Do you feel safer? Is your computing experience more reliable these days?
Seriously, you are reading this article on a computer or phone, connecting to this site on an internet shared with your grandmother, as well as Russian hackers, North Korean attackers, and many teenagers watching TikTok videos. It has been 20 years since Microsoft CEO Bill Gates wrote his Trustworthy Computing memo in which he emphasized the security of the company's products.
So are we really safer now?
I'll take the side effects of last week's Patch Tuesday security updates into account and factor them into my answer. First, the good news: I don't see any major side effects on PCs that aren't connected to Active Directory domains (and I haven't seen any issues testing my hardware at home). I can still print to my local HP and Brother printers. I can browse and access files. So while I'm not quite ready to give the green light to install the January updates just yet, I doubt I'll see any side effects.
But for businesses, this month's updates offer a confusing and murky story. Microsoft hasn't exactly been a good and reliable IT partner this month. Instead of taking the last two decades to build bulletproof and resilient systems, we have servers going into boot loops and administrators having to boot into DOS mode and run commands to uninstall updates.
It's not where we were supposed to be right now.
As Gates said 20 years ago: “Availability: Our products must always be available when our customers need them. System failures should be a thing of the past with a software architecture that supports redundancy and self-healing. Self-management should allow service to be resumed without user intervention in almost all cases.
And yet I always delay updates on my computer systems because the latest updates, in particular, have shown that servers can have recovery issues. Example: "Windows server domain controllers may reboot unexpectedly." This appeared after last week's security patches on all supported Windows server platforms. As noted in the known issue description, this occurs after using Microsoft's recommended guidance for hardening Active Directory, which included using Shadow Principals in Enhanced Security Admin Environment (ESAE) or Privileged Identity Management (PIM) environments. ). Affected systems include Windows Server 2022 (KB5009555); Windows Server version 20H2 (KB5009543); Windows Server 2019 (KB5009557); Windows Server 2016 (KB5009546); Windows Server 2012 R2 (KB5009624) Windows Server 2012 (KB5009586).
I've also seen reports that following the Active Directory security compliance advice (created after the November security releases) will trigger the reboot issue if you've set the PACRequestorEnforcement value to 2.
Even with cloud services, availability issues remain unresolved. For example, Microsoft 365 has a Twitter account whose purpose is to communicate service availability issues. Hardly a week goes by without you receiving an alert about a service issue. Cloud services are going strong, but I don't see much progress with either local servers or cloud services. Instead of planning for automatic recovery, we need to ensure that we have alternative services and other means of communication if our systems are affected by patches or ransomware.
More from Gates: “Security: The data our software and services store on behalf of our customers should be protected from harm and used or changed only as appropriate. Security models should be easy for developers to understand and integrate into their applications. »
However, last week's security releases included confusing communication about a possible worm flaw. The https error in the form of CVE-2022-21907 does not clearly indicate which versions are vulnerable. Clarification and analysis had to come from external sources before we could determine that Windows 10 version 1809 and Server 2019 are not vulnerable by default unless the HKLM:SystemCurrentControlSetServicesHTTPParameter EnableTrailerSupport registry key is set to 1. Windows 10 later than 1809 are vulnerable by default. I would say that 20 years after the publication of the Trustworthy IT memo, our security models, and just as importantly, our security communication, are still not easy to understand.
We are also tracking issues with HyperV servers on Server 2012R2 (and apparently only on this platform) where VMs fail to start after applying KB5009624 on devices using UEFI. If you have virtual servers hosted on Server 2012R2, avoid installing updates on these platforms.
And Windows 10 desktop users who rely on virtual private networks for remote access should uninstall the January updates due to a side effect that breaks VPN access on Windows 10 or Windows 11 systems. For those who rely on L2TP VPN or IPsec VPN, you will not be able to connect using VPN after installing updates.
Gates closed his memo with this: "Moving forward, we need to develop technologies and policies that help enterprises better manage ever-growing networks of PCs, servers, and other smart devices, knowing that their critical systems operations are immune to damage.Systems will need to become self-managing and inherently resilient.We need to prepare now for the kind of software that will make this possible, and we need to be the kind of company people can trust to deliver it.
So how did it work? We are in the same place where we were 20 years ago; we always have to rely on ourselves to decide the right time to install updates.
So what do you really think about security? Join the discussion on the AskWoody forums!
Copyright © 2022 IDG Communications, Inc.