Year: 2022

After I wrote about NetApp’s Spot PC last month, I had a surprisingly nice call with Spot PC’s general manager, Jeff Treuhaft. He reminded me that this is still a very young offering and, given that, it makes more sense to focus on the product, not the channel or the brand. So, while Treuhaft didn’t disagree with my thoughts, he suggested NetApp has a plan to deal with issues once the Spot PC has proven itself in a few initial deployments. 

Given that the plan isn’t yet in place and because of confidentiality about the move, Treuhaft couldn’t share more. So, I want to focus on what it could be and how it could transform the PC experience into something less aggravating and closer to what users say they want.

Currently NetApp sells Spot PC through an existing channel of managed service providers (MSPs).

Partnering or merging to create a new class of PC company

The world we live in is very different than it was even a few years ago. Rather than working in the office being the norm — and working from home the exception — we seem to be locking down on either a solid work-from-home model or a hybrid of work from home and office. Some of the reports I’m seeing from companies that demanded employees return to the office indicate that this forced march is resulting in unsustainable levels of resignations and that employees are migrating en masse to competitors who promote aggressive work-from-home policies.   

But work-from-home has significant support problems. You can’t cost effectively send out techs at scale and, given that support is also likely remote, you also can’t always assure that user problems are addressed timely. Thus, the focus must be on reducing the number of problems any user — particularly a remote user —must deal with.

The Cloud PC, which is the latest iteration of the Thin Client, would seem to be an ideal path; it tends to be more flexible (you can specify you just want an instance with more performance), more secure, and potentially less expensive, both initially and over time due to economies of scale.  Particularly for those at home, it’s better, faster, and cheaper than a traditional PC approach.

The issue, as I pointed out last month, is that NetApp isn’t known as a PC vendor. And until that lack of brand identity is corrected, it will massively reduce NetApp’s potential in the market.

But what if NetApp partnered or merged with another company to address these problems? And who would it partner with?

Lenovo and Cisco for the win?

NetApp has two long-term strategic partners who could address the problems associated with brand issues and Spot PC. Both Lenovo and Cisco (disclosure: both are clients) have capabilities that could flesh out Spot PC and make it far more capable than it is. Lenovo has what was the old IBM PC division, and IBM was dominant back in the days of terminals — which Spot PC, to some degree, emulates. Lenovo has a significant set of desktop management tools that could be pooled with this NetApp effort for an end-to-end deployment and support solution from a brand that is well regarded.

Cisco has what is arguably the most robust provisioning program for remote employees. It allows employees to go to a store like Best Buy and get the networking and collaboration tools they need in a complete, approved, and highly reliable package. Those tools could also be remotely configured and combined with Spot PC to create what is basically a plug-and-play Spot PC ecosystem. 

This would also lay a foundation for either an extended deeper partnership between the companies or a merger to create an entity that would rival the old IBM or the current Dell Technologies in size, scope and (given Lenovo’s significantly stronger presence in China) potential reach. 

While Treuhaft could not share a plan that does not yet exist for the next phase of Spot PC, I think a potential path to success would include bringing firms like Lenovo and Cisco on board. That would allow for the creation of an end-to-end Cloud PC solution that can be deployed effectively on-premise — and work particularly well for in-home offices while lowering support costs and increasing security.

If the companies have the will, we could see the emergence of either a new kind of deep partnership or a fascinating merger as the industry moves to reimagine the PC.   

The chair of the US Federal Communications Commission (FCC) wants redefine “broadband” Internet as being capable of at least 100 megabits per second (or Mbps) download and 20Mbps upload speeds.

A change in the current, seven-year-old standard for broadband would almost certainly spur networking companies to upgrade equipment to meet the new benchmark. And it would increase data download and upload capacities across the internet — a key upgrade for remote and hybrid workers, the ranks of which swelled dramatically during the COVID-19 pandemic.

Currently, broadband is defined as networks offering a minimum of 25Mbps download and 3Mbps upload speeds.

FCC Chairwoman Jessica Rosenworcel proposed raising the standard to 100Mbps/20Mbps on Friday, arguing that the old metric is “behind the times.”

“The needs of internet users long ago surpassed the FCC’s 25/3 speed metric, especially during a global health pandemic that moved so much of life online,” Rosenworcel wrote in her notice of the change. “The 25/3 metric isn’t just behind the times, it’s a harmful one because it masks the extent to which low-income neighborhoods and rural communities are being left behind and left offline.”

In the US, the average fixed broadband speed is 134Mbps/75Mbps, according to network research firm Ookla. Rosenworcel’s proposal  included the concept of an even higher “national goal of 1Gbps/500Mbps for the future.”

“The future of business will increasingly be to reach consumers electronically,” said Jack Gold, principal analyst at research firm J. Gold Associates. “Having a uniform minimum speed across the country will be advantageous to businesses that can then reach a wide audience with their services.”

Additionally, as 5G mobile networking rolls out across the world, and gets deployed in more remote locations, the prospect is growing for very high speed connections of 100Mbps and above. “So establishing a minimum might not be as hard to achieve as some expect,” Gold noted.

Ookla

At the end of 2021, Cisco surveyed 60,000 workers across 30 countries. The responses indicated that remote and hybrid work efforts were being undermined by poor broadband connectivity.

The survey results, published in February as part of Cisco’s Broadband Index, showed that 75% of respondents believe the success of hybrid work hinges on the quality and availability of the internet.

Almost eight in of 10 workers (78%) said the reliability and quality of broadband connections is important. Dependence on high-performance internet access was also underlined by the fact that 84% of respondents actively use their broadband at home for four hours or more each day.

Nearly six in 10 respondents (58%) indicated they were unable to access critical services such as online medical appointments, online education, social care and utility services during lockdown, due to an unreliable broadband connection.

“Many teleworkers need more than a basic level of connectivity to support their livelihoods,” Cisco said in a statement. “To address the demands on their broadband connection, almost half of those surveyed (43%) are planning to upgrade their internet service in the next 12 months.”

Jason Blackwell, research director for Consumer Multiplay and SMB Services at IDC, said the latest call to boost broadband’s minimum requirements is aimed at minimizing the digital divide and forcing internet service providers to supply higher performance network to more locations.

“We still have a lot of locations in the US that are served only by a single provider, and often only by DSL, which may barely qualify as broadband even under today’s definition,” Blackwell said. “Bringing more robust broadband to these unserved and underserved areas will help to create connectivity to education and business opportunities, bringing economic gains. This will also enable more people to seek remote work opportunities and open up the employment pool for businesses to access the most qualified people wherever they may be located.”

One issue is that the level of speed is not uniform across the country. In many urban and suburban areas, users can already get at least 100Mbps or even 1Gigabit speeds — if they’re willing to pay for it. But in many more remote or lowe- income areas, less bandwidth is available because of underinvestments in connectivity in general.

“Some people still need to use DSL, as an example, which is pretty slow,” Gold said. “So, anything the government can do to create a minimum requirement that enables the user to be able to take advantage of all the new video and graphics features now common on the internet is about equal access.

“That certainly has an effect on the ability to have remote work enabled from any location and can help remote communities grow their employee base without having people move away, or letting people move to more remote and/or smaller cities/towns if they’d like without missing out on job opportunities,” Gold added.

Telemedicine, which is critical to underserved communities, also needs a reasonable amount of bandwidth to provide services.

To a large extent, the government is already financing some of the broadband infrastructure upgrades through taxes on broadband connections, Gold noted – a practice that’s been ongoing for years.

“The network enhancements are taking place at the internet service providers. Cable operators are upgrading to DOCSIS 3.1 and eventually to DOCSIS 4.0, or they are deploying fiber deeper into the network,” Blackwell said. “Telcos are replacing copper networks for DSL with fiber to drive faster network speeds. The government is supporting many of these projects through a number of different programs like [Rural Digital Opportunity Fund] and the infrastructure bill.”

