News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    Posted on May 15th, 2018 at 09:45 woody Comment on the AskWoody Lounge

    This isn’t an endorsement.

    If you read my summary of this month’s patches, you’ll recall that there’s one potentially important patch:

    Microsoft released an explanation for the one “critical” Windows patch this month that is being actively exploited — a zero-day. Called CVE-2018-8174, the security hole involves the way Internet Explorer (mis)handles VBScript programs.

    That’s the one big security hole staring at us so far this month. I still haven’t heard of any exploits other than the ones identified by Kaspersky and Qihoo 360 (remember – they involved PDF files in Yiddish/Hebrew sent to Chinese organizations), but it’s still a potential problem.

    And then Microsoft screwed up the Windows 7 patches this month, breaking networks on some Win7 systems.

    Given the current state of affairs, you can either fix the VBScript 0day and possibly break your network card in the process, or you can avoid the update entirely until Microsoft finally fixes it. Whenever that may be.

    I was surprised to discover that 0patch, a well regarded patching platform from ACROS Security, now has a free patch available that plugs the 0day hole by simply, well, plugging the 0day hole. What a novel idea. Microsoft should do that… he says, tongue planted firmly in cheek.

    I’m NOT recommending that you run out and install the 0patch patch. It always gives me the willies when I see a non-Microsoft product offered to fix a Microsoft bug. But in this case, if you read the description, the analyst there who wrote the patch (Mitja Kolsek) knows what he’s doing.

    So rather than recommend that patch, I’m putting out a feeler to see if any of you have installed this patch — or if you have experience with other 0patch patches.

    Whaddya think?

  • How and where to find ISOs for old versions of Windows 10

    Posted on May 15th, 2018 at 06:17 woody Comment on the AskWoody Lounge

    You’ll find lots of torrents and pirate download sites, but I still strongly recommend against using them (yes, even if you check the hashes).

    Instead, read this article by Ed Tittel and Kari Paajolahti. They look at downloading through the UUP Dump MiniServer and (an old friend). They both offer links into Microsoft’s own copies of the old ISOs.

    That’s the way to go.