Author: Susan Bradley

After a rocky year for patching, a look ahead to ‘22

For Windows users, it’s been a rough year for security vulnerabilities and patches. Now, my view about these kinds of problems is always a bit jaded. I pay attention to what people post about on the Askwoody forums, and they typically don’t say much if they have no problems. All I see are people with issues, not those with systems that install patches and reboot just fine.

That said, Windows servicing still genuinely concerns me at times. Before I look ahead to 2022, I want to dwell a bit on where we are now.

To read this article in full, please click here

A look at Microsoft’s patches and fixes in 2021 — the year of change

As we near the end of another year, I like to look back at the past 12 months in patching from MIcrosoft. What changed (a lot), what didn’t (patch-related problems). We began 2021 thinking Windows 10 would continue to be serviced and updated as usual, for instance. We end the year knowing different. (I’ll have some predictions for 2022 next week.)

We now know that Windows 10 will not receive updates indefinitely. Earlier this year, Microsoft unveiled Windows 11 and announced it would need certain hardware and Trusted Platform Module installed before machines would receive new OS. Given that most users only have hardware that will support Windows 10, many will be running the older OS until 2025. Microsoft already announced it will be providing security updates for Windows 10 until then and will move to an annual feature release model — matching the cadence for Windows 11. (My prediction for 2025: Microsoft will offer extended security patches for even consumer versions of Windows 10 because so many of us will have still usable machines unable to update to Windows 11. Come back in 2025 and we’ll see if I’m right.)

To read this article in full, please click here

How to get more out of Edge (and bolster its security)

I use Edge, the built-in browser in Windows, though I’m very much in the minority. I even think it has the potential to be a better browser than Firefox or Chrome. Case in point: the recent “Super Duper Secure Mode” that has rolled out to the default Edge version after being in beta channels for several weeks. (Let’s call it the “SDSM” setting.)

As noted in a past Edge blog post, SDSM provides additional security features that allows you to disable just-in-time Javascript and then enable Controlflow-Enforcement Technology (CET) instead. Just-in-time Javascript has been used in many zero-day browser attacks in the past — thus, blocking it will help protect our systems and platforms going forward. In my testing so far, I have not seen any side effects running Edge in this mode ,even when doing online shopping or banking.

To read this article in full, please click here

What’s past is prologue: When code-signing in Windows 11 goes bad

Once upon a time in technology, many years ago, Microsoft previewed server software to great fanfare at a meeting of IT pros. The company demonstrated how easy it was to use the software, which would automatically install the server, email server, and Sharepoint server — all in less than 30 minutes.

There was one problem: every time Microsoft went to demonstrate the server software, it would fail with an unclear error message.

Back then, I would sometimes post and answer questions in a Microsoft newsgroup. Just before Thanksgiving, I started seeing consultants trying to install the software see the same failure. One person in the forum thread figured out the issue: a specific SharePoint dll file used during the installation had a Nov. 23 expiration date. If you installed the server software before that date, you had no issues. If you tried to do it after, the installation would fail. The workaround? Go into the bios of the server, set the date back to before Nov. 23, install the software, then set the clock back to the correct time.

To read this article in full, please click here

Just who is Windows 11 for, anyway?

Seriously, who did Microsoft develop Windows 11 for? Only people who like centered taskbars? Only people who don’t mind “unlearning” how to get into task manager?

Maybe not, but I’d argue that Windows 11 wasn’t designed for you and me. Rather, it was designed for the businesses, governments, schools, and other entities that we interact with. It’s built to ensure that sensitive information can be secured.

Baked-in security

For starters, Windows 11 has allowed Microsoft to cut the cord on the 32-bit platform. Windows 11 will be first Windows OS that is 64-bit only. This allows Microsoft to build in more virtualization and containerization security features that cannot be done in the 32-bit platform.

To read this article in full, please click here

How to make sense of Microsoft’s upcoming mail security changes

With Microsoft about to shut off some versions of Outlook from access to Microsoft 365 and Outlook 365 services — that happens Nov. 1 — it’s important to remember this isn’t the only change coming for Outlook. A second change scheduled for next year may have a bigger impact on how you connect your email client — and may affect other email apps, too.