Apple CEO Tim Cook has given his backing to a major effort to convince state governors, government, and educators to make computer science classes available to every student in every school. But it’s not just philanthropy in play.

We just can’t get the staff

Demand and supply. In theory, when demand increases, supply emerges to meet it. Except it doesn’t always work out that way and as the world gets more digitized, the need for coders is growing faster than the world can keep up.

The demand for coding skills is growing so rapidly that developers continue to explore ways to design configurable solutions that can be built without code (no-code — essentially filling the gap Apple’s Shortcuts are becoming).

They know they must do this because demand for coding talent continues to increase internationally. It’s a need that concerns every market, from the US to Singapore and everywhere between. By 2030, the world is expected to be short of around 82.5 million coders — already, 87% of organizations struggle to find the coding staff they require.

But some industries, particularly those concerning data analytics, manage to be both in great demand and on a rapid growth curve while also being desperate to find enough staff. Given the growing importance of AI, the lack of skills in data analytics is already having consequential effects on many enterprises. The US Bureau of Labor Statistics indicates that by 2026, the shortage of engineers in the US will exceed 1.2 million.

All we are saying, is give code a chance

That’s why more than 500 business, education, and non-profit leaders have signed an appeal for “every student in every school to have the opportunity to learn computer science.” Signatories, including Cook (and numerous Apple allies and competitors) know we must invest in the next generation of coders.

They warn that because computer science education is not universally available, many students never get the chance to learn. That’s why just 5% of US high school students study computer science — and some communities, particularly young women and students of color, left behind.

Employees know this, too, of course. And while not everyone has the talent for it, one side impact of the Great Resignation has been  increasing numbers of workers join coding courses. They almost certainly hope to earn more cash and work more remotely in the future. Workforce tech education platform Pluralsight, notes that the four most popular courses it provides concern coding. Courses on AI and cloud services are also popular. At the same time, the pandemic has driven big investments in digital technologies to support the emerging future of work, further exacerbating the talent shortage.

Coding is one of the most valuable skills a person can learn. It can open new doors, jumpstart careers, and help big dreams seem like achievable goals. Everyone around the world should have an opportunity to learn how to code. https://t.co/yWfNlmQwdz

— Tim Cook (@tim_cook) July 12, 2022

Apple can scale its coding search, but not everyone can

Apple has made no secret that it thinks we need to nurture more coding talent. It has built and continues to build new development hubs around the world so it can source talent unavailable in the US.

It runs coding workshops in retail stores and has developed academic courses to nurture future talent. Swift Playgrounds isn’t just intended to be fun to use; it’s also designed to teach the essentials of coding to young people as the company works to foster future talents.

But Apple’s opportunity to engage in such schemes is something only the largest firms can really access — and the coder Cupertino creates today isn’t necessarily going to be coding for iPhones tomorrow, particularly when their skills are in such high demand. It’s also true that the need, combined with shortage, means more than 50% of companies are hiring tech workers who don’t have all the skills the job needs.

Challenging the economy

All the same, the size of the issue represents a big challenge to economic growth and productivity, generating a transnational scramble to secure talent.

In the US, almost two-thirds of high-skilled immigration is for computer scientists. The US alone has more than 700,000 open computing jobs, but trains only 80,000 computer science graduates each year – and demand for those skills will increase as digitalization continues to grow. The demand is also putting existing hires under a great deal of pressure. That extra work means some claim around 70% plan to change jobs over the next year. This is in itself a problem for employers — it costs up to $35,685 to identify and recruit a full-time developer, according to CodeSubmit data.

Any churn in staffing represents added costs, as well as increased the pressure on existing workers and additional damage to project planning and overall productivity.

With all of this in mind, it’s of little surprise that Cook and what looks like a roll call of all the biggest businesses in the US are making this urgent call to code. Their eye-watering bonuses probably depend on it.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Though we get a reprieve from Exchange updates in this month’s Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft’s new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)

Though the numbers are still quite high (with 86+ reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.

You can find more information on the risk of deploying these Patch Tuesday updates in our helpful infographic .

Key Testing Scenarios

Given the large number of changes in this July patch cycle, I have broken down the testing scenarios into high-risk and standard-risk groups:

High Risk: These changes are likely to include functionality changes, may deprecate existing functionality, and will likely require creating new testing plans.

Core printing functionality has been updated:

• Install and test any new V4 print drivers on a local machine and print.
• Test new V4 printer connections using client and server and print.
• Test existing v4 printer connections
• Ensure GDI rendering and printer drivers generate the expected output

The core changes relate to how Microsoft supports timestamp checking for kernel drivers, so testing applications that require digitally signed binaries is key for this cycle. The big change here is that unsigned drivers should not load. This may cause some application issues or compatibility problems. We recommend a scan of the application portfolio, identifying all applications that depend upon drivers (both signed and unsigned), and generating a test plan that includes installation, application exercising, and uninstall. Having a comparison between pre- and post- patched machines would be helpful, too.

The following changes are not documented as including functional changes, but will still require at least “smoke testing” before general deployment:

• Test scenarios that utilize Windows DevicePicker. Almost impossible to test — as most applications use this common class. If your internally-developed applications pass their basic smoke test, you’re fine.
• Test your line of business applications that reference the Microsoft mobile CDP APIs. If you have internally developed desktop applications that communicate with mobile devices, a communications check may be required.
• Test connections to the rasl2tp server. This means finding and testing applications that have a dependency on the RAS miniport driver over remote or VPN connections

And Curl. Specifically, CURL.EXE: — a command line tool for sending files via HTTP protocols (hence “client URL”) — has been updated this month. Curl for Windows (the one that is being updated this month) is different from the Open Source project curl. If you are confused why the Curl project team offers this, here’s the answer:

“The curl tool shipped with Windows is built by and handled by Microsoft. It is a separate build that will have different features and capabilities enabled and disabled compared to the Windows builds offered by the curl project. They do however build curl from the same source code. If you have problems with their curl version, report that to them. You can probably assume that the curl packages from Microsoft will always lag behind the versions provided by the curl project itself.”

With that said, we recommend teams that use the curl command (sourced from the Windows supported branch) give their scripts a quick test run. Microsoft has published a testing scenario matrix that this month includes:

• Use physical machines and virtual machines.
• Use BIOS-based machines and UEFI-enabled machines.
• Use x86, ARM, ARM64, and AMD64 machines.

Note: for each of these testing scenarios, a manual shut-down, reboot and restart is suggested.

Known Issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in this update cycle. For July, there are some complex changes to consider:

• Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.
• After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, “PSFX_E_MATCHING_BINARY_MISSING.” For more information and a workaround, see KB5005322.
• After installing this update, IE mode tabs in Microsoft Edge might stop responding when a site displays a modal dialog box. This issue is resolved using Known Issue Rollback (KIR) with the following group policy downloads: Download for Windows 10, version 20H2 and Windows 10, version 21H1 .
• After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

Major Revisions

This month, Microsoft has not formally published any major revisions or updates to previous patches. There was a kind of “sneaky” update from the .NET group that really should have been included in the formal Microsoft documentation update process. However, that update was merely documented support for later versions of Visual Studio.

Mitigations and Workarounds

Microsoft published one key mitigation for a Windows network vulnerability:

• CVE-2022-22029: Windows Network File System Remote Code Execution Vulnerability. Noting that there are no publicly reported exploits for this network vulnerability, Microsoft still recognizes that some administrators may choose to disable NFSV3 before their server systems are fully patched. To disable this network feature, use the PowerShell command. ” Set-NfsServerConfiguration -EnableNFSV3 $false.” There is no need to disable V4 (as opposed to V3) as the later versions of this protocol are not affected by this security vulnerability.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:

• Browsers (Microsoft IE and Edge);
• Microsoft Windows (both desktop and server);
• Microsoft Office;
• Microsoft Exchange;
• Microsoft Development platforms ( ASP.NET Core, .NET Core and Chakra Core);
• Adobe (retired???, maybe next year).

