Macktez Security Updates: macOS Monterey 12.6.1 and Ventura 13

(Last updated 10/31/2022)
Apple released a couple very important updates this week, and we’re reaching out today to provide information and guidance around those. The Team here at Macktez is working hard to keep your computers up to date and secure while maintaining reliable access to the softwares that help your business operate smoothly with minimal downtime. As such, we take a conservative approach to major upgrades so we can evaluate any issues, and move forward only when we are confident they are stable.

It is recommended that the Monterey 12.6.1 update be installed, and instructions for doing that are below.

Macktez advises against a Ventura upgrade at this time, because of major security revisions and some third party software incompatibilities that have yet to be addressed. For clients who subscribe to Workstation Management, Macktez will approve and release the Monterey 12.6.1 security update and delay (temporarily block) the Ventura upgrade. For clients who are not enrolled in the management toolset, caution should be taken regarding Ventura at this time.

If computers are currently running Monterey or Big Sur (or an older OS), here are some tips for updating those systems to the latest version without applying the major Ventura upgrade:

– Go to the  Apple menu in the upper left corner and select “System Preferences”
– Choose “Software Update”
– Under the Ventura banner, find ‘Other updates are available’, and click on the tiny blue text under that that says “More Info.”
– In the window that appears, select all items and click “Install now.” Note that the computer will restart, and the full update may cause downtime for an hour or so.

If you’re curious, you can find Apple’s release notes on these updates by clicking the links below.
macOS Monterey 12.6.1 https://support.apple.com/en-us/HT213494
macOS Ventura 13 https://support.apple.com/en-us/HT213488

If you have questions or run into any problems, please email support@macktez.com.

Security Bulletin: Critical macOS Updates

(Last Updated: 8/22/2022)

Apple has released critical security updates this week, and the Macktez release schedule will be tighter than for prior releases. The Managed Services group is releasing those updates for eligible computers as of 8/20/2022, but users are encouraged to manually install at any time prior to the release, when convenient.

Notes: If the computer is not yet running Monterey, it can remain at the current macOS system, and ignore any notices to upgrade to Monterey.

WHAT YOU NEED TO DO
– If you would like to control the timing of these updates by doing them on your own schedule, go to the Apple menu at the top left of your screen, select System Preferences, then Software Update. Save your work, quit all running applications and let the machine restart. If updates are available, the install can take approximately 45 minutes to an hour.
– If the machine is running Monterey, that is the only update you will see and you can click “Install”.
– If the computer is running an earlier OS, like Mojave, Catalina or Big Sur, you will see “Other updates are available” below the Monterey upgrade box. Click “More info” below that, and install the updates that pop up.
– If the above task is not completed manually, starting today, you will receive a total of 4 prompts (at 24-hour intervals) from Macktez Management to restart your machine. These prompts will show a turquoise logo, and read “Update Requires Restart”. The prompt will disappear after a few minutes, so if you miss it, you will see another one 24 hours later.
– If after the 4th prompt you still have not yet restarted, a disruptive restart will be initiated. This prompt will show a turquoise logo, and read “Mandatory Update”, and you will have approximately 10 minutes to save your work. This may disrupt your workflow for up to an hour, and could result in losing files if you don’t save your work first.

HERE ARE THE UPDATES BEING RELEASED
macOS Monterey 12.5.1, requires a restart
macOS Big Sur 11.6.8, requires a restart
Security Update 2022-005 Catalina, requires a restart
Safari 15.6.1 for Big Sur and Catalina, does not require a restart

Also available, FYI:
iOS 15.6.1 and iPadOS 15.6.1
watchOS 8.7, which can be installed via the Watch app on iPhone

If you have questions or run into any problems, please email support@macktez.com.

Thank you for your attention to this important matter. Macktez is confident that everyone will find these updates very easy to apply.

Bulletin: Windows 11 Upgrade

(Last Updated: 7/12/2022)

Macktez is not releasing a Windows 11 upgrade at this time, but Microsoft has begun automatic installs on compatible computers.

