AskWoody

June 2020 patch overview: Three different ways MS is fixing its bugs this month

June was a very strange month for Windows patching:

• A traditionally botched patch with a manual-download-only Out of Band fix
• A botched Windows patch that knocked out Outlook Click-to-Run, fixed by a fix for Outlook
• A couple of patches distributed via the Windows Store

But at least Microsoft figures Win10 version 2004 is ready for Surface computers.

Many details coming in Computerworld Woody on Windows.

UPDATE: The KB article was updated last night with answers to several of the questions posed in the article. Highlights:

• Only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.
• These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store.
• You can check the version of the installed package. For example, click on Settings, Apps & Features and slect HEVC, Advanced Options. You will see the version there. The secure versions are 1.0.31822.0, 1.0.31823.0 and later.

Microsoft removes Windows 10 2004 block for Surface devices

Per the erstwhile Mary jo Foley, Microsoft has removed the compatibility block for Windows 10 2004. If you have one of these devices you may see the upgrade offered to you in the next several days. If you don’t wish to upgrade take precautions now.

See Microsoft removes the Windows 10 2004 block on Surface devices for more details on the block and what fixed it.

Win10 codec security hole

This one’s more interesting than the typical Windows zero-day.

MS just published a Security Update for CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability:

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

(It looks like the bad codec is a piece of Windows that decompresses a video file.)

It’s listed as not exploited, not yet disclosed. So it’s a real security hole, but it hasn’t been exploited yet – so it isn’t a zero-day.

Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.

Nothing to see here, folks.

Windows Insiders (beta testers): You’re being moved to the new, new channels soon

If you haven’t been moved already.

Amanda Langkowski posted yesterday:

Update 6/29: Today, we have begun rolling out the Channels naming to the Windows Insider Program Settings page under Settings > Update & Security > Windows Insider Program. The rollout will happen over the course of the next few days.

I talked about the truly baffling re-naming effort back on June 18.

A Win10 guide for Windows Update settings

PATCHING

By @PKCano

For most PC users, the basic task of keeping Windows up to date involves a bewildering pantheon of terms.

To make the process of patching Windows and Office a bit easier, here’s a simple summary of Microsoft’s updating system. This article isn’t aimed at business users who have the support of IT departments. It’s dedicated to consumers and small-business owners who strive to keep their machines safe from malware, operating-system flaws, and other threats. The descriptions below apply to Windows 10 Versions 1903 and 1909. I’m still looking at the updating-process changes in the new Win10 2004.

Read the full story in AskWoody Plus Newsletter 17.25.0 (2020-06-29).

Freeware Spotlight — ScreenToGif

BEST UTILITIES

By Deanna McElveen

Usually, when an app becomes one of my favorites, I just assume everyone else knows about it.

So there I was, working with Nicke Manarin’s ScreenToGif utility on a simple task: creating instructions for a client on how to change Windows from double-click to single-click. And then it hit me: this handy-but-relatively-unknown app is … article material!

Read the full story in AskWoody Plus Newsletter 17.25.0 (2020-06-29).

June updates crash printing

PATCH WATCH

By Susan Bradley

In a normal monthly Windows and Office patching cycle, I almost never roll out any optional updates that Microsoft releases between Patch Tuesdays.

It’s hard to say what’s “normal” with Windows updating, but June is atypical even by the usual patching tribulations.

Soon after the Patch Tuesday security updates dropped (on June 9), there were reports of printing failures. The problem hit close to home; after patching my systems, I could no longer print to any of my large multifunction Ricoh printers — a huge problem for my business. As a quick workaround, I updated the printer drivers from PCL5 to PCL6.

Subsequently, Microsoft posted optional fixes on the MS Update Catalog for Windows 10, Win8.1, and Server 2012.

Read the full story in AskWoody Plus Newsletter 17.25.0 (2020-06-29).

Eight ways to grow email lists for small businesses

SMALL BUSINESS

By Nathan Segal

According to Maria Veloso, author of Web Copy That Sells, most small companies tend to put too much focus on one-time sales, even if they don’t intend to.

Which could mean leaving lots of repeat business on the table.

Staying in contact with clients and customers is an important tool for small firms with limited marketing funds and resources. Subscription-based email lists are a relatively easy way to stay in touch. Regular, well-crafted messages remind customers that you have new products and services they might like to know about.

Read the full story in AskWoody Plus Newsletter 17.25.0 (2020-06-29).