Browsers

It just keeps getting better. The downward trend for Microsoft’s browser reported vulnerability continues to track ever lower with just two (CVE-2022-2294 and CVE-2022-2295) Chromium updates for this July. Both updates only affect Edge (Chromium) and were released last week. Chrome should automatically update, with our initial analysis showing that both updates will have marginal impact on browser compatibility. You can read about this update on the Google Blog, with the technical details found on Git. Add these low-profile, low-risk updates to your standard browser release schedule.

Windows

With just four critical updates and 16 rated important this month, Microsoft is really giving IT admins a bit of a break. The four critical Windows update for this release cycle include:

• CVE-2022-30221: This Windows vulnerability in the core graphics sub-system (GDI) could lead to a remote code execution (RCE) scenario.
• CVE-2022-22029 and CVE-2022-22039: These Windows Network file system issues could result in RCE scenarios on the compromised system.
• CVE-2022-22038: This low-level (Win32) RPC component, reported as difficult to exploit, could lead to very difficult troubleshooting scenarios.

All of these critical updates have been officially confirmed as fixed, with no reports of public exploits on Windows desktop systems. The remaining 14 updates are rated important by Microsoft and affect the following Windows systems and components:

Unfortunately, Windows Server 2012 did not fare so well, with reports of CVE-2022-22047 exploited in the wild. This Windows server vulnerability affects the Client Server Run-Time subsystem (CRSS) which is where all the badly behaving user mode drivers hang out. If you have any Windows Server 2012 under your care, this is a “Patch Now” update. Otherwise, add this very low-profile Windows update to your standard release schedule. And don’t forget, Microsoft has delivered another Windows 11 update video; it’s found here .

Microsoft Office

Microsoft released only two (CVE-2022-33632 and CVE-2022-33633) updates to Microsoft Office this month. Both updates are rated important by Microsoft, and both require local, authenticated privileges to the target system. Add these updates to your standard Office update schedule.

Microsoft Exchange Server

It’s good that we get a break from Microsoft Exchange Server updates. Rather than simply resting, it may be worth investing in your Exchange security infrastructure. Microsoft has provided some major improvements on Exchange during the past year; here are a few ideas on securing your Exchange Server:

• Microsoft Safety Scanner: This command line tool is downloaded from Microsoft (must be refreshed every 10 days) and removes malware from your target system. It’s not a replacement for third-party tools, but if there is a concern about a machine, this is a good first step.
• Exchange On-premises Mitigation Tool (EOMT): If you are unable to quickly patch specific Exchange Servers, Microsoft offers a command line to mitigate against known attacks. This PowerShell script will both attempt to remediate as well as mitigate your servers against further attacks — noting that once done, applying patches is the top priority.
• Exchange Emergency Mitigation Service (EM): The Exchange Emergency Mitigation service (EM service) keeps your Exchange Servers secure by applying mitigations/updates/fixes to address any potential threats against your servers. It uses the cloud-based Office Config Service (OCS) to check for and download available mitigations and will send diagnostic data back to Microsoft.

All of these features and offerings are predicated on using at least Office 2019 — another reason Microsoft has strongly recommended everyone move to Exchange Server 2019 at least. The EM Service was last used in March 2021 to deal with several Microsoft Exchange vulnerabilities (CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858). These were specific attacks on on-premise servers. It’s helpful to know this service is there, but I’m glad it has not been required recently.

Microsoft Development Platforms

As with Microsoft Exchange, Microsoft has not published any “new” security updates to the Microsoft .NET platform or tools this month. However, there was a problem with June’s .NET update, which was addressed this month. This month’s .NET release resolves the issue that some versions of .NET were not addressed by the previous patch — this is just an informational update. If you are using Microsoft Windows update infrastructure, no further action is required.

Adobe (really just Reader)

This is a big update from Adobe, with 15 updates rated as critical and seven rated important, all just for Adobe Reader. The critical updates mainly relate to memory issues and could lead to the exercise of arbitrary code on the unpatched system. You can read more about the Adobe bulletin (APSB22-32) and Adobe security bulletins here. Add this application specific update to your “Patch Now” release.

The launch of a major Windows 10 update isn’t the end of a process — it’s really just the beginning. As soon as one of Microsoft’s feature updates (such as Windows 10 version 21H2) is released, the company quickly gets to work on improving it by fixing bugs, releasing security patches, and occasionally adding new features.

In this story we summarize what you need to know about each update released to the public for the most recent versions of Windows 10 — versions 21H2, 21H1, 20H2, and 2004. (Microsoft releases updates for those four versions together.) For each build, we’ve included the date of its initial release and a link to Microsoft’s announcement about it. The most recent updates appear first.

If you’re still using an earlier version of Windows 10 or of Windows, see the Microsoft support site for info about updates to Windows 10 1909, 1903, 1809, 1803, 1709, 1703, 1607, 1511, the initial version of Windows 10 released in July 2015, Windows 8.1, and Windows 7.

And if you’re looking for information about Insider Program previews for upcoming feature releases of Windows 10, see “Windows 10 Insider Previews: A guide to the builds.”

Updates to Windows 10 versions 20H2, 21H1, and 21H2

KB5015807 (OS Builds 19042.1826, 19043.1826, and 19044.1826)

Date: July 12, 2022

This build addresses an issue that redirects the PowerShell command output so that transcript logs do not contain any output of the command. That means the decrypted password is lost. The build also includes improvements made in the KB5014666 update.

This build has three known issues, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5015807.)

KB5014666 (OS Builds 19042.1806, 19043.1806, and 19044.1806) Preview

Release Date: June 28, 2022

This build adds IP address auditing for incoming Windows Remote Management (WinRM) connections in security event 4262 and WinRM event 91. This addresses an issue that fails to log the source IP address and machine name for a remote PowerShell connection. The build also includes several new Print and Scan features.

The build also fixes a number of bugs, including one that prevented the Snip & Sketch app from capturing a screenshot or from opening using the keyboard shortcut (Windows logo key + Shift + S).

This build has three known issues, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5014666 Preview.)

KB5016139 (OS Builds 19042.1767, 19043.1767, and 19044.1767)

Release date: June 20, 2022

This out-of-band build, which is only available for Windows devices that use Arm processors, fixes a bug that prevented Windows Arm-based devices from signing in using Azure Active Directory (AAD). Apps and services that use AAD to sign in, such as VPN connections, Microsoft Teams, and Microsoft Outlook, might also be affected.

This build has four known issues, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. In another, Windows devices might be unable use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.

(Get more info about KB5016139.)

KB5014699 (OS Builds 19042.1766, 19043.1766, and 19044.1766)

Release date: June 14, 2022

This build includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5014699.)

KB5014023 (OS Builds 19042.1741, 19043.1741, and 19044.1741) Preview

Release date: June 2, 2022

This build fixes several bugs, including one that prevented Excel or Outlook from opening, one that slowed down file copying, and one that prevented internet shortcuts from updating.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or a custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info KB5014023 Preview.)

KB5015020 (OS Build 19042.1708)

Release date: May 19, 2022

This out-of-band build fixes two bugs: one that could cause authentication failures for some services on a server or client after you install the May 10, 2022 update on domain controllers, and another that could prevent the installation of Microsoft Store apps when you enable Control-flow Enforcement.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5015020.)

KB5013942 (OS Builds 19042.1706, 19043.1706, and 19044.1706)

Release date: May 10, 2022

This build includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the May 2022 Security Updates notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5013942).

