|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
February 2024 patches for Windows
Ready or not, here comes the February updates for Windows.Will we see a fix for our KB5034441 for Windows 10 22H2 and in KB5034440 for Windows 11 woes? (so far, the answer is no)
What we will see is “Highlights for Windows 11, versions 22H2 & 23H2 (cont.) •The Copilot in Windows icon will appear on the right side of the system tray on the taskbar. Also, the display of Show desktop at the rightmost corner of the taskbar will be off by default.”
Ugh. And double Ugh.
I’ll be adding more links to this post as I digest the info.
And of course it’s a “dribbled” change
- Note Windows 11 devices will get this new functionality at different times. Some of these new features roll out gradually using controlled feature rollout (CFR) to consumers.
Remember if you get Copilot and don’t want it, we’ve got your back here and here.
Grrrrrrrrrr and double grrrrrrrrrrrrrrr
Zero day blog on the updates released today.
Exchange getting patched again today. SQL client fixes released in the OS patches so check those line of business database connections. Not seeing any automated patch for the Windows RE issues. Office and specifically Outlook is getting fixed for a preview pane security issue. Defender for endpoint getting fixes for zero day that led to malware being installed.
-
Closing the year on patching
PATCH WATCH
By Susan Bradley
We need a little Copilot, now.
I have a favorite Christmas song called “We Need a Little Christmas” (now). That comes to my mind because for those of you who want to partake in the artificial intelligence experiment know as Windows Copilot, you may end up humming the slightly modified song “I Need a Little Copilot” (now).
The December updates start to bring Copilot into Windows 10. I say “start” because, like many things in Microsoftland, features and changes are no longer released en masse to everyone in the form of a service pack. Instead, the changes are dribbled out or limited to certain geographical areas.
Read the full story in our Plus Newsletter (20.51.0, 2023-12-18).
-
Wrapping up July’s updates
PATCH WATCH
By Susan Bradley
We’re at the dividing line. We are working on getting July’s updates installed and reviewing whether we have Windows 10 22H2 installed. Meanwhile, that window of opportunity for installing updates is closing soon.
But that’s just the Windows side of the patching world. On the Apple side, we’ve had to deal with zero-day patches this month. Not to be left out, Android is doing last-minute beta testing on Android 14 beta 4.1.
Read the full story in our Plus Newsletter (20.32.0, 2023-08-07).
-
Patch testing isn’t easy
PATCH WATCH
By Susan Bradley
No matter who the vendor is, bugs occur.
By the time you read this, Apple will have already re-released its rapid security patches for iOS, iPadOS (16.5.1), and MacOS Ventura (13.4.1). The patches dealt with side effects impacting Facebook, Instagram, WhatsApp, Zoom, and various other websites.
The bug release fixed a WebKit vulnerability that was being exploited in the wild. If you don’t use Safari as your default browser, or if you don’t use the impacted apps, I hope you just did the “sit tight and wait for a re-release” thing.
Read the full story in our Plus Newsletter (20.29.0, 2023-07-17).
-
Apple and Microsoft fix April zero days
PATCH WATCH
By Susan Bradley
Tomorrow is the tax-filing deadline in the US. It’s not the time to be installing updates, especially since we’re still at MS-DEFCON 2.
In other words, we’re still in deferral mode despite several newsworthy patching headlines and despite my not having noticed any significant side effects. As usual, I suggest patience until we know more.
The majority of the items of concern relate to businesses, not consumers. Here are some highlights.
Read the full story in our Plus Newsletter (20.16.0, 2023-04-17).
-
Apple emergency updates
(First off Good Friday, Happy Passover, Happy Ramadan, Happy near the end of the weekend to everyone)
Apple pushed updates for 2 new zero-days that may have been actively exploited.
CVE-2023-28206 (IOSurfaceAccelerator):
– macOS Ventura 13.3.1
– iOS and iPadOS 16.4.1 CVE-2023-28205 (WebKit):
– macOS Ventura 13.3.1
– iOS and iPadOS 16.4.1Specifically:
macOS Ventura 13.3.1 – 2 bugs fixed
iOS and iPadOS 16.4.1 – 2 bugs fixedOn the Apple platform when you read “may have been exploited” that’s usually geek speak for “was used in a very targeted attack and has not been widely used”.
