AskWoody

Patch Lady – Mr. Metadata got fixed

Remember this post?  Last night in addition to a new update for 1709, KB4093118 for Windows 7 got refreshed.  It appears that once it’s metadata got fixed we no longer have the issue with it being reoffered to that platform.

What exactly is metadata and especially when it comes to updates?  Metadata is information that Microsoft update and WSUS used to determine which update is applicable to which operating system.  In this case the revision info says ….

The applicability rules or prerequisites have changed.  This type of change means that the set of machines on which the new revision is offered may be different from the set of machines on which the old revision is offered.  Information has changed about how to install the update files.

Before if you installed the preview update for Windows 7, KB4093118 kept getting reinstalled due to the faulty detection.  Microsoft fixed the detection and voila… no more reoffered update.

Bottom line patches often have to be told what to apply to, they don’t just “know”.

Win7 and Server 2008 R2 users take notice: It’s only a matter of time before Total Meltdown comes a-knockin’

I haven’t seen anything in the wild as yet, but there’s new, improved exploit code on GitHub — and it won’t be long.

Consolation and advice in Computerworld Woody on Windows.

Patch Lady – 1709 KB4093105 newly out

Windows 10 1709 got another update today in the form of KB4093105.  Based on my read I think it’s fixing the pen issue that was introduced.

There are a couple of issues that admins may be both glad that it’s being fixed and scratching their heads over what took Microsoft so long to fix:

Addresses an issue that causes modern applications to reappear after upgrading the OS version even though those applications have been deprovisioned using remove-AppXProvisionedPackages-Online.

Addresses an issue that prevents Autodiscover in Microsoft Outlook 2013 from being used to set up email accounts when UE-V is enabled.

That one where modern apps come back after upgrading …. I’m honestly surprised that at this late stage of release of 1709… after all we’re just about to get the next feature release… and just now Microsoft is fixing an issue whereby modern apps are getting reinstalled after a feature update to 1709 after the admin has removed the app through a process that affectionately refer to as deconsumerizing Windows 10.

For those admins looking for more ideas how to get rid of the candy crush apps off the Windows 10 that you are rolling out check out these posts:

https://blogs.technet.microsoft.com/mniehaus/2015/11/11/removing-windows-10-in-box-apps-during-a-task-sequence/

https://community.spiceworks.com/scripts/show/3977-windows-10-decrapifier-version-2

Remember that for ultimate control and customization you need Enterprise version

More observations: Computerworld Woody on Windows.

Total Meltdown (not Meltdown!) exploit now available

Remember Total Meltdown, the gaping 64-bit Win7/Server 2008R2 security hole introduced by Microsoft in all of these patches?

• KB 4056894 Win7/Server 2008 R2 January Monthly Rollup.
• KB 4056897 Win7/Server 2008 R2 January Security-only patch.
• KB 4073578 Hotfix for “Unbootable state for AMD devices in Windows 7 SP1. and Windows Server 2008 R2 SP1” bug installed in the January Monthly Rollup and Security-only patches.
• KB 4057400 Win7/Server 2008 R2 Preview of the February Monthly Rollup.
• KB 4074598 Win7/Server 2008 R2 February Monthly Rollup.
• KB 4074587 Win7/Server 2008 R2 February Security-only patch.
• KB 4075211 Win7/Server 2008 R2 Preview of the March Monthly Rollup.
• KB 4091290 Hotfix for “smart card based operations fail with error with SCARD_E_NO_SERVICE” bug installed in the February Monthly Rollup.
• KB 4088875 Win7/Server 2008 R2 March Monthly Rollup.
• KB 4088878 Win7/Server 2008 R2 March Security-only patch.
• KB 4088881 Win7/Server 2008 R2 Preview of April Monthly Rollup.

The chickens have come home to roost. In the past few hours there’s been exploit code posted on GitHub that takes advantage of the Total Meltdown hole. Self-described “Hacker and Infosec Researcher” XPN has details.

Thank you, Microsoft.

At this point, I figure Win7/Server 2008 R2 users have three options:

• Take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. That’s a massive, thankless, task, and it leaves you exposed to the (few) real security holes plugged this year.
• Download and manually install the KB 4093108 Security-only patch.
• Use Windows Update to install all of the checked April patches, including the KB 4093118 Monthly Rollup.

If you take either of the last two approaches, make a backup first. There are loads of known bugs with this month’s patches.

Alternatively, you could install KB 4100480, which fixes the Total Meltdown bug, but introduces all sorts of problems, per MrBrian and Susan Bradley.

