Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

Why it's time to review your Microsoft patch management options

Why it's time to review your Microsoft patch management options

Microsoft does not appear to be updating Windows Software Update Services, but newer patch management options might be a better choice.

How to update your Windows driver blocklist to keep malicious drivers away

How to update your Windows driver blocklist to keep malicious drivers away

An investigation revealed that Microsoft’s malicious driver blocklist wasn’t updating as expected. Here’s how to make sure you’re not letting bad actors gain access to your system through these carefully crafted attack tools.

Top considerations when choosing a multi-factor authentication solution

Top considerations when choosing a multi-factor authentication solution

Choosing the right MFA solution for a Microsoft environment that covers all authentication needs will reduce stress on your IT admins and help desk.

How cybercriminals use public online and offline data to target employees

How cybercriminals use public online and offline data to target employees

A LinkedIn post about getting a new job turned into a potential phishing scam. Similar incidents are more common than you might think.

What are the new Windows 11 22H2 security features?

What are the new Windows 11 22H2 security features?

The September Windows 11 update add protections against malicious applications and drivers, phishing, credential misuse, and more.

Recommended security resources for Microsoft Active Directory

Recommended security resources for Microsoft Active Directory

These resources will keep you up to date on how to best protect your Active Directory domains.

Resolving conflicts between security best practices and compliance mandates

Resolving conflicts between security best practices and compliance mandates

Sometimes the latest security best practices don't align with an organization's compliance templates. These are some of the areas where you might need an exception.

Why patching quality, vendor info on vulnerabilities are declining

Why patching quality, vendor info on vulnerabilities are declining

It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.

Ransomware safeguards for small- to medium-sized businesses

Ransomware safeguards for small- to medium-sized businesses

Following these 40 safeguards from the Institute for Security and Technology will help protect SMBs from ransomware and other malware attacks.

8 tips to secure printers on your network

8 tips to secure printers on your network

Printers are essentially computers attached to your network and should be protected accordingly. Here's how.

Tips to prevent RDP and other remote attacks on Microsoft networks

Tips to prevent RDP and other remote attacks on Microsoft networks

Microsoft is deploying new features and defaults to help keep threat actors from remotely accessing networks, but you can do more.

Best practices for recovering a Microsoft network after an incident

Best practices for recovering a Microsoft network after an incident

Follow this advice to minimize stress when recovering credentials, systems and settings after a ransomware or other cyberattack.

How to manage Microsoft's Excel and Office macro blocking

How to manage Microsoft's Excel and Office macro blocking

Microsoft's reversal of its blocking by default on Excel macros creates an opportunity to improve policies and processes around Excel and Office macro use.

10 tasks for a mid-year Microsoft network security review

10 tasks for a mid-year Microsoft network security review

Are your settings, policies and processes keeping up with the changing threat landscape? Review your network to make sure.

How to keep attackers from using PowerShell against you

How to keep attackers from using PowerShell against you

New guidance shows how to harden PowerShell and make it more difficult for threat actors to hijack for malicious purposes.

How and why threat actors target Microsoft Active Directory

How and why threat actors target Microsoft Active Directory

New vulnerabilities in Active Directory emerge regularly, and unpatched old ones and misconfigurations open doors for attackers.

How Microsoft Purview can help with ransomware regulatory compliance

How Microsoft Purview can help with ransomware regulatory compliance

Microsoft's renamed compliance portal provides guidance and rule-setting capability to help comply with ransomware and other security and privacy requirements.

How to mitigate Active Directory attacks that use the KrbRelayUp toolset

How to mitigate Active Directory attacks that use the KrbRelayUp toolset

Attackers are using the KrbRelayUp toolset to compromise Kerberos in on-premises Active Directory networks. This two-step process should protect you.

Best practices for deploying multi-factor authentication on Microsoft networks

Best practices for deploying multi-factor authentication on Microsoft networks

Microsoft will soon mandate MFA for some customers, and these are the key considerations before you deploy it.

How to audit Microsoft Active Directory

How to audit Microsoft Active Directory

Patching alone won't fix all known Active Directory vulnerabilities. Here are the steps to audit your Active Directory domains and shore up weaknesses.

Load More