Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws As the US season of giving thanks and turkey carnage approaches, let us reflect upon Microsoft's November Patch Tuesday, which has bestowed 55 CVEs and the promise of continued employment for the IT admins who have to clean up the recurring mess of software. Only six of the vulnerabilities are considered "Critical," the rest …
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h1#2737msgdesc
"Next steps: Microsoft is working on a resolution that will allow print clients to establish RPC packet privacy connections to print servers using RPC over SMB. We will provide an update once more information is available."
Best Fix Ever for Printers:
Take the printers out of the Windows Domain, plug it in a Raspberry Pi, network the Raspberry Pi.
Go for the domain controller, run a batch to update all clients to print via the networked-RPi.
In case report accountability is needed, fetch the reports from the RPi via SCP.
I acknowledge that for those having 100+ printers, this is quite a task.
Find a bug and fix it ... but before you release an update then you need to debug the changes ...
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan and P. J. Plauger in The Elements of Programming Style (1974).
Too often I see people "fix" bugs and then move on ... 55 security fixes, are these old bugs that have existed since the code was created, or are they just new bugs that were created by the previous update?
Remember that we pay MS for the Windows licenses. Then we pay for the IT staff to ensure that the updates don't break the other applications. Then we pay for the IT staff to update all the systems. Meanwhile, we spend an appreciable part of our IT budget on AV systems, Patch Management, all kinds of network protections, etc.
Just so that we can run Word, Excel, Outlook and PowerPoint. Not that these applications are any more secure. And we pay for them too.
What a scam. And we are responsible for our ignorance.
I remember a a presentation by MS Senior VP their Mountain View buildings around 2003-2004 where they touted how many fixes they put out and the effort they were putting into securing their systems. One gentleman politely asked the SVP if Microsoft was going to pay for all the costs required to update systems. The SVP's answer was, "Why should we?" Which either meant that he did not understand the gentleman's question or that he really didn't care about the downstream costs of Windows.
Every month when I see these articles about Patch Tuesday, I am relieved. Relieved that since my IT job was outsourced and I was forced to retire only 3 years early I no longer have sleepless nights worrying about patches. Relieved that I no longer have hundreds of servers that are my responsibility to patch and update in two weeks. Month after month after month.
A special favorite is the year when the "Patch Sunday" just happened to fall on Christmas Day. Any normal company would postpone patches for a week and let their IT staff enjoy Christmas. Not the folks I worked for. While the family was enjoying Christmas morning, opening presents and Christmas dinner, I was monitoring server restarts across 7 time zones and of course dealing with the ones that didn't come back up or some service wouldn't start or halted with a hardware error.
To all of you dealing with this each month, my sincerest wishes for a clean restart :)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
