DOCSLIB.ORG

HFCS 2101 (January 2021)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
HFCS 2101 (January 2021) Cybersecurity Suite HFCS 2101 (January 2021) Patch Compliance Engine (PCE) User Guide CS-HFCSE613en-2101A January 2021 Disclaimer This document contains Honeywell proprietary information. Information contained herein is to be used solely for the purpose submitted, and no part of this document or its contents shall be reproduced, published, or disclosed to a third party without the express permission of Honeywell International Sàrl. While this information is presented in good faith and believed to be accurate, Honeywell disclaims the implied warranties of merchantability and fitness for a purpose and makes no express warranties except as may be stated in its written agreement with and for its customer. In no event is Honeywell liable to anyone for any direct, special, or consequential damages. The information and specifications in this document are subject to change without notice. Copyright 2021 - Honeywell International Sàrl CS-HFCSE613en-2101A 2 Notices Trademarks Experion®, PlantScape®, SafeBrowse®, TotalPlant®, and TDC 3000® are registered trademarks of Honeywell International, Inc. ControlEdge™ is a trademark of Honeywell International, Inc. OneWireless™ is a trademark of Honeywell International, Inc. Other trademarks Trademarks that appear in this document are used only to the benefit of the trademark owner, with no intention of trademark infringement. Third-party licenses This product may contain or be derived from materials, including software, of third parties. The third party materials may be subject to licenses, notices, restrictions and obligations imposed by the licensor. The licenses, notices, restrictions and obligations, if any, may be found in the materials accompanying the product, in the documents or files accompanying such third party materials, or in a file named third_party_ licenses on the media containing the product. Documentation feedback You can find the most up-to-date documents on the Honeywell Process Solutions support website at: http://www.honeywellprocess.com/support If you have comments about Honeywell Process Solutions documentation, send your feedback to: [email protected] Use this email address to provide feedback, or to report errors and omissions in the documentation. For immediate help with a technical problem, contact your local Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical Assistance Center (TAC). CS-HFCSE613en-2101A 3 How to report a security vulnerability For the purpose of submission, a security vulnerability is defined as a software defect or weakness that can be exploited to reduce the operational or security capabilities of the software. Honeywell investigates all reports of security vulnerabilities affecting Honeywell products and services. To report a potential security vulnerability against any Honeywell product, please follow the instructions at: https://honeywell.com/pages/vulnerabilityreporting.aspx Submit the requested information to Honeywell using one of the following methods: Send an email to [email protected]. or Contact your local Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical Assistance Center (TAC) listed in the “Support” section of this document. Support For support, contact your local Honeywell Process Solutions Customer Contact Center (CCC). To find your local CCC visit the website, https://www.honeywellprocess.com/en-US/contact-us/customer- support-contacts/Pages/default.aspx. Training classes Honeywell holds technical training classes that are taught by process control systems experts. For more information about these classes, contact your Honeywell representative, or see http://www.automationcollege.com. CS-HFCSE613en-2101A 4 About this Guide Scope This guide provides step-by-step instructions for collecting data on the VSE and for installing and using the Patch Compliance solution. Intended audience This guide is intended for the following audience types: ● Honeywell Support personnel, who install and deploy the Patch Compliance Engine Software ● Honeywell or customer Support personnel who collect data in the VSE ● System administrators who use the Patch Compliance Engine Software Prerequisite skills For the installation and deployment of the Patch Compliance Engine Software, the guide assumes knowledge of Honeywell Windows Supplemental Product Line. Related documents The following list identifies publications that may contain information relevant to the information in this document. Document Name Document Number Cybersecurity Suite 2003 (March 2020) - VSE CS-HFCS-601en-2003A User Guide CS-HFCSE613en-2101A 5 Revision history Revision Supported Date Description Release B 2101 January 2021 This software is an upgrade- only release from release 