Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Update: No, Virginia, there are no Meltdown/Spectre exploits in the wild

    Posted on February 1st, 2018 at 14:33 woody Comment on the AskWoody Lounge

    A reassuring tweet from Kevin Beaumont.

    The AV-Test red line graph shows that, yes, there are more and more samples being submitted to AV-Test — but, according to people who know these things, none of them are in the wild. They’re “Proof of Concept” test samples.

    UPDATE: And AV-Test responds:

  • Microsoft extends end of support for the Enterprise and Education versions of Win10 1607, 1703, 1709

    Posted on February 1st, 2018 at 14:21 woody Comment on the AskWoody Lounge

    If you’re using the Enterprise or Education version of Windows 10 (hint: If you aren’t sure, you aren’t), Microsoft just gave you a stay of execution by six months.

    It’s the same thing Microsoft did to Win10 1511 back in mid-November.

    You know the rule-of-thumb that Microsoft will release a new version of Win10 every six months, and that each new version will be serviced (in particular, will receive¬† security patches) for 18 months? Yeah, now that’s only true for those of you who pay for Windows — Win10 Home and Win10 Pro.

    Effective today, Microsoft is extending the support horizon for all Win10 Enterprise and Education versions by an additional six months.

    Mary Jo Foley has full details on ZDNet.

    Here’s the new support matrix:

    Version Released End of service Days
    Home/Pro Ent/ Ed
    Win10 1709 17-Oct-17 9-Apr-19 8-Oct-19 721
    Win10 1703 5-Apr-17 9-Oct-18 9-Apr-19 734
    Win10 1607 2-Aug-16 10-Apr-18 9-Oct-18 798
    Win10 1511 10-Nov-15 10-Oct-17 10-Apr-18 882
    Win10 1507 9-Jul-15 9-May-17 670
  • New Flash zero-day

    Posted on February 1st, 2018 at 13:54 woody Comment on the AskWoody Lounge

    Catalin Cimpanu at BleepingComputer has a worrisome post. Apparently the South Korean version of CERT, KR-CERT, has found a Flash 0day that’s in the wild.

    The sample given is a malicious SWF file — a plain-vanilla Flash file — in a Word document.

    Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.

    Do you need to be worried about it? Apparently not, unless you’re a South Korean researching North Korea. Still, Flash 0days have a nasty habit of proliferating rapidly.

    Folks, turn off Flash. Paul Wagenseil at Tom’s Guide has an in-depth step-by-step analysis of how to turn off Flash.

    If you absolutely must use Flash on a specific site, first write to the site’s owners and complain loudly. Then, figure out which browser you want to use with Flash (I’ve picked Chrome) and only use that browser to go to the bad site.

    Flash is dead, folks. Give it a decent burial.

  • We’re back

    Posted on February 1st, 2018 at 07:27 woody Comment on the AskWoody Lounge

    Looks like the devs have us back up and running. The fallout from the October/November crashes has been addressed – and I hope upon hope that it’s been fixed. We’re back to where we were last November.

    If this works, and the site doesn’t go crumbling to its knees again, we’re going for another round of improvements. But first, let’s make sure we’re on solid ground.

  • KBNew updated

    Posted on February 1st, 2018 at 05:38 woody Comment on the AskWoody Lounge

    I just updated the list of new KB numbers, finishing off January, and starting February. January hit 1,542 entries.

    Just wondering… do any of you look at Dynamics CRM entries? If not, I may be able to shorten the lists a bit.

    Thanks most of all to @MrBrian, whose engine is chugging away marvelously.