KB5011831 (OS Builds 19042.1682, 19043.1682, and 19044.1682) Preview

Release date: April 25, 2022

This build fixes a wide variety of bugs, including one that caused a remote desktop session to close or a reconnection to stop responding while waiting on the accessibility shortcut handler (sethc.exe), another that that displayed a black screen for some users when they sign in or sign out, and another that prevented you from changing a password that has expired when you sign in to a Windows device.

(Get more info about KB5011831 Preview.)

KB5012599 (OS Builds 19042.1645, 19043.1645, and 19044.1645)

Release date: April 12, 2022

This build includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the April 2022 Security Updates notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5012599.)

KB5011543 (OS Builds 19042.1620, 19043.1620, and 19044.1620) Preview

Release date: March 22, 2022

This build introduces Search highlights, which display notable moments about each day, including holidays, anniversaries, and other events globally and in your region. To see more details at a glance, hover or click on the illustration in the search box.

There are also a variety of small new features, including a new policy that expands an app’s top three notifications by default in the Action Center for apps that send Windows notifications. It displays multiple notifications that you can interact with simultaneously.

In addition, there are a wide variety of bug fixes, including for a bug that stopped Microsoft Outlook’s offline search from returning recent emails, and another that prevented the User Account Control (UAC) dialog from correctly showing the application that is requesting elevated privileges.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5011543 Preview.)

KB5011487 (OS Builds 19042.1586, 19043.1586, and 19044.1586)

Release date: March 8, 2022

This build fixes a bug that occurs when you attempt to reset a Windows device and its apps have folders that contain reparse data, such as Microsoft OneDrive or OneDrive for Business. When you select Remove everything, files that have been downloaded or synced locally from Microsoft OneDrive might not be deleted.

It also includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the March 2022 Security Updates notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5011487.)

KB5010415 (OS Builds 19042.1566, 19043.1566, and 19044.1566) Preview

Release date: February 15, 2022

The build lets you share cookies between Microsoft Edge Internet Explorer mode and Microsoft Edge, and adds support for hot adding and the removal of non-volatile memory (NVMe) namespaces.

It also fixes a wide variety of bugs, including one that affected the Windows search service and occurred when you queried using the proximity operator, and one that caused the Remote Desktop Service (RDS) server to become unstable when the number of signed in users exceeds 100. This prevented you from accessing published applications using RDS on Windows Server 2019.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5010415 Preview.)

KB5010342 (OS Builds 19042.1526, 19043.1526, and 19044.1526)

Release date: February 8, 2022

The build fixes a bug that causes a Lightweight Directory Access Protocol (LDAP) modify operation to fail if the operation contains the SamAccountName and UserAccountControl attribute. It also includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the February 2022 Security Updates notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5010342.)

KB5009596 (OS Builds 19042.1503, 19043.1503, and 19044.1503) Preview

Release date: January 25, 2022

The build fixes a variety of bugs, including one that stops printing or prints the wrong output when you print using USB on Windows 10 version 2004 or later, and another that causes functioning Bluetooth devices to stop working when you attempt to connect to a non-functioning Bluetooth device. It also adds a reminder to Internet Explorer 11 that notifies you about its upcoming retirement.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5009596.)

KB5010793 (OS Builds 19042.1469, 19043.1469, and 19044.1469)

Release date: January 17, 2022

This out-of-band build fixes several bugs, including one that caused IP Security (IPSEC) connections that contain a Vendor ID to fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) could have also been affected. It also fixed a bug that could cause Windows Servers to restart unexpectedly after installing the January 11, 2022 update on domain controllers (DCs).

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5010793.)

KB5009543 (OS Builds 19042.1466, 19043.1466, and 19044.1466)

Release date: January 11, 2022

The build fixes a bug in the Japanese Input Method Editors (IME) and includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the January 2022 Security Update notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5009543.)

Updates to Windows 10 versions 2004, 20H2, 21H1, and 21H2

KB5008212 (OS Builds 19041.1415, 19042.1415, 19043.1415, and 19044.1415)

Release date: December 14, 2021

The build includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the December 2021 Security Update notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or a custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5008212.)

KB5007253 (OS Builds 19041.1387, 19042.1387, 19043.1387, and 19044.1387) Preview

Release date: November 22, 2021

This optional update can be downloaded from the Microsoft Update Catalog or by going to Settings > Update & Security > Windows Update > Optional updates available.

The build fixes a variety of bugs, including one that caused the 32-bit version of Microsoft Excel to stop working on certain devices when you exported to PDF, and another that caused the Settings page to unexpectedly close after you uninstalled a font.

There are several known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5007253 Preview.)

Windows 10 November 2021 Update (version 21H2)

Release date: November 16, 2021

Version 21H2, called the Windows 10 November 2021 Update, is the second feature update to Windows 10 released in 2021. Here’s a quick summary of what’s new:

• Wi-Fi security has been enhanced with WPA3 H2E standards support.
• GPU compute support has been added in the Windows Subsystem for Linux (WSL) and Azure IoT Edge for Linux on Windows (EFLOW) deployments for machine learning and other compute-intensive workflows.

There are also a number of features designed for IT and business:

• Windows Hello for Business has a new deployment method called cloud trust that simplifies passwordless deployments.
• For increased security, there have been changes to the Universal Windows Platform (UWP) VPN APIs, which includes the ability to implement common web-based authentication schemes and to reuse existing protocols.
• Apps can now be provisioned from Azure Virtual Desktop. This allows those apps to run just like local apps, including the ability to copy and paste between remote and local apps.
• The release closes the gap between Group Policy and mobile device management (MDM) settings. The device configuration settings catalog has been updated to list more than 1,400 settings previously not available for configuration via MDM. The new MDM policies include administrative template (ADMX) policies, such as App Compat, Event Forwarding, Servicing, and Task Scheduler.
• An upgrade to Windows 10 Enterprise includes Universal Print, which now supports print jobs of up to 1GB or a series of print jobs from an individual user that add up to 1GB within any 15-minute period.
• Universal Print integrates with OneDrive for web and Excel for web. This allows users of any browser or device connected to the internet to print documents hosted in OneDrive for web to a printer in their organization without installing printer drivers on their devices.

Microsoft has also announced that starting with this release, Windows 10 will get feature updates only once a year.

Updates to Windows 10 versions 2004, 20H2, and 21H1

KB5007186 (OS Builds 19041.1348, 19042.1348, and 19043.1348)

Release date: November 9, 2021

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. The build also includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the November 2021 Security Update notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or a custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5007186.)

KB5006738 (OS Builds 19041.1320, 19042.1320, and 19043.1320)

Release date: October 26, 2021

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. It also fixes a wide variety of bugs, including one that prevented subtitles from displaying for some video apps and streaming video sites, and another that sometimes caused lock screen backgrounds to appear black if they were set up to have a slideshow of pictures as the lock screen background.

There are three known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5006738.)

KB5006670 (OS Builds 19041.1288, 19042.1288, and 19043.1288)

Release date: October 12, 2021

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. It also fixes a bug that prevented some applications, such as Microsoft Office and Adobe Reader, from opening or caused them to stop responding.

The build also includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and the October 2021 Security Update notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are two known issues in this update, including one in which devices with Windows installations created from custom offline media or a custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5006670.)

KB5005611 (OS Builds 19041.1266, 19042.1266, and 19043.1266) Preview

Release date: September 30, 2021

This build fixes a small number of bugs, including one in which applications such as Microsoft Outlook suddenly stopped working during normal use, and another that caused blurry News and Interests icons with certain screen resolutions.

(Get more info about KB5005611.)

KB5005565 (OS Builds 19041.1237, 19042.1237, and 19043.1237)

Release date: September 14, 2021

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. It also fixes a bug that caused PowerShell to create an infinite number of child directories. The issue occurred when you used the PowerShell Move-Item command to move a directory to one of its children. As a result, the volume filled up and the system stopped responding.

