windows

Though we get a reprieve from Exchange updates in this month’s Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft’s new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)

Though the numbers are still quite high (with 86+ reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.

To read this article in full, please click here

On July 8, Microsoft pulled back from its decision in February to block macros in Excel documents by default. Microsoft had said it would block Excel files that contained macros if they were downloaded from the internet. (Malicious actors use these lures as a way to launch attacks on networks; specifically, ransomware and other types of malicious activity can launched from a plain, old malicious spreadsheet.)

Microsoft still plans to put this blocking in place, but only after “a better experience.” In the meantime, there are actions you can take now so you won’t need to worry about the change in the future.

If you work for a firm that’s developed spreadsheets for your own internal office use, chances are the spreadsheet does not have a digital signature. Signing machos is similar to how websites use SSL certificates to validate the site is legit. The hardest part of the self-signing process is deciding whether you want to purchase a code-signing certificate or use the self-signed certificate process. (I can tell you from personal experience that trying to purchase a code-signing certificate is an expensive and cumbersome process. I don’t recommend that option, except for large enterprises where the code-signing process is routine.)

To read this article in full, please click here

June’s Patch Tuesday updates, released on June 14, address 55 vulnerabilities in Windows, SQL Server, Microsoft Office, and Visual Studio (though there are oo Microsoft Exchange Server or Adobe updates this month). And a zero-day vulnerability in a key Windows component, CVE-2022-30190, led to a “Patch Now” recommendation for Windows, while the .NET, Office and SQL Server updates can be included in a standard release schedule.

To read this article in full, please click here

You could call today Patch-Tuesday Eve. It’s the day before Windows machines get offered updates from Microsoft. What should you be doing to prepare?

It depends on what kind of computer user you are.

If your files are stored in the cloud

You keep everything in the cloud, you use a Microsoft account, you don’t mind reinstalling your OS if need be. Your data is protected by a username and a password, and if you are savvy, your data is protected by two-factor authentication.  

Prior to Patch Tuesday, you might decide you don’t need to back up your computer system since you know if something happens to your computer, you can reinstall the operating system and merely reconnect to your various online storage services. You’ve double-checked that all cloud services you use have file versioning enabled, so if you need to roll back to a prior version of a file, you can do so.

To read this article in full, please click here

Let’s get this straight: It’s not normal for a Windows update to remove software. It’s designed to install the update, not change software already in place on your system. 

At least, updates are not supposed to remove software. Since March, however, if you run the RDgateway broker service on Server 2022 (and only that version), the monthly cumulative updates have removed that service. This behavior is not normal; this is a bug.

As Microsoft notes in the Microsoft 365 Admin dashboard: “We have received reports that after installing KB5005575 or later updates on Windows Server 2022 Standard Edition, Remote Desktop Services Connection Broker role and supporting services might be removed unexpectedly. We have expedited investigation and are working on a resolution. Note: Windows Server 2022 Datacenter edition and other versions of Windows Server are not affected by this issue.”

To read this article in full, please click here