Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Reported error 0x8000FFFF with the Win7 Monthly Rollup KB 4457144

    Posted on September 11th, 2018 at 14:44 woody Comment on the AskWoody Lounge

    Reputable report. Anybody else seeing it?

    No discernible pattern just yet.

  • September Windows/Office security patches

    Posted on September 11th, 2018 at 12:29 woody Comment on the AskWoody Lounge

    Martin Brinkmann has his usual comprehensive (and fast!) list on ghacks.net. Summary:

    Operating System Distribution

    • Windows 7: 18 vulnerabilities of which 3 are critical and 15 are important.
    • Windows 8.1: 22 vulnerabilities of which 4 are critical and 18 are important.
    • Windows 10 version 1703: 25 vulnerabilities of which 5 are critical and 18 are important. (extra critical is CVE-2018-0965)
    • Windows 10 version 1709: 24 vulnerabilities of which 4 are critical and 20 are important.
    • Windows 10 version 1803: 29 vulnerabilities of which 5 are critical and 24 are important. (extra critical is CVE-2018-0965)

    Windows Server products

    • Windows Server 2008 R2: 18 vulnerabilities of which 3 are critical and 15 are important.
    • Windows Server 2012 R2: 22 vulnerabilities of which 4 are critical and 18 are important.
    • Windows Server 2016: 25 vulnerabilities of which 5 are critical and 20 are important.

    Other Microsoft Products

    • Internet Explorer 11: 6 vulnerabilities, 3 critical, 3 important
    • Microsoft Edge: 13 vulnerabilities, 7 critical, 6 important

    I see 127 individual patches in the Microsoft Update Catalog.

    47 entries in the Security Updates Summary.

    Office 365 has a new Click to Run version. For those of you with installed (“MSI”) versions of Office, there’s a long list of new patches which includes 2010, 2013, 2016, Office viewers and Share Point Servers. (Thx @PKCano.)

    Official Release notes include two new advisories.

    There’s a servicing stack update for Win10 1803. If you install updates through Windows Update, that doesn’t matter — but if you are manually downloading and installing 1803 updates, be sure to snag KB 4456655 first.

    UPDATE: The SANS Internet Storm Center list is up.

  • Microsoft security servicing criteria

    Posted on September 11th, 2018 at 11:03 woody Comment on the AskWoody Lounge

    There’s some good info buried in here. Microsoft Security Servicing Criteria for Windows.

    One of our goals in the Microsoft Security Response Center (MSRC) is to be more transparent with security researchers and our customers on the criteria we use for determining when we intend to address a reported vulnerability through a security update. Our belief is that improving transparency on this topic helps provide clarity on how we assess risk, sets expectations for the types of vulnerabilities that we intend to service, and facilitates constructive dialogue as the threat landscape evolves over time. Ultimately, we believe this enables us all to work together to better protect Microsoft’s customers.

    There are links to two supporting documents, a lengthy report on how Microsoft identifies security problems (it’s by no means trivial), and how Microsoft assigns severity levels (“Critical,” “Important,” “Moderate,” “Low”) to a specific vulnerability. For example, in order for a security hole to rate a “Critical” rating for a regular ol’ Windows machine (not a server) it must meet this criteria:

    Network Worms, or unavoidable common browsing/use scenarios where client is compromised without warnings or prompts.

    • Elevation of Privilege (Remote) – The ability to either execute arbitrary code OR obtain more privilege than intended. Examples:

    o Unauthorized File System Access – Writing to file system

    o Execution of Arbitrary code – without extensive user action

    o Exploitable memory corruption issues in remotely callable code (without extensive user action)

    • Guest virtual machine

    o In a virtualized environment, a vulnerability allows the guest VM to cause arbitrary code execution in the host
    machine, effectively defeating the virtual machine boundary.

    The structure of the explanation leaves much to be desired, but the underlying intent seems sound to me.

    What would you add? (Or remove?)