Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Echoing the pace of the Anniversary Update, Microsoft releases KB 4020102, another big bug fix

    Posted on May 26th, 2017 at 10:17 woody Comment on the AskWoody Lounge

    Yesterday Microsoft released KB 4020102 , a big bug fix for the Win10 Creators Update, version 1703. That brings Win10 1703 up to build 15063.332.

    Nothing much to see here, folks. It’s a garden-variety bug fix, common with new versions — the result of accumulated pain from unpaid beta testers for version 1703. AdDuplex says that 18% of Win10 users are on 1703. Which, they say, is the same adoption rate that we saw with Anniversary Update.

    Patching Creators Update is proceeding at the Anniversary Update’s pace, as well.

    In the case of Creators Update, version 1703, there was an initial patch to build 15063.13 on April 5, a security patch on Patch Tuesday 15063.138 on April 11, and one to build 15063.250 on April 25. Then there was a security patch 15063.296 on Patch Tuesday, May 9. And now a general bug fix to 15063.332 on May 25. That makes five patches in seven weeks.

    For Anniversary Update, version 1607, we saw build 14393.10 on Aug. 2 (same date as general availability), build 14393.51 on Aug. 9 (Patch Tuesday), and build 14393.82 on Aug. 23, build 14393.105 on Aug. 31, build 14393187 on Sept 13 (Patch Tuesday), 14393.187 on Sept 20 – six patches in seven weeks.

    The more things change, the more they stay the same.

    Of course, you’re smart, you run Win10 Anniversary Update (or Win7 or 8.1), and you’ve actively blocked the upgrade to 1703.

    If you’re running Creators Update and have a problem with KB 4020102, be sure to let Microsoft know, on the Reddit thread.

  • Mossberg: The Disappearing Computer

    Posted on May 25th, 2017 at 16:08 woody Comment on the AskWoody Lounge

    If you haven’t yet read Walt Mossberg’s last column, it’s fascinating.

    From his first column, in the Wall Street Journal October 17, 1991:

    Personal computers are just too hard to use, and it isn’t your fault.

    To this, his last column, 1,336 weeks later:

    Personal technology is usually pretty easy to use, and, if it’s not, it’s not your fault… We’ve all had a hell of a ride for the last few decades, no matter when you got on the roller coaster. It’s been exciting, enriching, transformative. But it’s also been about objects and processes. Soon, after a brief slowdown, the roller coaster will be accelerating faster than ever, only this time it’ll be about actual experiences, with much less emphasis on the way those experiences get made.

    I wrote my first computer book in 1991, and I recall breathlessly waiting for Walt’s column every week. Although I’ve disagreed with many of his conclusions, and he frequently covered topics that didn’t particularly appeal to me, his insights remain amazing.

    Good luck, Walt.

  • Anti-Ransomware Software Overview Update

    Posted on May 23rd, 2017 at 16:28 Kirsty Comment on the AskWoody Lounge

    Martin Brinkmann has updated the Security overview, to 23 May 2017.

    “There are two types of Anti-Ransomware software programs: those that protect the system in real-time against incoming threats, and those that disinfect the system after a successful ransomware attack.”

    As well as reviewing named programs that act to prevent ransomware, a handy table compares the various paid and free software options.

    Decryption is also discussed, should you have the misfortune to not prevent an infection.

    Martin’s advice is worth repeating here:

    “As far as prevention is concerned, there is more that users can do, for instance making sure they run up to date security software, do back ups of important data and keep the backups detached from the system, or use common sense.”

    Take a look at Martin’s full article here.

  • The “new” XP patch KB 982316 is a dud, but the new MSRT is for real

    Posted on May 23rd, 2017 at 06:12 woody Comment on the AskWoody Lounge

    Yesterday, I wrote about the mysterious “new” Windows XP patch KB 982316. There’s speculation all over the web that Microsoft is now patching Windows XP again.