2003 A 2009 October 2020 First release CS-HFCSE613en-2101A 6 Contents 1 Security Considerations 10 1.1 Physical security 10 1.2 Secured zone 10 1.3 Limiting access 11 1.3.1 At the VSE level 11 1.3.2 At the directory or file level 11 1.4 Authorization measures 11 2 Terms and Definitions 13 3 Patch Compliance Engine Overview 15 3.1 Patch Compliance Engine architecture 15 3.1.1 Scheduling reports 17 3.1.2 Generating on-demand (instant) reports 18 3.2 Microsoft products supported for Patch Compliance calculation 18 3.3 Entities supported for Patch Compliance calculation 19 4 Requirements 21 4.1 Requirements for data collection 21 4.2 Requirements for the Patch Compliance Engine 21 5 Collecting the Qualification Data at the VSE 22 5.1 Collecting configuration matrix information on Windows machines 23 6 Installing the Patch Compliance solution 24 7 Importing the Qualification Matrix 26 CS-HFCSE613en-2101A 7 7.1 Statuses of patches 29 Appendices 31 Appendix A: Device Categories for Compliance Calculation 32 CS-HFCSE613en-2101A 8 List of Figures Figure 3-1: Patch Compliance Engine architecture 15 Figure 3-2: Scheduled Reports tab 17 Figure 3-3: Generating instant reports 18 Figure 6-1: Pre-Installation Summary page 25 Figure 6-2: Install Complete page 25 Figure 7-1: Qualification matrix Excel file - Summary tab 27 Figure 7-2: Qualification file's Matrix tab 27 Figure 7-3: Uploading the qualification matrix file 28 CS-HFCSE613en-2101A 9 1 Security Considerations 1 Security Considerations This chapter outlines the security measures for the . 1.1 Physical security Caution: HFCS-Patch Compliance Engine is a mission-critical component. Take all necessary physical security measures to prevent attacks or disasters. Ensure that the server where the product is installed is located in an approved physically secure location that is accessible only to authorized personnel. 1.2 Secured zone Patch Compliance Engine contains sensitive information, the loss of which could have severe consequences. Therefore, there is a need to protect the sensitive information and prevent attacks against the product. To do that, the Patch Compliance Engine software, as well as its related extensions, must be installed in an internally secured zone with strict access control lists and appropriate firewall/routing rules. Ensure that Patch Compliance Engine is installed in a directory that is only accessible to authorized personnel responsible for the product. In addition, you must take the following precautions: ● Use a NextGeneration firewall to limit access to the Communication Server to only specific IP addresses (such as the IP address of each VSE), and only through port 443. ● Enable Intrusion/Threat Prevention on this firewall and update the threat signatures at least once a month. ● Ensure that all access to the Communication Server, as well as all other Security Center Components, is protected by this or another, similar firewall. CS-HFCSE613en-2101A 10 1 Security Considerations ● Ensure that the Security Center network is only accessible by trusted, authorized personnel and devices. Caution: If Patch Compliance Engine is installed on one or more servers that are exposed to untrusted networks such as the Internet, protection against denial-of-service (DoS) attacks must be implemented. 1.3 Limiting access It is highly recommended to follow regulatory, industry, and enterprise standards for limiting access to sensitive information as specified below. 1.3.1 At the VSE level The user management at the host running the VSE must follow the principles of need to know and least privilege: Only users who absolutely must have access to the computer are granted access, and these users are assigned the minimal set of permissions allowing them to perform their job. 1.3.2 At the directory or file level Access to directories and files should also be granted in accordance with the principles of need to know and least privilege: Only users who absolutely must have access to the requested directory and file are granted access, and these users are assigned the minimal set of permissions allowing them to perform their jobs. Use the built-in file access audit logging on the OS to monitor unauthorized changes to sensitive files. 1.4 Authorization measures You are strongly advised to implement the following security measures: CS-HFCSE613en-2101A 11 1 Security Considerations ● Change the default administrative password and delete/disable the default service accounts as soon as new administrative accounts are created. ● Disable any default Administrator/Root user on the computer. ● Disable any default Guest user on the computer. ● Disable any unauthenticated access to the computer via shared directories etc. ● Ensure that the OS is up to date with the latest security patches provided by the OS vendor.