Because it could affect many users and businesses, Microsoft is giving everyone fair warning — a year in advance. On Oct. 1, 2022, Microsoft will be disabling basic authentication for its online mail services. This isn’t the first time the company has warned us about this. It had planned to disable authentication earlier this year before realizing it couldn’t do so without impacting businesses and users still struggling amid the pandemic. Hence, the delay.

To read this article in full, please click here

Survey says! What my informal survey shows about Windows

Several weeks ago, I asked readers to answer 11 questions about Windows. More than 1,000 people submitted responses, and while the results aren’t statistically valid, they do shed light on attitudes to Microsoft’s operating system

What do users run?

Not surprisingly, most respondents (74.75%) run some variation of Windows 10, with another 9.7% still on Windows 7. Linux was third, with 5.94%; “other” — a mixture of Windows 11, Windows XP, Chromebook, and even one Windows 98 user — had 4.55%. (I’m just hoping Windows 98 wasn’t used to answer the online survey questions.) The Mac was next, with 1.98%, followed by a smattering of phone platforms.

To read this article in full, please click here

A penchant for patching: After 20 years, the system’s still a mess

As a Microsoft Patch Lady, I’ve been patching computers and servers for more than 20 years. We started with a process that wasn’t well planned. We had no set day or time for when patches were released, and no way to centrally manage and deploy updates. Over the years Microsoft has moved to a more dependable deployment plan and the ability to manage updates through platforms ranging from Windows Update to Windows Software Update Services to Cloud services.

So things should be better now, right? We’ve had 20 years to get this right.

And yet, here’s what I’ve seen regarding patching in just the last week.

We are now on three months and counting of continuing issues with printing caused by patches. (This month included yet another fix for another print spooler vulnerability.) I’ve seen businesses dealing with new side effects directly impacting printing and, interestingly enough, these are businesses that didn’t have problems with earlier updates. This month, Windows 10 peer-to-peer networks appear to be the most affected. (FYI: The trigger for all of these printer issues seems to be older Type 3 printer drivers. Moving to type 4 drivers might help if that’s an option for you.)

To read this article in full, please click here

It’s been a big week for patches

This week brought updates that I consider critical for the “Big Three” — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.

While I strongly recommend that you patch Chrome and your iPhone as soon as possible, I always recommend that you hold back on updating Windows. That remains true — at least until we see whether there are any trending side effects from the Patch Tuesday updates.

Let’s break down the patching to do right away.

First, prioritize patching Apple devices. Among this week’s patches is one for Pegasus spyware, which can open up access to the camera and microphone as well as text messages, phone calls, and emails.  iPhones, in particular, have been targeted. Apple typically pushes these updates overnight if your phone is plugged in and charging (and connected to the Internet). If you want to make sure your iPhone has received the update, click on Settings, then General, then tap Software Update. Typically, after my iPhone updates, some apps may need passwords again. I personally try to save critical ones in the iCloud keychain. Look for patches for iOS 14.8 and iPad OS 14.8, and Security Update 2021-005 for macOS Catalina and Big Sur 11.6.

To read this article in full, please click here

Triggered by email? Some thoughts on how to stay safe

I got an email the other day, and it was nearly impossible for me to tell at first whether it was legitimate. Given that some vulnerabilities can gain access to your system if you merely preview an email in Outlook, I get nervous. But I do need to determine when an email is safe.

First and foremost, a healthy dose of skepticism is important. Always ask yourself whether the platform you're using is patched and ready to fend off attacks. If, for instance, you’re still using a version of Outlook that’s no longer supported, you are at risk; never open an unexpected email in an unpatched Office suite. You’re better off migrating to a newer email client that offers better protection. There are many third-party email clients that can be useful alternatives to Outlook. Thunderbird, eM Client, and Mailbird are three options I’ve found to be good — if you simply need light email and calendaring.

To read this article in full, please click here