional do not automatically remove SMB1 initially. If the SMBv1 client or server is not used for 15 days in total (excluding the time during which the computer is off), they each automatically uninstall themselves.”So 15 days after SMBv1 on the client is not used, the system will send a dism command to disable SMBv1
If suddenly your clients (if you are a consultant), or you (if it’s your computer) won’t scan to computer or scan to share, and you are using an older multi function device, go into your Windows 10 1709 and see if you can spot this in your event log in the setup section:
Event 8
Initiating changes to turn off update SMB1Protocol-Client of package SMB1-Package. Client id: DISM Package Manager Provider.
If so, see if your printer/scanner manufacturer has a firmware update to support SMBv2 or SMBv3. If not, you may need to either purchase a new device, or decide to lower your defenses. Remember SMBv1 is often used in attacks to gain more rights and more toe-holds into a system and thus distribute ransomware.
Bottom line if suddenly you can’t scan to a folder, check to see if that device only supports SMBv1 and then decide if you want to risk enabling it.
-
List of problematic SMBv1-only hardware, from NedPyle
No doubt you’ve been following the SMBv1 controversy, where an ancient protocol is exposing lots of machines to WannaCry-class malware. You or your company may well have started disabling it.
Microsoft’s Ned Pyle (@NerdPyle on Twitter) has compiled a lengthy list of hardware that only works with SMBv1. It’s a sobering list.
-
Turn off SMBv1 on Windows, but be aware of the consequences
Good series of articles from Barb Bowman, taking normal everyday users through the steps to disable SMBv1, the Windows system utility that put the “cry” in WannaCry.
The first article explains how to turn it off.
The second article gives workarounds for common problems with disabling the ancient protocol.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
CVE program gets last-minute funding from CISA – and maybe a new home
by 30 minutes ago
-
Whistleblower describes DOGE IT dept rumpus at America’s labor watchdog
by 40 minutes ago
-
Seeing BSOD’s on 24H2?
by 3 hours, 30 minutes ago
-
TUT For Private Llama LLM, Local Installation and Isolated from the Internet.
by 6 hours, 57 minutes ago
-
Upgrade from Windows 10 to 11
by 9 hours, 20 minutes ago
-
Microsoft : AI-powered deception: Emerging fraud threats and countermeasures
by 12 hours, 10 minutes ago
-
0patch
by 8 hours, 38 minutes ago
-
Devices might encounter blue screen exception with the recent Windows updates
by 5 hours, 32 minutes ago
-
Windows 11 Insider Preview Build 22631.5261 (23H2) released to Release Preview
by 15 hours, 9 minutes ago
-
Problem opening image attachments
by 16 hours, 44 minutes ago
-
advice for setting up a new windows computer
by 1 day, 7 hours ago
-
It’s Identity Theft Day!
by 11 hours, 46 minutes ago
-
Android 15 require minimum 32GB of storage
by 1 day, 12 hours ago
-
Mac Mini 2018, iPhone 6s 2015 Are Now Vintage
by 1 day, 12 hours ago
-
Hertz says hackers stole customer credit card and driver’s license data
by 1 day, 12 hours ago
-
Firefox became sluggish
by 1 day, 9 hours ago
-
Windows 10 Build 19045.5794 (22H2) to Release Preview Channel
by 1 day, 16 hours ago
-
Windows 11 Insider Preview Build 22635.5235 (23H2) released to BETA
by 1 day, 17 hours ago
-
A Funny Thing Happened on the Way to the Forum
by 14 hours, 36 minutes ago
-
Download speeds only 0.3Mbps after 24H2 upgrade on WiFi and Ethernet
by 9 hours, 10 minutes ago
-
T-Mobile 5G Wireless Internet
by 15 hours, 17 minutes ago
-
Clock missing above calendar in Windows 10
by 16 hours, 29 minutes ago
-
Formula to Calculate Q1, Q2, Q3, or Q4 of the Year?
by 2 days, 8 hours ago
-
The time has come for AI-generated art
by 1 day, 12 hours ago
-
Hackers are using two-factor authentication to infect you
by 1 day, 21 hours ago
-
23 and you
by 2 days, 5 hours ago
-
April’s deluge of patches
by 9 hours, 2 minutes ago
-
Windows 11 Windows Updater question
by 9 hours, 24 minutes ago
-
Key, Key, my kingdom for a Key!
by 3 days, 14 hours ago
-
Registry Patches for Windows 10
by 3 days, 18 hours ago
Remembering Woody