The build also includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are two known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5005565.)

KB5005101 (OS Builds 19041.1202, 19042.1202, and 19043.1202)

Release date: September 1, 2021

This build fixes a wide variety of bugs, including one that reset syncing for Microsoft OneDrive to “Known folders only” after you installed a Windows update, and another in which flickering and residual line artifacts appeared when resizing images.

The build also includes more than 1,400 new mobile device management (MDM) policies. With them, you can configure policies that Group Policies also support. These new MDM policies include administrative template (ADMX) policies, such as App Compat, Event Forwarding, Servicing, and Task Scheduler. Starting in September 2021, you can use the Microsoft Endpoint Manager (MEM) Settings Catalog to configure these new MDM policies.

There are several known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5005101.)

KB5005033 (OS Builds 19041.1165, 19042.1165, and 19043.1165)

Release date: August 10, 2021

This build changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. See KB5005652, Point and Print Default Behavior Change, and CVE-2021-34481 for more information. The build also makes quality improvements to the servicing stack, which is the component that installs Windows updates.

The build also includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are several known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5005033.)

KB5004296 (OS Builds 19041.1151, 19042.1151, and 19043.1151)

Release date: July 29, 2021

This build fixes a wide variety of bugs, including one that caused the File Explorer window to lose focus when mapping a network drive, another that failed to detect internet connectivity when connected to a VPN, and another that caused System Integrity to leak memory.

There are several known issues in this update, including one in which devices with Windows installations created from custom offline media or a custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5004296.)

KB5004237 (OS Builds 19041.1110, 19042.1110, and 19043.1110)

Release date: July 13, 2021

This build fixes several bugs, including one that made it difficult to print to a variety of printers, primarily USB receipt or label printers. It also removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049.

It also has a variety of security updates for Windows Apps, Windows Management, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, Windows Virtualization, Windows Linux, the Windows Kernel, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Graphics.

For more details, see Microsoft’s Security Update Guide.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are several known issues in this update, including one in which devices with Windows installations created from custom offline media or custom ISO images might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5004237.)

KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083)

Release date: July 6, 2021

This build closes a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare,” as documented in CVE-2021-34527.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

 (Get more info about KB5004945.)

KB5004760 (OS Builds 19041.1082, 19042.1082, and 19043.1082)

Release date: June 29, 2021

This out-of-band build fixes a bug that may prevent you from opening PDFs using Internet Explorer 11 or apps that use the 64-bit version of the WebBrowser control.

Among the build’s known issues are one in which when using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the characters manually.

(Get more info about KB5004760.)

KB5003690 (OS Builds 19041.1081, 19042.1081, and 19043.1081)

Release date: June 21, 2021

This build addresses about three dozen bugs, including one in which signing in using a PIN fails, and another that might cause a VPN to fail after renewing a user auto-enrolled certificate. It also removes Adobe Flash from your PC and makes improvements to the servicing stack, the component that installs Windows updates.

Among the build’s known issues are one in which when using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the characters manually.

(Get more info about KB5003690.)

KB5004476 (OS Builds 19041.1055, 19042.1055, and 19043.1055)

Release date: June 11, 2021

This out-of-band build fixes a bug that might redirect you to the Microsoft Store page for Gaming Services when you try to install or start an Xbox Game Pass game on your Windows 10 device. Additionally, you might receive error 0x80073D26 or 0x8007139F. For more information, see KB5004327.

In addition, the build makes improvements to the servicing stack, the component that installs Windows updates.

(Get more info about KB5004476.)

KB5003637 (OS Builds 19041.1052, 19042.1052, and 19043.1052)

Release date: June 8, 2021

This build includes improvements to the servicing stack, which is the component that installs Windows updates. It also includes changes for verifying user names and passwords and for storing and managing files.

It also has a variety of security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cloud Infrastructure, Windows Authentication, Windows Fundamentals, Windows Virtualization, Windows Kernel, Windows HTML Platform, and Windows Storage and Filesystems.

For more details, see Microsoft’s Security Update Guide.

There are several known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10. Devices using Windows Update for Business or that connect directly to Windows Update are not impacted.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5003637.)

KB5003214 (OS Builds 19041.1023, 19042.1023, and 19043.1023) Preview

Release date: May 25, 2021

This build adds the Open on hover option (which is checked by default) to the News and interests menu. To access it, right-click a blank space on the Windows taskbar and open the News and interests menu.

In addition, it makes quality improvements to the servicing stack, which is the component that installs Windows updates. It also includes a wide variety of small bug fixes, including one that displayed items on the desktop after they have been deleted from the desktop, and another that caused configuration problems with devices that were configured using mobile device management (MDM) RestrictedGroups, LocalUsersAndGroups, or UserRights policies.

(Get more info about KB5003214 Preview.)

Windows 10 May 2021 Update (version 21H1)

Release date: May 18, 2021

Version 21H1, called the Windows 10 May 2021 Update, is the most recent update to Windows 10. This is a relatively minor update, but it does have a few new features.

Here’s a quick summary of what’s new in 21H1:

• Windows Hello multicamera support: If you have an external Windows Hello camera for your PC, you can set the external camera as your default camera. (Windows Hello is used for signing into PCs.) Why should this change matter to you? If you have an external camera, you probably bought it because it’s superior to the built-in, internal one on your computer. So with this change, you’ll be able to use the more accurate camera for logging into your PC.
• Improved Windows Defender Application Guard performance: Windows Defender Application Guard lets administrators configure applications to run in an isolated, virtualized container for improved security. With this change, documents will open more quickly. It can currently take up to a minute to open an Office document in it.
• Better Windows Management Instrumentation (WMI) Group Policy Service support: Microsoft has made it easier for administrators to change settings to support remote work.

Updates to Windows 10 versions 2004 and 20H2 prior to the 21H1 release

KB5003173 (OS Builds 19041.985 and 19042.985)

Release date: May 11, 2021

This build includes a variety of security updates for Windows App Platform and Frameworks, the Windows Kernel, Windows Media, the Microsoft Scripting Engine, and the Windows Silicon Platform. For more details, see Microsoft’s Security Update Guide. It also updates security for Bluetooth drivers and Windows OLE (compound documents).

There are several known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10. Devices using Windows Update for Business or that connect directly to Windows Update are not impacted.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5003173.)

KB5001391 (OS Builds 19041.964 and 19042.964) Preview

Release date: April 28, 2021

This update gives you quick access to an integrated feed of dynamic content, such as news, weather, sports, and more, that updates throughout the day, via the Windows taskbar. You can personalize the feed to match your interests. For more details, see Microsoft’s “Personalized content at a glance: Introducing news and interests on the Windows 10 taskbar.”

There are several known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10. In addition, devices with Windows installations created from custom offline media or custom ISO images might have the legacy version of Microsoft Edge removed by the update, but not automatically replaced by the new Microsoft Edge.

(Get more info about KB5001391 Preview.)

KB5001330 (OS Builds 19041.928 and 19042.928)

Release date: April 13, 2021

This update includes a wide variety of security updates, for Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, and Windows Media. For details, see Microsoft’s Security Update Guide website.

There are several other security issues addressed, including fixing a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication.

In this build, Microsoft also removed the Microsoft Edge legacy browser and replaced it with the new Chromium-based Edge.

There are several known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10. Devices using Windows Update for Business or that connect directly to Windows Update are not impacted.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5001330.)

KB5000842 (OS Builds 19041.906 and 19042.906) Preview

Release date: March 29, 2021

This update fixes a variety of minor bugs, including one that made high dynamic range (HDR) screens appear much darker than expected, and another that caused video playback to be out of sync in duplicate mode with multiple monitors.

