Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – a little paranoia goes a long way

    Posted on April 5th, 2018 at 15:07 Susan Bradley Comment on the AskWoody Lounge

    While I’m a user of Facebook, the recent data leakages and sharing of data concerns me.  Thus we’re starting to see more transparency in what went wrong with the recent “data breach”…and I am using that “data breach” in quotes given that Facebook authorized the sharing of data due to how it interacts with it’s advertising partners.

    I have spotted a few links and pages that addresses these issues and I’ll urge you to go check your profile settings, and especially if you’ve been impacted.

    For example you can check if you liked any posts created by the Internet Research Agency and posted to Facebook.

    Update:  Check to see if Cambridge got your data here:

    While there, review your “ad settings”  .  I was amazed by some of the “ads” I supposedly liked and yet had no knowledge of.

    As always, a good dose of paranoia is always helpful.  I have several rules of the Internet.

    Rule 1:  If the site is free, you are the product.  Think about that often when you use a side that is “free” and act accordingly.

    Rule 2:  If you appreciate the site, make sure you are giving back to the site either in the form of traffic to the site, or in donating to the site (yes, that’s a blatant plug for donating to Askwoody.com)

    Rule 3:  Question the headline and where something is coming from shared to you on the Internet.  There are many places on the web to check out the validity of something shared on the web.  Snopes.com is one of the main sites, but in general if something sounds too good to be true, or is making a claim that makes you go “uh…hang on”, don’t play into the fake news frenzy going on and especially if you see something false, point out the false fact to others.  Yes, turn into one of those slightly annoying people that point out fake posts.  We will all be better for it.

    Rule 4:  Use tools like www.virustotal.com to check out anything that just doesn’t feel right.  Soooo many times I see email spoofing come in and man are the attackers getting really good at pretending to be sent from a reputable site.  I also like https://www.reverse.it/ which showcases what the malicious site would do on a sample pc.

    Rule 5:  Stay aware of the latest trend.  I am a fan of several sites to keep me aware of trending security issues.  Sites like:

    That’s just a sample of some of the ones I consider good sources of solid security information.

    Rule 6:  This one is harder for consumers, a little easier for businesses.  See if you can turn on any anti-phishing solutions for your email.  Email is one of the TOP ways that malware, ransomware and phishes come in to attack you.  For businesses look to turn on some sort of “pre-filtering” service that runs links though a web filtering service first.  As a recipient of emails sent from someone using that service, you’ll notice that the links embedded in their email messages have an alias that goes through another URL first.  It looks especially phishy, but in reality it’s a protection device.  Office 365 has such an offering that {supposedly} can be added to any Office 365 plan.  Now my question is…. is this offered in the godaddy offerings as that’s my benchmark for testing to see how widespread security and paranoia settings are.  More on that as I confirm if that Office advanced email protection can be added to *any* Office 365 offering.

  • MS jiggles — but doesn’t fix — buggy Win7 patches KB 4088875, KB 4088878

    Posted on April 5th, 2018 at 07:57 woody Comment on the AskWoody Lounge

    A big shake-up last night re-arranged the way the buggy March Win7 patches install and clean up after themselves and adds to the lengthy list of known bugs. The key looming bug — “Total Meltdown” — remains a patching enigma: Dammed if ya do, dammed if ya don’t.

    Computerworld Woody on Windows.

  • New versions of buggy March Win7 patches are out

    Posted on April 5th, 2018 at 02:53 woody Comment on the AskWoody Lounge

    I have no idea what changed, but Günter Born reports (and a check of the Update Catalog confirms) that there are new versions of:

    KB 4088875 – Win7 March Monthly Rollup (dated, in the Update Catalog, as April 4)

    KB 4088878 – Win7 March Security-only patch (also April 4)

    KB 4088881 – Preview of the Win7 April Monthly Rollup (also April 4)

    KB 4090450 – Spectre V2 patch for Server 2008 (dated April 3)

    Looking at the KBNew page, I also see new versions of:

    KB 4099950 – the hotfix patch for bugs in the March Win7 patches (now dated April 4) – I talked about this fix of a fix of a … earlier this week in Computerworld.

    KB 4088879 – the Win8.1 Security-only patch (still dated March 10)

    And, as noted in several places on AskWoody, there’s a new version of the old favorite KB 2952664 — the patch that so helpfully makes it easier to upgrade Win7 to Win10 — and its Win8.1 cohort, KB 2976978.

    Born identifies new notes in the KB articles for the Win7 Monthly Rollup and the Preview Monthly Rollup that say:

    Important Please apply KB4100480 immediately after applying this update. KB4100480 resolves vulnerability in the Windows kernel for the 64-bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038 .

    You may recall that KB 4100480 is the “OMG” patch issued by MS when they figured that all of this year’s Win7 patches opened a huge “Total Meltdown” security hole in Win7.

    In addition, the description of the KB 4088875 Monthly Rollup patch and the KB 4088878 Security-only patch now advise:

    After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:

    SESSION_HAS_VALID_POOL_ON_EXIT (ab)

    The solution on offer is KB 4099467, which is a single-shot hotfix for Win7 designed specifically to fix this bluescreen.

    How about them apples….

    Can any of you shed light on the reasons for the changes — in particular, do they fix any of the gazillion security holes in last month’s patches? If so, care to speculate on why Microsoft just slipped this stuff out without any announcement?

    And… when will it be safe to get back in the Win7 patching water?