Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Heads up: New cumulative update KB 4463376 for Internet Explorer on Win7, 8.1

    Posted on September 14th, 2018 at 14:32 woody Comment on the AskWoody Lounge

    Another one of those leisurely Friday afternoon news dumps. Or maybe it was morning in Redmond.

    Anyway, Win7 and 8.1 just got KB 4463376 Cumulative update for Internet Explorer: September 14, 2018.

    This cumulative update includes improvements and fixes for Internet Explorer 11 running on Windows 7 or Windows 8.1, and resolves the following issue:

    Internet Explorer performance is decreased when you use roaming profiles or you don’t use the Microsoft Compatibility List.

    If you want it, you have to download it and install manually. There are eight different flavors (for eight different versions of Windows) on the Microsoft Update Catalog.

    Thx @abbodi86

     

  • How to remove the built-in version of Flash in Win10 and 8.1

    Posted on September 14th, 2018 at 12:13 woody Comment on the AskWoody Lounge

    An interesting contribution from @ch100:

    Warning!!! Only for advanced users and for those accepting a certain degree of risk if they don’t understand the procedure and don’t follow correctly.

    Optional first step

    Disable Adobe Flash in Internet Explorer and Edge. This is not mandatory, but would make the clean procedure below even cleaner, although it has only cosmetic relevance.

    Main procedure

    Step 1. Log into Windows with an administrator account

    Step 2. Verify your version of the Flash components.

    Under C:\Windows\servicing\Packages, check for

    Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-WOW64-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~<version number>

    The version number for Adobe Flash packages on Windows 10 1803 is 10.0.17134.1. It’s different on other versions of Windows 10.

    There are additional packages referring to Language Packs installed on the system, but we are not concerned with them now, as they will be removed at the same time with the main packages.

    Do nothing with those language packages (e.g. those flagged as en-us or other variations), but monitor for them to disappear from the folder when the uninstall is complete.

    The screenshots below are from Windows 10 1803, but the procedure is relevant for all Windows 10 (and for Windows 8.1, although not tested).

    Step 3. Type regedit in the search box and start the Registry Editor.

    Step 4. Give your machine full control over the requisite keys.

    Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages

    Right click on each of:

    Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-WOW64-Package~31bf3856ad364e35~amd64~~<version number>

    For each of those keys:

    4a. Right-click on the key name and choose Permissions. Give Administrators Full Control (screenshot) and click OK.

    4b. Back in the main Regedit screen, on the right, change the Visibility value from 2 to 1.

    4c. Still on the main Regedit screen, delete the subkey call Owners.

    See the before and after shots for Steps 4b and 4c.

    Before

    After

    Step 5. Open a command prompt, Run As Administrator

    dism /online /remove-package /packagename:Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.17134.1

    dism /online /remove-package /packagename:Adobe-Flash-For-Windows-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1

    dism /online /remove-package /packagename:Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~10.0.17134.1

    Step 6. You’re done. No more Adobe Flash in registry and under the Packages folder. Everything is also gone from:

    C:\Windows\System32\Macromed

    C:\Windows\SysWOW64\Macromed

    All that’s left is any copy of Adobe Flash that you’ve installed manually, most frequently as a plugin for Firefox. Manually installed Adobe Flash can be uninstalled as per normal procedure, from Programs and Features.

  • Yes, we’re still at MS-DEFCON 2 – No need to install any September updates

    Posted on September 14th, 2018 at 08:10 woody Comment on the AskWoody Lounge

    Yes, I read the email you probably read this morning. No, I don’t see any reason to recommend that most people update their machines — not yet.

    Here are the two reasons given for rushing to install the September patches:

    CVE-2018-8440 – Windows ALPC Elevation of Privilege Vulnerability – included in all of this month’s Windows patches

    This is the zero-day exploit for Task Scheduler revealed on Twitter by @SandboxEscaper, who kindly provided links to working exploit code. Nice guy. Er, gal. Kevin Beaumont has a good overview here.

    Should you be rushing out to install all of this month’s Windows patches because of ALPC? I don’t think so. First, it’s a privilege execution exploit — in plain English, that means it’s only usable if a miscreant already has access to your computer. Second, the initial round of infections were, according to Ionut Ilascu at Bleepingcomputer:

    a small number of victims in the following countries: Chile, Germany, India, the Philippines, Poland, Russia, the United Kingdom, the United States, and Ukraine.

    Yes, you’ll need to patch it eventually. Right now, it’s not a huge threat.

    CVE-2018-8475 – Windows Remote Code Execution Vulnerability

    This one’s a more immediate challenge. Microsoft doesn’t give any details that I can find, but apparently somebody could take over your computer if you view an image. What isn’t clear is whether the image can take over if it’s viewed through a browser and, if so, which ones. That’s a browse-and-own security hole and that makes it a biggie. But.

    Microsoft’s security advisory says specifically:

    To exploit the vulnerability, an attacker would have to convince a user to download an image file.

    which doesn’t sound like browse-and-own to me.

    Dustin Childs, one of my favorite analysts, goes on to say:

    Microsoft provides no information on where this is public

    Microsoft lists the security hole as “Disclosed” but not “Exploited.” Symantec hasn’t found any exploits.

    That leads me to believe that it isn’t likely to be widespread in the near term. Again, yes, you’ll have to patch eventually.

    There are also security problems with Hyper-V (“a user on a guest virtual machine could execute code on the underlying hypervisor OS” per Childs), but that probably doesn’t matter much to you.

    Looking at the rest of the crop, I don’t see any overwhelming reason to get patched immediately.

    Given the current precarious state of this month’s patches — Intuit still doesn’t have a fix (update: it wasn’t the patches’ fault), there’s an unexplained dropped patch, Win7 is still kicking out error 0x8000FFF, Win10 1803 can get doubly-patched or not patched at all — there’s plenty of reason to stand pat. And the patches have only been in circulation for three days.

    Are exploits “likely?” Sure, some day. But not now. Patience, grasshopper.

    Susan Bradley’s newly updated Master Patch List recommends that you wait, as well.

  • Microsoft re-releases Intel microcode patches for all versions of Win10

    Posted on September 14th, 2018 at 07:16 woody Comment on the AskWoody Lounge

    Last night, Microsoft released these new Intel microcode patches:

    KB 4100347 for Win10 1803
    KB 4090007 for Win10 1709
    KB 4091663 for Win10 1703
    KB 4091664 for Win10 1607
    KB 4091666 for Win10 1507

    And there’s an official Summary of Intel microcode updates. You can stop yawning now.

    The updates seem to be directed at Spectre 2. Remember, we’re looking at Spectre Vn where n = 1, 2, 3, 3a, 4, and the Spectre NG series where n = 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7 and 1.8. If I read the tea leaves correctly.

    Of course, Spectre (and Meltdown) don’t exist in the wild. Many people feel that the chances of them ever appearing are very slim because it’d take a whole lot of work to get them going and parse the incoming data.

    Those of you who run servers with multiple users and sensitive data might be concerned. The rest of us… Meh.

    UPDATE: Günter Born has a great exploration of the patches, WSUS, and a Microsoft bot on his Born City blog.