Jordan Benzing

This week has been a blast been in person with the most of Patch My PC this week. So much cool stuff around the company and it’s been great to spend time with people outside the tiny screen. Got some runs in with friends too

So I was reading the Patch Notes, as one does on Patch Tuesday.... and.... and.... msrc.microsoft.com/update-guide/v… Notepad... you know that thing on every. single. windows. device. ever. Has an 8.8 RCE vulnerability in it. Related to... rendering markdown. Amazing. #PatchTuesady

I'm really looking forward to this weeks Patch Tuesday Webinar. @bdam555 and I will once again be talking about all the patches, and wild things that have been happening this month. In case you were curious, yes. I'll spend time talking about Notepad++. Register here, to come spend a perfectly. good. hour. listening to us summarize the news we read in the past month, so you didn't have to. patchmypc.com/events/

Sunday long run day. People asking me about what team I support for the Super Bowl. Im team get off the couch and run. I’ve figured out that on long run days I can queue up a ton of work, by dictating GitHub issues into features, then when I’m relaxing after words, I can watch them get coded before my eyes via Claude or GitHub agent flows. Helps fit in marathon training AND community work all at once.

How my whole week has felt

Aside from a few posts here and there, I've been pretty quiet on social media for the past year, both from a blogging and talking perspective. I've been taking a break, from it as I both settled into my new role at work, and to work on building some healthier habits, over sitting at a computer screen for 28 hours a day. What did I do instead? I read some books on my backlog. I got back into running, and lifting, dropped 30+ lbs and ran my first half marathon. Now I'm training for a full marathon at the end of May. I'm finally hitting a point where it's time to really start adding the builder, and community work that I have always loved to be a part of back into the rotation. Soon(TM)

@TheWMIGuy I was trying to avoid the rabbit hole, too easy to say just say "Go Buy Patch My PC, only take updates from us that have been vetted and tested" Also, to me the update supply chain attack is my daily lived reality to help protect, so to me it's not "new" per say.

To me, you've left out a big part, self-updaters. It showed a technique that impacts self-updaters. I assume you didn't want to misuse it for sales purposes. But if you allow self-updaters you trust their content delivery, that should be a conscious decision.

Here is the promised write up. jordantheitguy.com/security/notep…

Those of you who are following the Notepad plus plus scenario. There was an update this morning. notepad-plus-plus.org/news/clarifica… The key takeaway is the *majority* of consumers should take from this message, was implied early on and now has been said definitely. "This was a highly selective attack by a state-sponsored group targeting specific high-value organizations. Security researchers confirmed that the vast majority of Notepad++ users were never affected" I'm going to write up something today, that distills a ton of the information from a bunch of different sources and get it out there. Finaly Takeaway as I said before: If you update to Version Current - and run a sweep to look for any of the listed IOC's - you are **VERY LIKELY** fine. If you used #PatchMyPC - to update, and the self updater was never allowed to run, or called to run you should update to version current - check for IOC's to be safe, but you are likely un-impacted. #Security

I promised I would write something about Notepad++ Here you go, a simplified version, of the overall infrastructure compromise that happened last year, and only now are we starting to wrestle with. jordantheitguy.com/security/notep… #Security #patching

@fbi__open__up Code signing keys you say… you mean the certificate codes cert they lost and had to replace with a local on premi code signing cert they made?

@JordanTheITguy A competent state actor would have targeted the dev first and leveraged the access to get code execution on his machine so they could steal the code signing keys. They'd also have dormant implants a la solarwinds. Luckily Chinese hackers are always shit.

All this technology stuff is cool and all. But did you take care of yourself today? Did you go for a walk? Maybe a run? Get enough sleep? Lift some heavy things and eat right? The computer will be there tomorrow, promise make sure you take care of you.

@SCCM_Ryan @PatchMyPC Can confirm. Did spend half the day in that morass. Am big nerd.

@JordanTheITguy @PatchMyPC I figured you were already wayyy more into this than I could be. Thanks for the detail.

@PatchMyPC what are the chances your method could have had fallen for this? Looks like the self updater so probably not?

Excited and honored to present at #MMSMOA again this year! Two sessions so far, both taking a look at how AI can help you as a sysadmin. If you've never been to MMSMOA - and you want to learn more about Device Management and Azure, now is the time. @mmsmoa

Well, that's a new one. I can't say that I've seen specifically a NIC overheat before and cause windows to just, disable the interface. Fun times.

@TheWMIGuy Can confirm I did in fact do this. Needed some extra sugar and protein for the 6 mile run tonight.

@JordanTheITguy So you finally did it? Never thought anyone would ever achieve this.

Hey, did you know that when you’re an adult, you can sprinkle hot fresh maple bacon on cinnamon rolls for no other reason than because you want to?

Took us a bit to get down to the bottom of it all and figure out what questions where or where not answered. If last week's big Intune Suite announcement was confusing, read on below for some clarity.