-
Ensuring you can recover
PATCH WATCH
By Susan Bradley
Anyone reading the title of this edition of Patch Watch may think I’m talking about a Windows update issue.
But no matter what your technology, I want to remind you that having a backup means that you will be able to recover.
A good friend of mine, totally ensconced in the Apple world, reported that her older Apple computer running Monterey was not a happy camper. She had been traveling and did not want to install updates. Once at home after her travels, she attempted to update. That’s when the “fun” started.
Read the full story in our Plus Newsletter (20.11.0, 2023-03-13).
-
Zero day in office – but don’t panic
Microsoft Releases Workaround Guidance for MSDT “Follina”; Vulnerability
05/31/2022 11:11 AM EDT
Original release date: May 31, 2022
Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.
CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.
Here at Askwoody we are a bit more savvy. WE DON’T OPEN THINGS WE AREN’T EXPECTING. That said if you do want to proactively protect yourself ….
Group policy fix – Just disable “Troubleshooting wizards” by GPO see the location here:
Registry fix:
click on the search box, type in cmd
Right mouse click on cmd in the menu bar to RUN AS ADMIN
type in reg delete HKEY_CLASSES_ROOT\ms-msdt /f
Click enter
If you want to restore it back:
This registry key will restore the troubleshooting wizard – link here
Click on the downloads, double click to launch, follow the slightly scary instructions to import the registry key back in.
=================
Update 6/1/2022
Now the URI for Search is being abused.
Once again if you want to proactively protect yourself
Run Command Prompt as Administrator.
Execute the command “reg delete HKEY_CLASSES_ROOT\search-ms /f”
If you want to restore it back, click here
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
The incredible shrinking desktop icons
by 1 hour, 51 minutes ago
-
Windows 11 Insider Preview Build 22635.520 (23H2) released to BETA
by 3 hours, 23 minutes ago
-
Connecting hard drive on USB 3.2 freezes File Explorer & Disk Management
by 10 hours, 25 minutes ago
-
Shellbag Analyser & Cleaner Update
by 3 hours, 51 minutes ago
-
CISA warns of increased breach risks following Oracle Cloud leak
by 12 hours, 36 minutes ago
-
Outlook 2024 two sent from email addresses
by 41 minutes ago
-
Speeding up 11’s search
by 23 hours, 52 minutes ago
-
HP Pavilion Will Not Wake Up After Being Idle for Longer Period
by 8 hours, 56 minutes ago
-
Make a Windows 11 Local Account Passwordless
by 1 day, 2 hours ago
-
Ubuntu 25.04 (Plucky Puffin)
by 1 day, 10 hours ago
-
24H2 fixed??
by 2 hours, 38 minutes ago
-
Uninstalr Updates
by 1 day, 15 hours ago
-
Apple zero days for April
by 20 hours, 1 minute ago
-
CVE program gets last-minute funding from CISA – and maybe a new home
by 12 hours, 54 minutes ago
-
Whistleblower describes DOGE IT dept rumpus at America’s labor watchdog
by 2 days, 14 hours ago
-
Seeing BSOD’s on 24H2?
by 1 day, 20 hours ago
-
TUT For Private Llama LLM, Local Installation and Isolated from the Internet.
by 2 days, 4 hours ago
-
Upgrade from Windows 10 to 11
by 2 days, 22 hours ago
-
Microsoft : AI-powered deception: Emerging fraud threats and countermeasures
by 3 days, 1 hour ago
-
0patch
by 2 days, 2 hours ago
-
Devices might encounter blue screen exception with the recent Windows updates
by 2 days, 18 hours ago
-
Windows 11 Insider Preview Build 22631.5261 (23H2) released to Release Preview
by 3 days, 4 hours ago
-
Problem opening image attachments
by 3 days, 6 hours ago
-
advice for setting up a new windows computer
by 3 days, 20 hours ago
-
It’s Identity Theft Day!
by 22 hours, 31 minutes ago
-
Android 15 require minimum 32GB of storage
by 4 days, 1 hour ago
-
Mac Mini 2018, iPhone 6s 2015 Are Now Vintage
by 4 days, 1 hour ago
-
Hertz says hackers stole customer credit card and driver’s license data
by 4 days, 2 hours ago
-
Firefox became sluggish
by 1 day, 18 hours ago
-
Windows 10 Build 19045.5794 (22H2) to Release Preview Channel
by 4 days, 6 hours ago
Remembering Woody