Load more

Recommended publications
  • Through the Looking Glass: Webcam Interception and Protection in Kernel
    VIRUS BULLETIN www.virusbulletin.com Covering the global threat landscape THROUGH THE LOOKING GLASS: and WIA (Windows Image Acquisition), which provides a WEBCAM INTERCEPTION AND still image acquisition API. PROTECTION IN KERNEL MODE ATTACK VECTORS Ronen Slavin & Michael Maltsev Reason Software, USA Let’s pretend for a moment that we’re the bad guys. We have gained control of a victim’s computer and we can run any code on it. We would like to use his camera to get a photo or a video to use for our nefarious purposes. What are our INTRODUCTION options? When we talk about digital privacy, the computer’s webcam The simplest option is just to use one of the user-mode APIs is one of the most relevant components. We all have a tiny mentioned previously. By default, Windows allows every fear that someone might be looking through our computer’s app to access the computer’s camera, with the exception of camera, spying on us and watching our every move [1]. And Store apps on Windows 10. The downside for the attackers is while some of us think this scenario is restricted to the realm that camera access will turn on the indicator LED, giving the of movies, the reality is that malware authors and threat victim an indication that somebody is watching him. actors don’t shy away from incorporating such capabilities A sneakier method is to spy on the victim when he turns on into their malware arsenals [2]. the camera himself. Patrick Wardle described a technique Camera manufacturers protect their customers by incorporating like this for Mac [8], but there’s no reason the principle into their devices an indicator LED that illuminates when can’t be applied to Windows, albeit with a slightly different the camera is in use.
    [Show full text]
  • Latest Features Available from the Windows 10 Updates That Could Be Beneficial for Students & Businesses Based Within the Milwaukee Area
    Latest features available from the windows 10 updates that could be beneficial for students & businesses based within the Milwaukee area By: Jeremy Konetz | November 20, 2018 | Informative Article What are some of the benefits that the latest windows 10 updates provide to students and Milwaukee area-based businesses? Note the last three updates made available through windows 10 updates are windows 10 version 1709 (Released: January 23, 2018), windows 10 version 1803 (Released: July 6, 2018), and windows 10 version 1809 (Released: October 1, 2018). What are some of the beneficial updates provided in the Windows 10 update version 1709 released on January 23, 2018, one of the first updates Windows 10 released this year. What are the areas that this update has improved on? 1) Deployment a. Launching the autopilot application. i. Accomplished through a zero-touch experience. Example shown in figure 1. Figure 1 Resource link: https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10- version-1709 ii. Client or organization profile configuration can be accomplished at the vendor with the devices sent directly to them upon completion. Example shown in figure 2. Figure 2 1 Resource link: https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10- version-1709 b. Activation on subscription to windows 10. i. Feature allows for Windows 10 enterprise to be deployed within an organizational networks structure without applying any keys or rebooting of devices or components within an organizations operational system. See figure 3. Figure 3 1 Resource link: https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10- version-1709 ii.
    [Show full text]
  • MAXPRO Microsoft Windows Patches.Book
    MAXPRO® VMS and NVR Approved Microsoft® Windows Patches Technical Notes MICROSOFT® WINDOWS PATCHES TESTED WITH MAXPRO®NVR AND MAXPRO®VMS Overview The purpose of this document is to identify the patches that have been delivered by Microsoft® Windows and which have been tested against the current shipping ver- sions of MAXPRO®NVR and MAXPRO®VMS with no adverse effects being observed. If you have questions concerning the information in this document, please contact Honeywell Technical Support. See the back cover for contact information. Windows Patches Tested with MAXPRO®NVR till the Month of: June, 2020 Windows Patches Tested with MAXPRO®VMS till the Month of: June, 2020 This document contains: Section See... • June - 2020- Microsoft® Windows Patches Tested with MAXPRO®NVR on page 5 Windows 10 (Enterprise) • June - 2020- Microsoft® Windows Patches Tested with MAXPRO®VMS Server/ Client on Windows 2016 Standard and Windows 10 (Enterprise) page 5 • May - 2020- Microsoft® Windows Patches Tested with MAXPRO®NVR on page 5 Windows 10 (Enterprise) • May - 2020- Microsoft® Windows Patches Tested with MAXPRO®VMS Server/ Client on Windows 2016 Standard and Windows 10 (Enterprise) page 5 • April - 2020- Microsoft® Windows Patches Tested with MAXPRO®VMS Server/ page 7 Client on Windows 2016 Standard and Windows 10 (Enterprise) • April - 2020- Microsoft® Windows Patches Tested with MAXPRO®NVR on Windows 10 (Enterprise) page 7 • March - 2020- Microsoft® Windows Patches Tested with MAXPRO®VMS Server/ page 8 Client on Windows 2016 Standard and Windows 10 (Enterprise) • March - 2020- Microsoft® Windows Patches Tested with MAXPRO®NVR on Windows 10 (Enterprise) page 8 • February - 2020- Microsoft® Windows Patches Tested with MAXPRO®VMS Server/ page 8 Client on Windows 2016 Standard and Windows 10 (Enterprise) • February - 2020- Microsoft® Windows Patches Tested with MAXPRO®NVR on Windows 10 (Enterprise) page 8 800-19154V9-K_Microsoft Windows Patches 1 Section See..