There are several known issues in this build, including one in which System and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10. Devices using Windows Update for Business or that connect directly to Windows Update are not impacted.

(Get more info about KB5000842 Preview.)

KB5001649 (OS Builds 19041.870 and 19042.870)

Release date: March 18, 2021

This out-of-band update fixes a single bug in which graphical content could not be printed.

There is one known issue in this update, in which system and user certificates may be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10.

(Get more info about KB5001649.)

KB5001567 (OS Builds 19041.868 and 19042.868)

Date: March 15, 2021

This out-of-band update fixes a single bug, which caused a blue screen when you attempted to print to certain printers using some apps.

There is one known issue in this update, in which system and user certificates may be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10.

(Get more info about KB5001567.)

KB5000802 (OS Builds 19041.867 and 19042.867)

Release date: March 9, 2021

This update includes a wide variety of security updates for the Windows Shell, Windows Fundamentals, Windows Management, Windows Apps, Windows User Account Control (UAC), Windows Virtualization, the Windows Kernel, the Microsoft Graphics Component, Internet Explorer, Microsoft Edge Legacy, and Windows Media. For details, see the Microsoft Security Update Guide.

There are three known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5000802.)

KB4601382 (OS Builds 19041.844 and 19042.844) Preview

Release date: February 24, 2021

This update fixes a variety of minor bugs, including one that caused video playback to flicker when rendering on certain low-latency capable monitors, and another that sometimes prevented the input of strings into the Input Method Editor (IME).

(Get more info about KB4601382.)

KB4601319 (OS Builds 19041.804 and 19042.804)

Release date: February 9, 2021

This update fixes a bug and includes a variety of security updates. The bug fixed could damage the file system of some devices and prevent them from starting up after running chkdsk /f.

Security updates are provided for Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Cloud Infrastructure, Windows Management, Windows Authentication, Windows Fundamentals, Windows Cryptography, Windows Virtualization, Windows Core Networking, and Windows Hybrid Cloud Networking. For details, see the Microsoft Security Update Guide.

There are three known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB4601319.)

KB4598242 (OS Builds 19041.746 and 19042.746)

Release date: January 12, 2021

This build fixes a variety of security vulnerabilities, including one with HTTPS-based intranet servers, and a security bypass vulnerability in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface.

There are also security updates to Windows App Platform and Frameworks, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services. For details see the Microsoft Security Update Guide.

There are two known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10, version 1809.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB4598242.)

KB4592438 (OS Builds 19041.685 and 19042.685)

Release date: December 8, 2020

This update fixes a security vulnerability by preventing applications that run as a SYSTEM account from printing to “FILE:” ports. It also has security updates for the legacy version of Microsoft Edge, the Microsoft Graphics Component, Windows Media, Windows Fundamentals, and Windows Virtualization. For details see the Microsoft Security Update Guide.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB4592438.)

KB4586853 (OS Builds 19041.662 and 19042.662) Preview

Release date: November 30, 2020

This build fixes a wide variety of bugs, including one that caused Narrator to stop responding after you unlock a device if the app was in use before you locked the device, and another that made makes the touch keyboard unstable in the Mail app.

There are two known issues in this update, one in which system and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10, and another in which users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks.

(Get more info about KB4586853.)

KB4594440 (OS Builds 19041.631 and 19042.631)

Release date: November 19, 2020

This minor build fixes issues with Kerberos authentication related to the PerformTicketSignature registry subkey value in CVE-2020-17049, which was a part of the November 10, 2020 Windows update.

There are two known issues in this update, one in which system and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10, and another in which users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks.

(Get more info about KB4594440.)

KB4586781 (OS Builds 19041.630 and 19042.630)

Release date: November 10, 2020

This build updates the 2020 DST start date for the Fiji Islands to December 20, 2020 and includes security updates to the Microsoft Scripting Engine, Windows Input and Composition, Microsoft Graphics Component, the Windows Wallet Service, Windows Fundamentals, and the Windows Kernel. For details see the release notes for November 2020 Security Updates.

There are two known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10, and another in which users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB4586781.)

KB4580364 (OS Builds 19041.610 and 19042.610)

Release date: October 29, 2020

This update makes it easier to connect to others in Skype, using Meet Now from the taskbar. In addition, there are a wide variety of bug fixes, including for one that displayed the incorrect CPU frequency for certain processors, another that displayed nothing on the screen for five minutes or more during a Remote Desktop Protocol (RDP) session, and another that caused the Docker pull operation to fail due to a Code Integrity (CI) Policy that blocks the import of a Windows container image.

There are two known issues in this update, including one in which system and user certificates might be lost when updating a device from Windows 10 version 1809 or later to a later version of Windows 10, and another in which users of the Microsoft Input Method Editor (IME) for Japanese or Chinese languages might experience issues when attempting various tasks.

(Get more info about KB4580364.)

Windows 10 October 2020 Update (version 20H2)

Release date: October 20, 2020

Version 20H2, called the Windows 10 October 2020 Update, is the most recent update to Windows 10. This is a relatively minor update but does have a few new features.

Here’s a quick summary of what’s new in 20H2:

• The new Chromium-based version of the Microsoft Edge browser is now built directly into Windows 10.
• The System page of Control Panel has been removed. Those settings have been moved to the Settings app.
• The Start menu’s tiled background will match your choice of Windows themes. So the tiled background will be light if you’re using the Windows 10 light theme and dark if you’re using the Windows 10 dark theme.
• When you use Alt-Tab, Edge will now display each tab in your browser in a different Alt-Tab window. Previously, when you used Alt-Tab, Edge would get only a single window. You can change this new behavior by going to Settings > System > Multitasking.
• When you pin a site to the taskbar in Edge, you can click or mouse over its icon to see all your browser tabs that are open for that website.
• When you detach a keyboard on a 2-in-1 device, the device will automatically switch to the tablet-based interface. Previously, you were asked whether you wanted to switch. You can change that setting by going to Settings > System > Tablet.
• The Your Phone app gets a variety of new features for some Samsung devices. When using one of the devices, you can interact with the Android apps on your phone from the Your Phone app on Windows 10.

What IT needs to know: Windows 10 version 20H2 also has a variety of small changes of note for sysadmins and those in IT.

• IT professionals who administer multiple mobile devices get a new Modern Device Management (MDM) “Local Users and Groups” settings policy that mirrors options available for devices that are managed through Group Policy.
• Windows Autopilot, used to set up and configure devices in enterprises, has gained a variety of small enhancement, including better deployment of HoloLens devices, the addition of co-management policies, enhancements to Autopilot deployment reporting, and the ability to reuse Configuration Manager task sequences to configure devices.
• Microsoft Defender Application Guard now supports Office. This allows untrusted Office documents from outside an enterprise to launch in an isolated container to stop potentially malicious content from compromising computers or exploiting personal information found on them.
• Latest Cumulative Updates (LCUs) and Servicing Stack Updates (SSUs) have been combined into a single cumulative monthly update, available via Microsoft Catalog or Windows Server Update Services.
• Biometric sign-on has been made more secure. Windows Hello now has support for virtualization-based security for certain fingerprint and face sensors, which protects, isolates, and secures a user’s biometric authentication data.

For more details, see Microsoft’s “What’s new for IT pros in Windows 10, version 20H2.”

Apple device management is the beating heart at the center of the mobile hybrid enterprise, and vendors that support Apple’s MDM (mobile device management) platform are investing as they seek to build for future growth. At this stage in the evolution of the Apple device management industry, it appears we are on the edge of an M&A frenzy as players in that space seek to build unique identities designed to foster future growth.

Industry activity is intensifying

Jamf, arguably one of the biggest firms in the Apple MDM business, has been investing deeply in companies and services to extend the tranche of security and device management tools it can provide to its customers. These extend to powerful content monitoring, zero trust, and endpoint management.

