In a blog post by Microsoft it was announced that they “paused the roll-out of the Windows 10 October 2018 Update (version 1809) for all users as we investigated isolated reports of users missing files after updating. Given the serious nature of any data loss, we took the added precaution of pulling all 1809 media across all channels, including Windows Server 2019 and IoT equivalents.” This statement came after a number of users (according to Microsoft, one one-hundredth of one percent) reported that they were losing files saved locally to their device, and some were also experiencing a lower battery life.
It appears this mostly affected users that sought out the latest update. The prompt from Microsoft was scheduled to notify users beginning October 9th, and by then they were aware of the issues, and had halted the update. Microsoft believes that it has fixed the issue, but is currently only rolling it out to a volunteer group of software tester’s known as the “Windows Insider Community”.
While this is huge news, and any amount of data-loss is unacceptable, Microsoft has released several updates this year that are beneficial, and support data security and privacy (which we’re all about!).
Windows 10 has created a “Windows as a Service” update model, rolling out major OS updates every six months or so. Many of those changes will allow users to improve their security posture, and offer more security choices. Below are some of the features and security updates that Microsoft has released into Windows 10 recently.
Windows 10 1803: The Privacy Edition
This edition was slated to be released in March 2018. Due to quality and release issues including reported “blue screens of death” in some of the final testing releases, the feature release date was postponed to April 30.
Windows 1803 is deemed to be in a semi-annual targeted release. Enterprises should test and confirm that the update is acceptable to the business. When Microsoft declares the software is “semi-annual channel,” it’s deemed to be ready for businesses to fully deploy, and is available for broader release.
Windows is also aligning its feature release timetable with Office 365 releases. Even though there are only six months between feature releases, Microsoft supports each individual release for a reasonable amount of time. Normally, Microsoft supports a Windows 10 edition with quality (security) updates for 18 months. Due to changes in Office, it added six months of support to 1607, 1703, and 1709 versions. Thus, you can choose to skip one version and jump over to the next in your deployment methodology.
The European Union is putting into place new rules to ensure privacy for EU citizens in the form of General Data Protection Regulations (GDPR). While not a requirement of GDPR, 1803 exposes what Microsoft is collecting from your system regarding telemetry.
Microsoft uses telemetry to track what features you use, the success or failure of updates, and various other settings. Enterprises that operate in sensitive industries can’t have any information shared at any time, for any reason. Before the release of 1803, if you wanted to block all telemetry and still receive Windows updates, you had to upgrade to the Windows Enterprise version.
Now, you can launch and review what is being sent to Microsoft. The data is geared toward developers, so you might find that the details are a bit elusive unless you understand the details of the operating system. However, it’s a sign of good faith that these items are now being exposed and can be examined by third-party reviewers to help us understand what is being tracked and sent to Microsoft.
Of related interest is the online privacy center where you can log in and review what Microsoft is collecting online regarding your browsing history and Cortana use. Review this site to determine what is currently being captured from your systems. Once there you can also remove data that was sent to Microsoft.
Security Baseline Draft Released
Microsoft has released a draft of the recommended Security baseline. The differences between the draft for 1803 and the released baseline for 1709 include:
- Two scripts to apply settings to local policy: one for domain-joined systems, and one that removes the prohibitions on remote access for local accounts.
- Increased alignment with the Advanced Auditing recommendations in the Windows 10 and Windows Server 2016 security auditing and monitoring reference document.
- New Windows Defender Exploit Guard Attack Surface Reduction (ASR) mitigations.
- Removal of numerous settings that no longer provide mitigations against contemporary security threats. The GPO differences are listed in a spreadsheet in the package’s Documentation folder.
Your organization should upgrade to the 1803 release once it has tested and verified compatibility and checked with vendors for compatibility.
Why Should You Care About This?
It’s important to stay informed on updates that affect not only you, but your organization as well. With new security features, and the ability to track exactly what data Microsoft is being sent, you as a consumer can stay more informed and in control of your data, and your environment. As you see from above, some updates better your experience/don’t impact your business at all, while other updates can wipe out your data.
Another reason this is important is because it shows how clearly important (and elusive) privacy and security are in today’s digital age. In a world where updates fail, ransomware is an $8 billion dollar business, Mother Nature is unpredictable (power outages cost more than $150 billion annually to the United States economy), and employee’s make mistakes (humans are not infallible), a disaster could be right around the corner, and your organization needs to be prepared.
To ensure that you remain an informed consumer, reach out to DSM. As Florida’s predictable cloud provider, we ensure that our clients are never in the dark, and that their data remains safe.