    @abbodi86 dug in and confirmed:

    The digital signature of the downloaded file indicates that it’s still the same old one, “Monday, ‎June ‎14, ‎2010”. So this is just a review/renew of the download page for some reason

    On the other hand, the new Malicious Software Removal Tool, KB 890830, is very real. An anonymous poster notes that it’s marked “Important” in Windows 7. The Windows Update list says that the program has changed, and the metadata has changed. @ch100 theorizes that it’s a WannaCry detector, which is confirmed in the Technet post Customer Guidance for WannaCrypt attacks:

    Update 5/22/2017: Today, we released an update to the Microsoft Malicious Software Removal Tool (MSRT) to detect and remove WannaCrypt malware. For customers that run Windows Update, the tool will detect and remove WannaCrypt and other prevalent malware infections. Customers can also manually download and run the tool by following the guidance here. The MSRT tool runs on all supported Windows machines where automatic updates are enabled, including those that aren’t running other Microsoft security products.

    As I’ve said many times over the past week, WannaCrypt only attacks Windows 7. No matter which version of Windows you have, you’d be well advised to run the new MSRT and see if it picks up any vestiges.

    (Historical note: Microsoft’s sticking to the “WannaCrypt” name while most of the popular press has moved to “WannaCry.” I switched from WannaCrypt to WannaCry, too, in response to an edit. The worm calls itself “Wana Decrypt0r” with a zero. Malware researchers pick their own names, and there’s no central authority assigning names to specific infections. It’s all about branding, folks — I guess “WannaCry” sounds more compelling.)

  • What’s up with the “new” XP patch KB 982316?

    Posted on May 22nd, 2017 at 13:37 woody Comment on the AskWoody Lounge

    I don’t know what to make of it.

    I’m seeing reports all over the internet that Microsoft has released a new Windows XP patch, KB982316.

    Yes, Windows XP.

    There’s a download link that’s dated May 19, 2017 — last Friday.

    But there’s no Microsoft Update Catalog listing.

    The KB article says it was last reviewed on June 10, 2011:

    This update implements a defense-in-depth change that some customers may decide to deploy.. This update changes the Access Control Lists (ACLs) for the following registry entry:


    By default, Network Service (NS) users explicitly have full permission to this registry entry. After you install this update, NS users will have Read-Only access to this registry entry. The update will apply the same ACLs to all subkeys of the registry entry.

    The KB article points to Security Advisory 2264072, Elevation of Privilege Using Windows Service Isolation Bypass, but that article’s dated Aug. 10, 2010. Version 1.0.

    Is this another supercedence screw-up? (We’ve seen many, lately.) Is it related to the Shadow Brokers trove?

    And, if it’s really a new patch – not some phantom resurrected erroneously — is Microsoft going to patch XP for NSA-derived exploits?

  • We’re now taking Bitcoins

    Posted on May 22nd, 2017 at 06:09 woody Comment on the AskWoody Lounge

    I’m finally being dragged into the 21st century…

    Along with the other donation options — Patreon, PayPal, shopping with Amazon, check or cash, all explained in the top right corner of this page — we’re also taking Bitcoin donations:


    Our income’s still meager, but it’s enough to keep the lights on. Thanks to all of you, especially our donors.

  • MS-DEFCON 3: Get patched and brace yourself for a Malware-as-a-Service future

    Posted on May 21st, 2017 at 18:15 woody Comment on the AskWoody Lounge

    The times are a-changin’.

    Last October, Microsoft started lumping together all of its Windows 7 and 8.1 patches. Before October, we had separate patches — separate KBs — for individual security holes, and for non-security improvements. After October’s patchocalypse, we were given two big monthly globs. You could choose to have all of your patches in one fell swoop — a choice I call “Group A” with Monthly Rollups — or you could take just the security patches, in a different fell swoop — “Group B” in my parlance, with Security-Only updates.

    There have been a few changes since then — Internet Explorer patches got pulled out, for example — and a lot of confusion over, e.g., .NET Security-only and Monthly Rollups, but by and large, the Windows 7 and 8.1 patching world a month ago was divided into three parts:

    • Group A – automated installation of Monthly Rollups
    • Group B – manual installation of specific Security-Only patches
    • Group W – folks who sat on the bench and didn’t patch at all.

    That neat (if controversial and not really so neat) version of the world changed forever when, earlier this month, Shadow Brokers not only released the NSA’s trove which gave rise to the WannaCry worm, it also set up an auction for the “Shadow Brokers Monthly Data Dump” — what I’ve called Malware as a Service. You can bet that there are some very nasty malware surprises coming, all lovingly crafted by the US National Security Agency, stolen, then spread by Shadow Brokers.

