Newsletter Archives

• MS-DEFCON 2: Are you still on Windows 10 21H2?

  Posted on June 8, 2023 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 20.23.1 • 2023-06-08

  

  By Susan Bradley

  We’re nearly halfway through the 2023 patching year, almost to the end of the road for Windows 10 21H2.

  But before we delve into that: Patch Tuesday is just around the corner, so it’s time to get conservative and defer patches. Accordingly, I’m raising the MS-DEFCON level to 2.

  Microsoft is indicating that it will “force” 21H2 machines to 22H2, but I have news for them — if you don’t have 22H2 and you are not using one of the methods to hold off on feature releases (Group Policy, registry key, etc.), chances are you have some sort of issue that is blocking the install. Some of the blocks may be driver-related, and some may be the result of underlying corruption in the code that handles patching.

  Anyone can read the full MS-DEFCON Alert (20.23.1, 2023-06-08).

  AskWoody Plus Alert, MS-DEFCON Alerts, MS-DEFCON, MS-DEFCON 2, SMB Signing, SMBv1, SMBv2, SMBv3, Windows 10

• Windows 7 crasher in the wild

  Posted on November 13, 2009 at 17:20 CST by woody • Comment in the Forums

  SANS Internet Storm Center reports that a guy by the name of Laurent Gaffie has posted a code sample that crashes Windows 7. The press has picked it up and branded it a “0day attack” which is literally true, but there’s much less there than meets the eye.

  At least at this point, the 0day can only freeze Windows 7. It can’t take over anything. But that makes it annoying, and potentially amusing to the kind of cretin who gets a kick out of freezing Windows 7 machines.

  A link to a server running this code could easily be embedded in a web page or email, pointing out to a server on the internet -  this exploit is not isolated to corporate networks doing file sharing.

  So if someone tells you that the sky is falling on Windows 7, you have my permission to yawn a bit.

  If somebody figures out a way to exploit the hole in SMB that this 0day uses, we’ll have a whole new ballgame. But for now it’s merely annoying.

   

  Windows Patches/Security SMBv2, Windows 7 0day

• MS-DEFCON 2: A record number of MS patches

  Posted on October 14, 2009 at 14:45 CDT by woody • Comment in the Forums

  Black Tuesday has come and gone, and Microsoft unleashed 34 – count em – 34 separately identified security patches, contained in 13 security bulletins numbered MS09-050 to MS09-062.

  The SANS Internet Storm Center List covers the highlights. The really disconcerting one is the first one – MS09-050 fixes a hole in Vista and Server 2008 that can be exploited remotely.

  I haven’t heard of anybody getting infected yet, but as soon as this baby has hit the big time, I’ll yell real loud and tell you to patch it.

  In the interim, hang in there, turn off Automatic Updates, and let’s see what crashes.

  I’m moving us to MS-DEFCON 2, Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it, with the caveat that Vista users need to keep an eagle eye on this page.

  Windows Patches/Security MS09-050, October 2009 Black Tuesday, SMBv2