While there is an option to temporarily defer the automatic upgrade, Microsoft has not provided a way to stop it. In order to minimize inconvenience and potential disruption, clients should plan ahead, take control, and designate a time to manually install the upgrade on all affected machines.

This page outlines Windows 11 specs, features, and requirements. Macktez is unaware of any major compatibility issues at this time. However, if you’re concerned about a particular application, please reach out to your Strategist to review together before upgrading.

TO DEFER THE WINDOWS 11 INSTALL
To defer the Windows 11 install, follow the steps below which will enable a grace period of up to 5 weeks (an Admin login is required to change these settings). Keep in mind though, that after selecting a grace period, Windows 11 will automatically be installed.
– Right-click on the Start menu button on the Windows Taskbar below.
– Select “Settings.”
– From the left panel, click on “Windows update.”
– You will see a Pause updates option. A drop-down selection menu with options to pause for one week and up to five weeks is to the right. Select the number of weeks you want to stop automatic updates on your PC from the drop-down menu.

TO MANUALLY MANAGE THE WINDOWS 11 INSTALL
To take control over when Windows 11 is installed so as not to interrupt work, it can be manually installed.
– Right-click on the Start menu icon on the Windows Taskbar at the bottom.
– Select “Settings.”
– On the left, click on “Windows Update.”
– If updates are paused, click on the “Resume updates” button.
– Under “More options,” click on “Advanced options.”
– On the Advanced options page, make sure that “Receive updates for other Microsoft products” is toggled ON. When this is toggled on, the computer will look for updates for all installed Microsoft software.
– To allow updates to install as soon as they arrive, toggle on “Get me up to date.” Otherwise, set “Active hours,” so restarts won’t occur while the computer is actively in use.
– Click on “Windows Update” at the top of the “Advanced Options” window.
– Click on the “Check of updates” button to begin the update process manually. Future updates will happen automatically.

Note that the computer may need to restart multiple times based on the number of new updates installed. Don’t turn off the computer in the middle of the process and make sure it is plugged in. If the update process is interrupted, it can create file corruption issues that cause errors or even failure to boot.

If you have questions or run into any problems, please email support@macktez.com or call 646.274.0933 (press 0 for Support).

Security Bulletin: Critical Vulnerability in APC Batteries

(Last Updated: 3/25/2022)

A major security vulnerability has recently been identified for network-connected backup batteries made by APC (Schneider Electric).

For more context, a detailed writeup from the firm that discovered this vulnerability can be found here.

Backup batteries are often installed with file servers and network equipment to make sure that these essential devices can remain on during a brief power outage. Connecting these batteries to the network, while not necessary for them to perform their basic function, allows network managers to monitor power-related events and total power consumption of connected equipment.

The vulnerability in question is not likely to be used broadly and most offices will not be in danger unless specifically targeted, but its potential consequences are severe enough that susceptible devices must not be left unprotected.

At Macktez, we are in the process of reviewing our own records to make sure that any impacted clients receive the firmware updates they need to remain protected. We are also asking all Macktez clients to review their network racks and all server equipment to make us aware of any backup batteries we don’t know about.

While reviewing equipment, clients should confirm the following:
– Is there a device in the rack or on the floor near the network or server equipment that other devices are plugged into for power (like a power strip but much more substantial)?
– Does the device have an “APC” logo on the front?
– Is there an attached ethernet networking cable plugged into the back of the device, where power cables are plugged in?

If the answer to all of these questions is “Yes” please let the Macktez Team know immediately so that appropriate action can be taken. No equipment updates are required if backup batteries are confirmed to have no ethernet cable connected.

Finally, a general reminder for all our clients to be careful about adding any new equipment to office networks. A wide array of “internet of things” and “smart” devices are available and becoming as common in offices as TVs and coffee makers. The new technology is exciting, but the Macktez Team should be informed about all devices connected to the networks we support, including any device able to access the office WiFi. These kinds of devices often have substandard security policies and should be added to the network in a way that keeps all equipment and data safely protected.