    [Show full text]
  • Drivelock Release Notes 2020.2
    DriveLock Release Notes 2021.1 HF1 DriveLock SE 2021 Table of Contents 1 RELEASE NOTES 2021.1 HF1 4 1.1 Document Conventions 4 1.2 Available DriveLock Documentation 4 2 UPDATING DRIVELOCK 7 2.1 Migrating the databases 7 2.1.1 Requirements for successful migration 8 2.1.2 How to migrate 8 2.2 Updating the DriveLock Agent 10 2.3 Updating the DriveLock Enterprise Service (DES) 11 2.4 General information on updating to the current version 11 2.5 Manual Updates 12 3 SYSTEM REQUIREMENTS 13 3.1 DriveLock Agent 13 3.2 DriveLock Management Console and Control Center 18 3.3 DriveLock Enterprise Service 19 3.4 DriveLock Operations Center (DOC) 21 3.5 DriveLock in workgroup environments (without AD) 21 4 VERSION HISTORY 23 4.1 Version 2021.1 23 4.1.1 Bug fixes 2021.1 HF1 23 4.1.2 Bug fixes 2021.1 24 4.2 Version 2020.2 29 4.2.1 Bug fixes 2020.2 29 4.3 Version 2020.1 37 4.3.1 Bug fixes 2020.1 37 4.3.2 Bug fixes 2020.1 HF1 44 2 4.3.3 Bug fixes 2020.1 HF2 47 4.3.4 Bug fixes 2020.1 HF3 48 4.4 Version 2019.2 52 4.4.1 Bug fixes 2019.2 52 4.4.2 Bug fixes 2019.2 HF1 58 4.4.3 Bug fixes 2019.2 SP1 60 4.4.4 Bug fixes 2019.2 HF3 64 5 KNOWN ISSUES 66 5.1 DriveLock Management Console 66 5.2 Known limitations on the agent 66 5.3 DriveLock Enterprise Service (DES) 66 5.4 Installing Management Components with Group Policies 66 5.5 Self Service Unlock 66 5.6 DriveLock, iOS and iTunes 66 5.7 DriveLock Device Control 67 5.8 DriveLock Disk Protection 68 5.9 DriveLock File Protection 71 5.10 DriveLock Pre-Boot Authentication 72 5.11 Encryption 72 5.12 DriveLock Mobile Encryption 72 5.13 BitLocker Management 72 5.14 DriveLock Operations Center (DOC) 74 5.15 DriveLock Security Awareness 74 5.16 DriveLock and Thin Clients 75 6 END OF LIFE ANNOUNCEMENT 76 7 DRIVELOCK TEST INSTALLATION 77 COPYRIGHT 78 3 1 Release Notes 2021.1 HF1 1 Release Notes 2021.1 HF1 The release notes contain important information about new features and bug fixes in the latest version of DriveLock.
    [Show full text]
  • Should Download Windows 10, Version 1709 Or
    should download windows 10, version 1709 or not Microsoft .NET Framework 4.8 on Windows 10 version 1709, Windows 10 version 1803, Windows 10 version 1809 and Windows Server 2019. This article describes an update for Microsoft .NET Framework 4.8 on Windows 10, version 1709, Windows 10, version 1803, Windows Server, version 1803, Windows 10, version 1809 and Windows Server, version 1809 and Windows Server 2019. Please note: .NET Framework 4.8 has been refreshed with the latest servicing updates as of January 14 th , 2020. Apart from the servicing fixes, there is no change in the .NET Framework 4.8 product from the August 13 th , 2019 Windows update. If you have already downloaded and installed the update from August, you do not need to install this update otherwise please install this update to receive the latest product bits. About Microsoft .NET Framework 4.8. Microsoft .NET Framework 4.8 is a highly compatible and in-place update to .NET Framework 4.7, 4.7.1 and 4.7.2. However, it can run side- by-side with .NET Framework 3.5 Service Pack 1 (SP1) and earlier versions of .NET Framework. When you install this package, it is listed as Update for Microsoft Windows (KB 4486153) under the Installed Updates item in Control Panel. Microsoft .NET Framework 4.8 is available on the Microsoft Update Catalog website for download and for import into Windows Software Update Services (WSUS). Download information. The following files are available for download from the .NET Download Site: For more information about .NET Framework 4.8 offline installer, see .NET Framework 4.8 offline installer for Windows.
