It’s been a big week for patches

This week brought updates that I consider critical for the “Big Three” — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.

While I strongly recommend that you patch Chrome and your iPhone as soon as possible, I always recommend that you hold back on updating Windows. That remains true — at least until we see whether there are any trending side effects from the Patch Tuesday updates.

Let’s break down the patching to do right away.

First, prioritize patching Apple devices. Among this week’s patches is one for Pegasus spyware, which can open up access to the camera and microphone as well as text messages, phone calls, and emails.  iPhones, in particular, have been targeted. Apple typically pushes these updates overnight if your phone is plugged in and charging (and connected to the Internet). If you want to make sure your iPhone has received the update, click on Settings, then General, then tap Software Update. Typically, after my iPhone updates, some apps may need passwords again. I personally try to save critical ones in the iCloud keychain. Look for patches for iOS 14.8 and iPad OS 14.8, and Security Update 2021-005 for macOS Catalina and Big Sur 11.6.

The Chrome browser update fixes two in-the-wild exploits patched in version 93.0.4577.82 for Windows, Mac and Linux. (For those using the Chrome OS, Bleeping computer reports that some devices have been reporting black screens after trying to log into their Chrome OS accounts.)

And finally, we come to Microsoft. For anyone hoping this month’s updates would “fix” an issue involving the use of group policy to deal with printers for your domain/business users (I wrote about this earlier), welcome to your new normal: The way you used to deploy printers isn’t fixed. What is fixed is yet another remote attack that utilized the print spooler to gain more access to your machines. So we’re going to have to redeploy print drivers using different means.

Clearly, Microsoft doesn’t see (or apparently understand) how disruptive this change has been for business users. Some of this may be that for many firms the impact has been blunted because workers aren’t in in the office and needing to print. But as employees move back into the office, we will have to use new techniques to deploy printers. Group Policy MVP Jeremy Moskowitz has written up the ultimate workaround and guidance for the issue. For users with a directly attached printer, there have apparently been few issues with the PrintNightmare patches. I saw no side effects in August, and I’ve seen none so far in September.

If you’re still running Windows 10 version 2004, be aware that Dec. 14, 2021 marks the end of support for that version of the OS. While Microsoft has been forthcoming about the release date of Windows 11 (Oct. 5), it’s said little about the arrival of Windows 10 21H2. Everyone keeps assuming it’ll be in October, but no one seems to know. (The update process from 2004 to 20H2, or even 21H1, was minor for me; I don’t foresee any problems for those that want to jump to the21H1 feature release.)

We’ve seen some of the expected changes discussed in blogs, but not when they will be released. Given that 21H2 does not appear to be a major release, I don’t anticipate vendors having major issues. In general, it looks to be more of a release for businesses on their way to Windows 11. Given the small number of changes, I expect to give an “all clear to install” within a few months after release.

Microsoft is at the point where it’ll be releasing 21H2, as well as Windows 11, to commercial vendors so they can certify their apps work on both releases. Clearly, it’s getting close to release as Microsoft is once again re-re-re-releasing KB4023057 — the update for Windows 10 Update service components that it releases on something of a quarterly basis. It’s used to ensure that computers not in a domain or business setting are ready for the next feature release, by checking to ensure that the Windows update process is healthy, that there is enough drive space available for updates, that network settings are reset if problems are detected, and that the Windows update history database is reset as needed. 

Many users rely on the Wumgr tool to hide this update, as it has been reported to cause some issues with networking on some computers. If the patch has already been installed, there’s no need to uninstall it since the processes have already taken place. I personally like to review my system for health issues regularly, so I make sure that I check the C: drive for space issues. If I get error messages when attempting to install Windows updates, the best way to fixing misbehaving systems is to not use sfc /scannow or DISM commands; I would do a repair install over the top. You won’t lose any data and your computer will be healthier when you are done.

So, as we look ahead to 21H2 and Windows 11, I’m still in testing mode for this week’s Patch Tuesday arrivals — as you should be, too. As always, if you see or hear of any side effects, let us know at Askwoody.com and we’ll follow up on them.