Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

The Latest from Susan

Feature

What cloud providers can and can't do to protect your data

Moving data to the cloud requires a sense of shared responsibility for security. Here's how cloud providers protect your data and what you still must do yourself.

Feature

Minimizing damage from a data breach: A checklist

How you respond to a data breach and the amount of damage it causes depends on how well prepared you are. Have you done everything on this list?

How-To

How malicious Office files and abused Windows privileges enable ransomware

Ransomware groups most often gain entry to Windows networks through malicious Office documents and then move laterally by abusing Windows privileges. Here's how to defend against both.

Feature

3 ways to prevent firmware attacks without replacing systems

Use these Microsoft Windows and Office features to mitigate the risk from firmware attacks. They are faster and cheaper than replacing computers.

Feature

Most common cyberattack techniques on Windows networks for 2020

Recent research breaks down the preferred techniques attackers use to gain access to Windows networks. Use this information to monitor your logs for these methods.

How-To

Tips to improve domain password security in Active Directory

Follow this advice to better secure domain passwords in a Microsoft environment.

How-To

How to reset Kerberos account passwords in an Active Directory environment

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.

Feature

Microsoft 365 Defender updates bring a single portal view

New Microsoft 365 Security Center allows you to more quickly assess threat risk and take action, but you need an E5 license.

Feature

How Azure Active Directory helps manage identity for remote users

Still using Active Directory to manage identity for remote workers? You might want to consider moving to Azure Active Directory.

Feature

The SolarWinds Senate hearing: 5 key takeaways for security admins

Testimony by key security executives in the US Senate reveal how unprepared most organizations are for supply chain attacks. Here are the lessons security admins should learn from it.

How-To

How to patch Exchange Server for the Hafnium zero-day attack

Admins in many businesses report indicators of compromise from an Exchange zero-day vulnerability. Don't assume you're not a target. Investigate for signs of the attack and patch now.

How-To

How to protect Windows Remote Desktop deployments

Attackers gain access to your Windows network just as work-from-home employees do: remotely. Following these simple steps will send them looking for easier targets.

Feature

Microsoft 365 Advanced Audit: What you need to know

Microsoft's powerful new auditing options will help detect intrusions and see what was accessed...if you've paid for the right licenses.

The Microsoft Patch Lady by Susan Bradley

The .NET patch failure that wasn’t

This month’s patch updates from Microsoft have caused few problems, and though there were some issues related to .NET, even those have been scattered.

How-To

How to defend against OAuth-enabled cloud-based attacks

Use these settings in Microsoft Azure Active Directory to take control of user-requested OAuth access permissions.

How-To

How to harden Microsoft Edge against cyberattacks

Chromium-based Edge gives enterprises the opportunity to standardize on one browser. Here are the key security settings you need to know.

Feature

What you need to know about changes to Microsoft's Security Update Guide

The Security Update Guide now aligns more closely with the CVSS, but sometimes lacks information needed to properly respond to a vulnerability report.

Feature

Tips to harden Active Directory against SolarWinds-type attacks

The SolarWinds attackers took advantage of Active Directory to gain a foothold. Here's what configurations and policies to check to better protect your network.

Feature

How to prepare for an effective phishing attack simulation

Here's what users need to know about phishing attacks before you send out a test email.

Feature

Top SolarWinds risk assessment resources for Microsoft 365 and Azure

Government and private organizations, including Microsoft, have released a wealth of information and tools to assess risk from SolarWinds-like attacks.

Popular Resources

eBook
Sponsored

Five Common Data Security Pitfalls To Avoid
Sponsor Article
Sponsored

From Remote to Hybrid, the Significance of Digital Connectivity
eBook
Sponsored

Identity Management
Video/Webcast
Sponsored

Kaseya VSA Ransomware Attack: Insights and Key Learnings
Analyst Report
Sponsored

Report: Why You’re Wrong About Operationalizing AI

See All