    [Show full text]
  • Kofax Transformation Modules 6.3.0 Technical Specifications
    Kofax Transformation Modules Technical Specifications Version: 6.3.0 Date: 2019-04-29 © 2019 Kofax. All rights reserved. Kofax is a trademark of Kofax, Inc., registered in the U.S. and/or other countries. All other trademarks are the property of their respective owners. No part of this publication may be reproduced, stored, or transmitted in any form without the prior written permission of Kofax. Table of Contents Table of Contents ........................................................................................................................................ 3 About Kofax Transformation Modules technical specifications ............................................................ 4 Product requirements ................................................................................................................................. 4 KTM Server ............................................................................................................................................... 4 KTM Thin Client Server ............................................................................................................................. 4 KTM Thin Clients (Browser UI) .................................................................................................................. 5 KTM Thick Clients (interactive modules) ................................................................................................... 5 KTM Project Builder ..................................................................................................................................
    [Show full text]
  • Microsoft Windows FIPS 140 Validation Security Policy Document
    Windows Resume Security Policy Document Microsoft Windows FIPS 140 Validation Microsoft Windows 10 (Creators Update, Fall Creators Update) Non-Proprietary Security Policy Document Document Information Version Number 1.03 Updated On May 24, 2018 © 2018 Microsoft. All Rights Reserved Page 1 of 20 This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision). Windows Resume Security Policy Document The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2018 Microsoft Corporation.
    [Show full text]
  • What's New in Windows 10
    Contents What's new in Windows 10 What's new in Windows 10, version 1903 What's new in Windows 10, version 1809 What's new in Windows 10, version 1803 What's new in Windows 10, version 1709 What's new in Windows 10, version 1703 What's new in Windows 10, version 1607 What's new in Windows 10, versions 1507 and 1511 What's new in Windows 10 5/21/2019 • 2 minutes to read • Edit Online Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more. In this section What's new in Windows 10, version 1903 What's new in Windows 10, version 1809 What's new in Windows 10, version 1803 What's new in Windows 10, version 1709 What's new in Windows 10, version 1703 What's new in Windows 10, version 1607 What's new in Windows 10, versions 1507 and 1511 Learn more Windows 10 release information Windows 10 update history Windows 10 content from Microsoft Ignite Compare Windows 10 Editions See also Windows 10 Enterprise LTSC Edit an existing topic using the Edit link What's new in Windows 10, version 1903 IT Pro content 6/18/2019 • 10 minutes to read • Edit Online Applies to Windows 10, version 1903 This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1903, also known as the Windows 10 May 2019 Update.
    [Show full text]
  • Download the Brochure
    END OF LIFE June 2019 update Windows 10 v.1709, Windows 7, Windows Server 2008 (extended support) & R2, and ISDN shut-off. www.brennanit.com.au INTRODUCTION Welcome to the Jun-19 End of Life update. Included in this report are the details of hardware and software that have or are soon to reach the manufacturers End of Life date. CONTENTS At Brennan IT, we consider a technology’s End of Life to be when the 3 ISDN manufacturer states it to be. As well as presenting a potentially serious security risk, if you choose to continue to run technology beyond it being 4 Windows 10 v.1709 sunsetted it could affect our SLAs and you could incur additional costs related to servicing, supporting and remedying any problem caused by a 5 Windows 7 failure of the technology. We strongly advise any customer (or external organisation) running any of 6 Windows Server 2008 the listed technologies to speak to their account or service manager to discuss their options and plan their migration before the deadlines or to contact us via: DISCLAIMER All dates, clauses and details were correct at time www.brennanit.com.au of creation 01-Jun-19. [email protected] This document does not affect any agreed 1300 500 000 deviation or non-standard contractual clauses. This document is not meant to be an exhaustive list of End of Life hardware/software. ISDN As part of the NBN roll-out, Telstra is decommissioning Australia’s copper network. Accordingly, the carrier has stopped the sale of ISDN2, ISDN2 Enhanced, ISDN10/20/30, DDS Fastway, Megalink and Frame Relay products, and all products reliant on will be switched off completely by 2022.