    In the not-so-good-old-days, supercharged Windows hacks were tools for expensive, targeted, usually politically motivated attacks. In the near future, that will no longer be the case. With the Shadow Brokers Monthly Data Dump comes democratization of the malware industry. Anybody, it seems, can strap their favorite piece of junk malware onto one of these souped-up infection methods and start attacking normal folks.

    Group W — R.I.P.

    With Shadow Brokers guaranteeing that major Windows vulnerabilities are coming every month, Group W is just plain dangerous. It’s not an option. Sorry.

    Group B — Only for experts with a high tolerance for pain

    Group B, which is based on Microsoft’s commitment to deliver Security-only updates every month, has gone from relatively simple to very complex. Officially, Internet Explorer patches have been broken off from the main download. There’s all sorts of confusion about .NET patches — which are Security-only, which Rollups? We’ve seen security patches released outside the monthly Security-only stream. There have been bugs in Security-only patches that were fixed outside of the Security-only stream. There’s a host of problems documented in this Topic.

    Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.

    Pick up the Pace

    In the past I’ve waited several weeks to see if any big bugs appear before recommending that you install available patches. In the future, I need to pick up the pace. That means I may throw some of you under the bus, changing the MS-DEFCON level with some possible problems intact, and for that I apologize. Given the expected upswing in Windows-targeted malware, though, there doesn’t seem to be much choice.

    That said, it’s now time to apply the May 2017 updates. Here’s what I recommend:

    Windows 10

    It’s still too early to jump to Win10 Creators Update, version 1703. Wait for it to be designated “Current Branch for Business.” You can block the upgrade with a few simple steps, detailed in this InfoWorld post.

    Go ahead and run the steps in AKB 2000005: How to update Windows 10 – safely. You may want to use wushowhide to hide any driver updates. All of the other updates should be OK, including Servicing stack updates, Office, MSRT, or .Net updates (go ahead and use the Monthly Rollup if it’s offered).

    Windows 7 and 8.1

    If you’re running Windows 7 or 8.1 on a PC made in the past 18 months, check to see if installing this month’s Windows patches will completely block Windows Update. See AKB 2000006: Check to see if Microsoft is blocking Windows Update on your new computer. In particular, if you try to run updates and get an “Unsupported hardware” notification (screenshot), Microsoft won’t willingly let you update your machine. See the AKB 2000006 article for a workaround.

    If you absolutely must avoid Microsoft snooping at all costs, go ahead with the instructions in AKB 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1, but realize that thar be tygers here. Be particularly sure to install the March Security-Only update; that’s the one with the patches to the SMBv1 driver that’ll block WannaCry and its ilk.

    For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Watch out for driver updates — you’re far better off getting them from the manufacturer’s web site.

    After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Win7 and 8.1 machines.

    Good luck patching. Keep your eyes peeled for bugs — and be sure to update when next month rolls around.

  • Windows 10 Anniversary Update OK?

    Posted on May 21st, 2017 at 15:42 woody Comment on the AskWoody Lounge

    Just got this from reader NP:

    I have been following your articles about issues with Windows 10.  Would you say at this point, it is safe to update, or should we still wait?  I am concerned about not having the latest patches because of the WannyCry ransomware.

    It’s safe to upgrade to Windows 10 Anniversary Update, version 1607

    It’s too early to upgrade to Windows 10 Creators Update, version 1703

    This is the part that gets me. WannaCry only infects Windows 7 machines. Period. (And Server 2008R2, which is basically Windows 7.)

    WannaCry does NOT infect Windows XP. I’ve been saying that since my first report a week ago. In spite of what you’ve read, WannaCry does not infect WinXP.

    WannaCry does NOT infect Windows 8.1.

    WannaCry does NOT infect Windows 10. Any version. That tiny blip on the Kaspersky chart is no doubt due to mis-reporting, or the possibility that people were running infected WinXP machines in a Virtual Machine on Windows 10. I don’t know of any other way there could be any occurrences.

    That said, you need to make sure your Windows computer is fully protected against WannaCry – every version, from XP to Win10. The problem isn’t WannaCry itself. The problem’s all the other malware that’s likely to follow in its footsteps.