Jamf CIO Linh Lam recently noted the acceleration of Apple’s enterprise market status, predicting: “The way the demand is growing and the expectations of younger generations joining the workforce, Apple devices will be the number one endpoint by 2030.” 

More recently, we’ve begun to see entities from outside the Apple device management space begin to seek a way in. VMWare’s $1.17 billion acquisition of AirWatch in 2014 showed what was coming. Ivanti in 2021 purchased MobileIron. More recently, GoTo is in the process of acquiring cloud-based cross-platform device management provider Miradore. And arguably one of the larger illustrations of this kind was Apple’s 2020 acquisition of MDM vendor Fleetsmith, whose solutions have now been rolled inside Apple Business Essentials.

Elsewhere, Hexnode has entered a partnership with Keeper Security; JumpCloud in February acquired MYKI to expand its cloud directory platform; Kandji continues to attract investment capital as it plays its own long game; Addigy is working with Acronis (the latter also works with Jamf); and Mosyle recently closed a $196m funding round and introduced new solutions for enterprise customers.

The irresistible force

This activity has purpose, of course. As enterprises become increasingly digitized, the value of the device management market is expected to reach $28.7 billion by 2027.

To put that figure into context, that’s around four times the existing value, meaning there is huge scope for growth in the space, particularly around Apple devices.

We’ve looked before at the acceleration there, as Mac and iOS together now comprise around 23% of global mobile/PC consumer market share and a higher slice of enterprise/knowledge worker markets. When it comes to the Mac, Gartner analyst Mikako Kitagawa recently predicted Apple will seize 10.7% of the PC market in 2026 as Windows share slips. And, of course, a 2021 Dimensional Research survey found that 85% of IT decision makers say Apple devices are more secure.

With hundreds of millions of PC replacements now in sight as old Windows OS installations expire and companies seek to secure all endpoints against catastrophic business failure, the Apple side of this equation remains a highly attractive target for all these parties (and a few I probably forgot).

Carving out space in these markets means Apple MDM vendors are under some pressure to extend the functionality of the solutions they provide while also defining their own unique market position.

Many hope to achieve this by extending their core products with tools for security, remote support, and collaboration or by specializing in the needs of vertical markets such as education, healthcare, and manufacturing.

Why a wave of acquisitions may be on the way

Of course, with SAP, BlackBerry, Cisco, Citrix, IBM, Microsoft, Sophos, SOTI, and others also vying for some or all of the same business, smaller vendors must work hard to develop their own unique offerings. This suggests (at least to my jaded mind) that at some point relatively soon, we will see a wave of mergers and acquisitions as larger entities scoop up some of the smaller firms in a bid to offer more effective cross-platform MDM tools to enterprise customers and secure growth in a challenging market.

What next?

Quite a lot now depends on platform vendors, including Apple. MDM solutions providers live and die through the power of the APIs made available to them, which means that the addition of features and functionality is equally dependent on such system-level support.

All the same, if there’s a seemingly unexplored space that relates to these technologies, it likely extends to remote collaboration and autonomous security solutions.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple has struck a big blow against the mercenary “surveillance-as-a-service” industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.

Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”

In recent years, a series of targeted spyware attacks against journalists, activists, and others have been exposed. Names including Pegasus, DevilsTongue, Predator, Hermit, and NSO Group have undermined trust in digital devices and exposed the risk of semi-private entities and the threat they show against civil society. Apple has made no secret that it is opposed to such practices, filing suit against the NSO Group in November and promising to oppose such practices where it can.

“Apple’s newly released Lockdown Mode will reduce the attack surface, increase costs for spyware firms, and thus make it much harder for repressive governments to hack high-risk users,” said John Scott-Railton, senior researcher at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy.

“We congratulate [Apple] for providing protection to human rights defenders, heads of state, lawyers, activists, journalists, and more,” tweeted the EFF, a privacy advocacy group.

What does Lockdown Mode do?

At present, Apple says Lockdown Mode provides the following protections:

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
• Wired connections with a computer or accessory are blocked when an iPhone is locked.
• Configuration profiles cannot be installed and the device cannot enroll into mobile device management (MDM) while Lockdown Mode is turned on.

Ivan Krstić, Apple’s head of Security Engineering and Architecture, notes that Lockdown Mode can be applied to devices that are already enrolled in an MDM service. “Pre-existing MDM enrollment is preserved when you enable Lockdown Mode,” he tweeted.

The company says it intends to extend the protection provided by Lockdown Mode over time and has invested millions in security research to help identify weaknesses and increase the integrity of this protection.

How to enable Lockdown Mode

Apple

• Lockdown Mode is enabled in Settings on iPhones and iPads and in System Settings on macOS.
• You’ll find it as an option in Privacy & Security, listed at the bottom of the page.
• Tap Lockdown Mode and you’ll be told that this provides “Extreme, optional protection that should only be used if you believe you may be personally targeted by a highly sophisticated cyberattack. Most people are never targeted by attacks of this kind.”
• The prompts also warn users that certain features will no longer work as you are used to. Shared albums will be removed from Photos, and invitations will also be blocked.

What is the scale of this threat?

These attacks don’t come cheap, which means most people are unlikely to be targeted in this way. Apple began sending threat notifications to potential victims of Pegasus soon after it was revealed and says the number of people targeted in such campaigns is relatively small.

All the same, the scale is international, and the company has warned people in around 150 nations since November 2021. A BBC report confirms hundreds of targets and tens of thousands of phone numbers leaked as a result of NSO’s Pegasus alone. Victims have included journalists, politicians, civil society advocates, activists, and diplomats, so while the numbers are small, the chilling impact of such surveillance is vast.

I believe that such technologies will become cheaper and more available over time, so it’s only a matter of time before they leak into wider use. Ultimately the very existence of such attacks — state-sponsored or not — makes the entire world less safe, not safer.

“There is now undeniable evidence from the research of the Citizen Lab and other organizations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide,” said Citizen Lab Director Ron Deibert in a statement. Deibert told CNET he thinks Lockdown Mode will deal a “major blow” to spyware companies and the governments that use their products.

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Apple’s Krstić in a statement. “That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

There’s little doubt Microsoft and Google will also move to provide similar protection to users. Google and Meta already offer tools to secure the accounts of those who are at an “elevated risk of targeted online attacks,” but these tools don’t go nearly as far as Lockdown Mode.

Apple’s investments in security

Apple already makes vast investments in security. For example, the company is working with others in the industry to support password-free authentication, has built tools to mask IP addresses and continues to focus on user privacy.

The company will introduce a Rapid Security Response feature for its devices this fall, which will make it possible to deploy security fixes outside of full security updates and much more. Apple is even investing in improving the security of programming languages, further eroding potential attack surfaces.

The company has now announced further investment in the security community:

• Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.
• Apple is also making a $10 million grant, plus any damages awarded from the lawsuit it is pursuing against NSO Group, to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware. It is giving this money to the Ford Foundation’s Dignity and Justice Fund.

What will the Dignity and Justice Fund do?

The fund will make its first grants later this year, focusing initially on initiatives to expose the use of mercenary spyware. In the press release announcing the initiative, Apple tells us these grants will focus on:

• Building organizational capacity and increasing field coordination of new and existing civil society cybersecurity research and advocacy groups.
• Supporting the development of standardized forensic methods to detect and confirm spyware infiltration that meet evidentiary standards.
• Enabling civil society to more effectively partner with device manufacturers, software developers, commercial security firms, and other relevant companies to identify and address vulnerabilities.
• Increasing awareness among investors, journalists, and policymakers about the global mercenary spyware industry.
• Building the capacity of human rights defenders to identify and respond to spyware attacks, including security audits for organizations that face heightened threats to their network

The fund’s grant-making strategy will be advised by a global Technical Advisory Committee. Initial members include Daniel Bedoya Arroyo, digital security service platform analyst at Access Now; Citizen Lab Director Ron Deibert; Paola Mosso, co-deputy director of The Engine Room; Rasha Abdul Rahim, director of Amnesty Tech at Amnesty International; and Apple’s Krstić.