    [Show full text]
  • Release Notes 7.8.4
    Release Notes 7.8.4 © 2020 DriveLock SE Release Notes Table of Contents Part I Introduction 3 1 Document Conventions 3 2 DriveLock Documentation 3 Part II System Requirements 5 1 DriveLock Agent 5 2 DriveLock Management Console and Control Center 5 3 DriveLock Enterprise Service 5 Part III Supported Platforms 7 Part IV Version History 9 1 DriveLock 7.8.6 9 2 DriveLock 7.8.4 9 3 DriveLock 7.8.2 10 Part V Known Issues 11 1 Installation of Management Components Using Group Policy 12 2 DriveLock Device Scanner 12 3 Manual Updates 12 4 Self Service unlock 12 5 DriveLock iOS and iTunes 12 6 Windows Portable Devices (WPD) 12 7 DriveLock Disk Protection 13 8 DriveLock File Protection and Microsoft OneDrive 14 9 Antivirus 14 Part VI Test Installation and Upgrade 15 1 DriveLock Evaluation 15 2 Updating DriveLock Components 15 General Issues 15 Updating DriveLock Disk Protection 15 Release Notes 7.8.4 2 © 2020 DriveLock SE Introduction 1 Introduction This document contains important information about the new version of DriveLock and changes from previous DriveLock versions. The DriveLock Release Notes also describes changes and additions to DriveLock that were made after the documentation was completed. This and other documentation can be found on our online help page www.drivelock.help. 1.1 Document Conventions Throughout this document the following conventions and symbols are used to emphasize important points that you should read carefully, or menus, items or buttons that you need to click or select. Caution: This format means that you should be careful to avoid unwanted results, such as potential damage to operating system functionality or loss of data Hint: Useful additional information that might help you save time.
    [Show full text]
  • Rules of the Road for Safe Patching
    Rules of the road for safe patching Monthly security patches ship on the second Tuesday of each month (Patch Tuesday). For all versions of Windows, defer them for at least 15 days. That should give Microsoft time to identify and fix any significant oopses. The exception is the rare urgent threat — in which case, we'll tell you to install an update sooner than later. (Check out our AskWoody.com posts on the days following Patch Tuesday.) Another exception: Security patches may also contain nonsecurity fixes. In some cases, you might want to install a security update sooner when it includes a feature fix you really need. Microsoft also sends out preview updates, typically on the third Tuesday of each month. They are completely optional, and we recommend skipping them. We will list them in the next Patch Watch column following their release because Microsoft typically doesn't label them as previews (bad dog!). Updates can be deferred on Window 10 Pro and above. If you're running Win10 Home, we recommend upgrading to Pro. Ensure that Windows 7's patch-update setting are set to download or check for updates, but don't automatically install them. It's your best defense against problematic patches. Other rules Never install hardware drivers -- unless you get them from the computer's manufacturer Never install an update to a newer version of .NET. Let your applications set the .NET versions they need If you are offered .NET 4.8, skip it. For business, I recommend being on 1903 at this time and deferring 1909 Version 2004 Sheet updated: 7/14/2020 >>>> Should be installed as of June 30, 2020 for business patchers Known issues page: https://docs.microsoft.com/en-us/windows/release-information/status-windows- Notes: 1) Test on your network, install as you see fit.
    [Show full text]
  • WINDOWS 10 UPDATES Past, Present & Future
    WINDOWS 10 UPDATES Past, Present & Future � Windows as a Service Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn’t work in today’s rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges. Windows as a service will deliver smaller feature updates two times per year, around March and September, to help address these issues. DEFINITIONS •Feature updates will be released twice per year, around March and September. As the name suggests, these will add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years. •Quality updates are released monthly, delivering both security and non-security fixes. These are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. •Insider Preview builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features as well as compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. Device Compatibility Device compatibility in Windows 10 is also very strong; new hardware is not needed for Windows 10 as any device capable of running Windows 7 or later can run Windows 10. In fact, the minimum hardware requirements to run Windows 10 are the same as those required for Windows 7.
    [Show full text]