Welcome to the cesspool that has become Windows 7.

UPDATE: XPN has published a new version of his exploit.

Thx @GossiTheDog.

Remember the infected version of CCleaner? 2.27 million downloads, but only 40 got the royal treatment

If you remember the widely-publicized CCleaner attack, you may be surprised to discover that of the 2.27 million infected downloads, the attackers only gave the full treatment to 40 machines. Says Lily Hay Newman at Wired:

The hackers were apparently launching a targeted attack, looking for a few needles in the massive haystack of 2.27 million “successful” malicious downloads. Of those, about 1.65 million copies of the CCleaner malware phoned home to the attackers, and they only targeted 40 with a second stage of the attack: installing ShadowPad. All of these were technology and IT enterprise targets (most CCleaner users are individuals and home users), and the attackers were able to infiltrate 11 companies through the 40 installs they picked out.

Fascinating story.

Patch Lady – finally got an HP Envy 8 Note 5000 upgraded

180whenever may not be released yet, but I FINALLY got a 32gig HP Envy 8 Note 5000 upgraded to 1709.

I had to:

1. Temp disable Windows update services and delete the entire c:\Windows\Software distribution folder to carve out enough room on the C drive.  Don’t worry you can nuke that folder and re-enabling Windows update will recreate the folder structure.
2. I had to use the Windows media site to download the ISO and transfer it to a MicroSD card.  Note I did this on my beefier Surface that has a SD slot. Once I downloaded the ISO I then moved the SD card from my Surface over to the HP Envy.  I then double clicked on the ISO where Windows 10 mounted it as a usable CD drive.  I then clicked on setup.  It ran the setup, I selected to keep the data.
3. Between nuking the Software distribution folder and going into the system to tell it to move all file save locations to the MicroSD, it now saw that it had enough room to install.  I started it about 9 a.m this morning and it finished at 11 a.m.

I’m now running the disk clean up as I only have 2 gigs free on the C after the install.

Interestingly enough not all MicroSD’s are created equal as the SD card I purchased a while back for my Surface worked like a champ but the recent one we purchased for this HP Envy at the start of this project kept unmounting indicating it had an error.  I’ll be going back and getting another of the MicroSD cards that obviously worked perfectly.

The process – while do-able – is an advanced technique, not for the faint of heart and required one to purchase additional equipment.

I go back to my request to Microsoft:

All devices sold with Windows 10 should be in a condition that can complete the upgrade between feature releases with the resources they have at hand when they are shipped from the manufacturer.

No devices sold with Windows 10 should EVER be in a condition that it demands expert pruning of windows folders in order to install a feature release. 

No device sold with Windows 10 should EVER be in a condition that demands additional storage space with nothing but the operating system installed on the 32gig hard drive in order to complete a “Windows as a service” process.

Has the “real” Win10 version 1803 just been pushed?

I like Mary Jo’s acronym, RTM = Release to Muggles.

Source: Wikimedia

Microsoft just released build 17134 to the Release Preview Ring of Dante’s…. well, whatever.

That’s usually a sure indication that it’s very close to RTM, er, full release. (Except, admittedly, it didn’t happen with 17133.)

Don’t be too surprised if you wake up Monday morning to a Windows blog post announcing the latest, greatest version of the last version of Windows. Don’t know what they’ll call it, but I’m still hoping for “Win10 Terry Myerson Swansong version 1803.”

How to change your Win10 Network Profile from Public to Private

Good question from SC:

Hi Woody,

After being upgraded to Version 1709, Build 16299.309, I can no longer find my “Network Profile” where I can change from Public to Private.

Any idea where it might be or what happened?

By the way, AskWoody.com is working great.

I’ve been wondering that, too. I found the definitive answer on the MS Answers Forum, from a poster named TotallyInformation:

Up until Creators Update, you could change it from either Start > Settings > Network & Internet > Wi-Fi > Advanced Options or Start > Settings > Network & Internet > Ethernet with the setting “Make this PC discoverable”.

However, it would appear that by some miracle of bonkers thinking from with Microsoft, there is no way to change this at all now from settings!

To change it now, you either have to delete the network profile and let it recreate – make sure you choose the right setting! Or you can use PowerShell:

Get-NetConnectionProfile

Which lists the profiles and from which you need to find the index number

Set-NetConnectionProfile -InterfaceIndex 1 -NetworkCategory Private

Where 1 is the index number of the profile to change so may be something other than 1

Hats off to TotallyInformation!

UPDATE: There is a way to do it, in an obscure corner of the Settings app. See the comments for details. Thanks, @mcbsys!