Ford Foundation Tech and Society Program director Lori McGlinchey said:

“The global spyware trade targets human rights defenders, journalists, and dissidents; it facilitates violence, reinforces authoritarianism, and supports political repression. The Ford Foundation is proud to support this extraordinary initiative to bolster civil society research and advocacy to resist mercenary spyware. We must build on Apple’s commitment, and we invite companies and donors to join the Dignity and Justice Fund and bring additional resources to this collective fight.”

What else can you do?

Following revelations about NSO Group last year, Apple published a set of recommendations to help users mitigate against such risks. These guidelines do not even approach the kind of robust protection you can expect from Lockdown Mode, but it makes sense for anyone to follow such practices:

• Update devices to the latest software, which includes the latest security fixes.
• Protect devices with a passcode.
• Use two-factor authentication and a strong password for Apple ID.
• Install apps from the App Store.
• Use strong and unique passwords online.
• Don’t click on links or attachments from unknown senders.

Furthermore, Amnesty Tech is gathering signatures to demand an end this kind of targeted surveillance of human rights defenders. I’d urge readers to add their signature to my own.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple has made a decision that should show most enterprises that, when it comes to COVID-19, it’s not over till it’s over. The company has reportedly deferred plans to get staff back in the office three days a week because of increasing infection rates.

Living with COVID means taking it seriously

A weekend Bloomberg report tells us the full implementation of Apple’s originally mandated three-days-a-week-in-person plan is probably “not imminent.” The report suggests the company is experiencing rising infection rates across its workforce. If Apple is experiencing this, then it is not alone.

Way back at the beginning of the pandemic, Apple’s retail stores became seen as guides to local infection rates. The company’s planetary network of stores gave Apple’s HR teams global insight into disease outbreaks. Reporters followed Apple store closures as a guide to the disease clusters.

Apple still has access to those insights today, which means its decision to suspend its return-to-the-office diktat should be seen for what it is: a signal that the sickness has not abated.

Of course, we must identify some way to live with COVID, but doing so also means taking it seriously. Magical thinking will not make the disease go away, but smart working practices, staggered commuting patterns, and investment in air filtration systems might help blunt its impact.

Apple’s decision to suspend progress on the return to the office shows the company is coming to terms with that reality. At least, I think it does.

A warning you should heed

Apple had chosen to adopt a hybrid work pattern in which employees attend the office three days a week and work remotely for two. It began requesting workers return to the office for one day a week on April 11, two days from May 4, and had intended attendance to rise to three days by May 23. Employees are currently expected to be present for two days a week, but the move to three has been delayed.

In common with everyone else, not every Apple employee has been able to work remotely during the pandemic. Some of its teams have continued working in person across most of the last couple of years.

But the decision to delay the company-wide return must surely be taken seriously by businesses hoping to get employees back to the office, as it suggests Apple’s data shows the risk of doing so remains high. As colleague Steven J. Vaughan-Nichols points out, that’s broadly in line with what health professionals are telling us, from epidemiologist Michael Osterholm’s warning to the Washington Post to this observation from Independent SAGE, a group of scientists in the UK: “Closing our eyes and pretending it’s not there, that’s the most dangerous strategy of all.”

If you value collaboration, stay apart

Given that the risks of COVID-19 can include months of mental and physical debilitation that leave sufferers unable to work effectively for months, a company that values collaboration and creative intelligence cannot logically insist its teams expose themselves to such risk.

The last thing Apple, or anyone else, needs is for key personnel to be out of action for months — particularly when the consequences of a forced return are so evident and any company with commitment to corporate social responsibility also has a duty to protect staff’s psychological and physical health.

Think about it. What is to be gained in mythical ‘water cooler conversations’ if there’s no one around to put those ideas into motion? Just ask the Society of Academic Emergency Medicine. It means that if your workplace values collaboration, it’s way past time to figure out how to collaborate effectively when apart.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Third-party cookies may be going away in 18 months, but will that achieve Google’s stated intentions of creating a “more privacy-first web?”

Chris Matty doesn’t think so.

In fact, he believes the death of the invasive little trackers could paradoxically make our online identities less secure.

And he believes the motivations of Apple and Google, which have advocated for an end to this form of passive surveillance, are motivated by goals that are less altruistic than they may seem.

Matty is the founder and chief revenue officer of Versium, a business-to-business omnichannel marketing firm that profiles online visitors without using cookies. Instead, it harvests data from various third-party sources in a process that complies with the California Consumer Privacy Act and then uses deterministic algorithms to make what is essentially an educated guess about the identity of visitors.

Matty believes the end of third-party cookies will be a windfall for technology giants whose reach spans multiple properties.

The losers will be everyone else.

On their own

With third-party cookies out of the picture, marketers will be forced to double down on the data they collect on their own web properties through first-party cookies, which will still be with us.

Those are the trackers you permit to install on your computer when you arrive at a website and are presented with one of those “this site uses cookies” messages.

The thousands of small website owners that now rely on third-party cookies to identify visitors will have to start collecting more data for themselves.

That means more registration pages, paywalls, and prompts to give up information about yourself.

The result will be that “the loss of cookies will actually diminish privacy,” Matty says. “Publishers are going to have to start using gated logins, so they capture an email address.”

This isn’t a problem for the few giants with a vast web footprint.

Think about this: How often do you sign in to Google or Facebook? Almost never.

Once you log in to Google, the company can follow you across its search engines, email service, office productivity applications, media sites, and other outposts in its empire.

Theoretically, it can track you on other properties as well, as long as you’re signed in.

However, independent ad networks won’t have access to this information soon, so Google and Facebook will become even more powerful online advertising brokers.

Meanwhile, independent sites will be pressured to lock down their content more tightly to encourage registration.

The result will be less free information, more walled gardens, and a greater need for people to keep track of usernames and passwords for all the places they visit.

“It will cost marketers more because [the cost per thousand visitors] will grow,” Matty says. “The cost of marketing will go up because information will be controlled by fewer companies.”

An unpopular alternative

Google has proposed an alternative called Federated Learning of Cohorts that replaces third-party cookies with anonymized information about groups of people stored in the browser.

Not everyone thinks that’s such a good idea.

“That approach would put the browser at the center of the advertising equation, and Google, not coincidentally, makes Chrome, the world’s most popular browser,” wrote Adam Tanner, an author of two books about online privacy, in a recent article in Consumer Reports.

Versium and many other identity technology firms are finding ways to reverse engineer identities without using cookies or compromising privacy.

The firm gathers data from multiple sources about people who have given their permission to share it and then uses predictive algorithms to infer identities.

Matty calls this technique “match logic. There are literally hundreds of match codes we can assign with high confidence,” he said. “We can increase match rates from 10% to 90%.”

In a B2B context, that’s valuable in harmonizing personal and business email addresses. About 70% of LinkedIn profiles are tied to personal email addresses; matching them to a list of business addresses can be a shot in the dark.

Matty says that adding third-party, opt-in data can resolve most of those mysteries.

If a marketer has a personal email address, it can be matched to a business address by factoring in other data points like a home address and the nearby population of people with similar names.

“We can look for a physical address and deduce how far they are from a business and so infer that the person works at that business,” Matty says. “There are literally hundreds of match codes we can assign with high confidence.”

This means the end of cookies could trigger an explosion in big data analytics. And guess who owns the most popular suite of analytics tools in the cloud?

Yup, it’s Google.