News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 3: Get patched, but watch out for Outlook

    Posted on July 2nd, 2017 at 23:05 woody Comment on the AskWoody Lounge

    With the first non-security Office patches due out on Tuesday, July 4, we’re kinda backed up against a wall.

    The simple problem: Some of the patches dribbled out in June still don’t work right. For example, the June 27 patch for Outlook 2010, KB 3015545, was pulled a few days ago because it crashes 32-bit Outlook.

    The original download package for the 32-bit version was removed from the Download Center after a problem was discovered that could cause Outlook to crash when you preview messages that have attachments. If you already downloaded and installed the 32-bit update, we recommend that you remove it until a new version is available.

    A new update for 32-bit Outlook 2010 is under development and will be posted in this article when it becomes available.

    According to the official bug-tracking list at Outlook known issues in the June 2017 security updates, we also have these problems:

    There is no Outlook 2007 fix for Issue #1, the “program is not installed” and/or “unsafe attachments” error when opening an attachment. In addition, the 32-bit Outlook 2010 fix has been pulled because it, you know, crashes Outlook.

    There is no Outlook 2007 fix for Issue #2, the “untrustworthy source” bug. Same comment about 32-bit Outlook 2010.

    Issue #4 (VBScript doesn’t run on custom Outlook forms) has not been fixed for any version of Outlook.

    Issue #5 (iCloud doesn’t work with Outlook) hasn’t been fixed for Outlook 2007. For other versions of Outlook, you need to uninstall and reinstall iCloud.

    Issue #7 (iframe part of a web page doesn’t print) has been fixed by various Windows patches.

    That’s the kind of garbage we’re facing at the moment. As many of you know, I’ve never been a fan of Microsoft’s patching. This month marks (yet another) new low in patch quality. Believe me, that’s saying something.

    Over on the Win10 side of the patching puddle, in addition to the iSCSI problems I reported last week, we have a new, officially acknowledged, bug:

    After you install this update, Internet Explorer 11 may close unexpectedly when you visit some websites. When the problem occurs, you may receive an error message that resembles the following:

    We were unable to return you to [previous URL].
    Internet Explorer has stopped trying to restore this website. It appears the website continues to have a problem.
    The problem may occur if the website is complex and uses certain web API’s.

    Microsoft is researching this problem and will update this article when more information becomes available.

    The solution, of course, is to avoid Internet Explorer, but I’ve been saying that for more than a decade.

    If you’re having trouble printing iframes from inside web pages, using IE, I recommend the same solution – ditch IE. But if you insist on using IE, and want to be able to print inside iframes, you have to install one of the recent Windows patches.,

    Anyway, it’s time to strap on your hip waders and get patched. Here are my latest recommendations. Remember you have three basic choices for Win7 and 8.1:

    • Group A – installation of Monthly Rollups via a manual run of Windows Update
    • Group B – manual installation of specific Security-Only patches
    • Group W – folks who sat on the bench and didn’t patch at all.

    In this post-Shadow-Brokers era, where Microsoft is screwing up patches by the bushelfull and compounding bugs in security patches (which is to say, patches for security bugs appear in non-security patches), I figure you only have a few choices:

    Win7/8.1 Group W — R.I.P.

    With Shadow Brokers guaranteeing that major Windows vulnerabilities are coming every month, Group W is just plain dangerous. It’s not an option. Sorry.

    Win7/8.1 Group B — Only for experts with a high tolerance for pain

    Group B, which is based on Microsoft’s commitment to deliver Security-only updates every month, has gone from relatively simple to very complex. Officially, Internet Explorer patches have been broken off from the main download. There’s all sorts of confusion about .NET patches — which are Security-only, which Rollups? We’ve seen security patches released outside the monthly Security-only stream. There have been bugs in Security-only patches that were fixed outside of the Security-only stream. There’s a host of problems documented in this Topic.

    Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.

    If you want to pursue Group B, in spite of the warnings, look at PKCano’s AKB 2000003.

    Win7/8.1 Group A – Go ahead and patch, but understand the consequences

    Microsoft is still blocking updates to Win 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s a year old, or newer, follow the instructions in AKB 2000004 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.

    If you want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping) before you install any patches. (Thx @MrBrian).

    For those of you interested in the nuances, @ch100 has a good synopsis here and a follow-up here.

    For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Watch out for driver updates — you’re far better off getting them from the manufacturer’s web site.

    Microsoft also has huge Monthly Rollup Preview, KB 4022720 for Win 8.1, and a smaller KB 4022168 for Win7. As usual, I don’t recommend that you install the Previews. You’ll be able to pick up the patches when they roll out for real later in July.

    After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Win7 and 8.1 machines.

    Windows 10

    It’s still too early to jump to Win10 Creators Update, version 1703. Wait for it to be designated “Current Branch for Business.” You can block the upgrade with a few simple steps, detailed in this Computerworld post.

    To get Win10 patched, run the steps in AKB 2000005: How to update Windows 10 – safely. You may want to use wushowhide to hide any driver updates. All of the other updates should be OK, including Servicing stack updates, Office, MSRT, or .Net updates (go ahead and use the Monthly Rollup if it’s offered).

    One more Win10 oddity this month: If you’re using the Creators Update, version 1703, and run Windows Update, you’ll get the massive June 27 non-security patch, KB 4022716, bringing you to build 15063.447. There are analogous patches for the earlier versions of Win 10, but they won’t be installed during a Windows Update run. You can search for the patches for Win10 Anniversary Update (version 1607), or Win10 Fall Update (version 1511), and install them manually, if you really want to, fur I don’t see any pressing reason to do so. Wait for the other guinea pigs, eh?

    The only major bugs I see at this point are Internet Explorer-related — and for those of you afflicted I say, hey, you shouldn’t be using IE anyway. The rest of the world has switched to Chrome or Firefox. (Netmarketshare pegs desktop usage share at 60% Chrome, 17% IE, 12% Firefox and 6% Edge.) Get with the program and kick the Microsoft browser habit.

    Office updates

    There’s a post from Pim saying that, as of very early Monday morning:

    This morning Outlook 2010 June 2017 update KB3203467 was (still) offered as an important update on my Windows 7 system, but unticked. It is not retired.

    As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED.

    .NET updates

    As of late Sunday night, @ch100 advises:

    .NET Framework Preview patches released in May 2017 (latest for all versions other than 4.7) have been pulled due to conflict with the .NET Framework 4.7 installer.

    Again, don’t check anything that’s unchecked.

    I sincerely apologize for all the if’s and’s and but’s in this month’s go-ahead. If it’s any consolation, just about everybody at Microsoft is off for a four-day weekend, so things aren’t likely to get any worse.

    Time to get patched. Tell your friends, but make sure they understand what’s happening. An for heaven’t sake, as soon as you’re patched, turn off automatic updating! I see no reason at all to believe that the July patches will be any better than the June crop.