Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of paranoia – day 9

    Posted on October 9th, 2018 at 23:22 Susan Bradley Comment on the AskWoody Lounge

    Patch lady here – and today’s paranoia topic is one that I’m sure ALL of you have seen.  You go to a web site.  You search for something.  You then go to another page and the very thing you were looking for is now in the advertisements in the facebook feed, the side banners, just about everything you look at.   All due to tracking, beacons, cookies and all of the things that web sites use to keep track of you.

    Just out today is something that is interesting, frightening, sad, and empowering all in one.  And for those of us in the United States, a bit timely.

    Firefox and ProPublica are bundling a browser that has specific extensions specifically to monitor election ad tracking as well as provide a database of what ads are targeting us.  Just the other day my Dad said that if every politician did what their opponent said they did, we shouldn’t vote either one into office.  But nevertheless, someone needs to represent us and rather than not voting at all, it’s time to make your voice heard.

    The ProPublica extension specifically tracks what ads end up in your Facebook stream and what they are targeting.

    What the Extension Does

    The extension places a content script on every Facebook page you visit. That script scans for ads, which it then stores on your computer. These ads are also sent to ProPublica to support research and journalism

    But Susan, (you say) in the month of paranoia you want to SEND information to a journalism site?  For this purpose I do.  I’m convinced that foreign countries did (and still do) use targeted facebook and targeted twitter bots to enhance and influence opinions in other countries.

    If you don’t do social media, wonderful, this paranoia isn’t for you.  But if you do… it might just be an interesting experiment to undertake in the month left before the elections.

    Even if you don’t think this is an interesting idea, may I strongly urge you to ensure you are signed up to vote.  For some states, the deadline was today.

    I don’t want to make this post political in any way, I just want to urge you to vote, period.  It’s time we all keep a bit more eye on things.

     

  • Once more unto the breach: Win10 1809 starts rolling out again

    Posted on October 9th, 2018 at 17:23 woody Comment on the AskWoody Lounge

    It’s official. Microsoft has started rolling out Win10 version 1809 today, but only to those in the Windows Insider program’s Slow and Release Preview rings. (Folks in the Insider Program’s Fast ring are already on RS6 — the next “19H1” version of Win10.) Here’s the official announcement:

    Last week we paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as we investigated isolated reports of users missing files after updating. Given the serious nature of any data loss, we took the added precaution of pulling all 1809 media across all channels, including Windows Server 2019 and IoT equivalents. We intentionally start each feature update rollout slowly, closely monitoring feedback before offering the update more broadly. In this case the update was only available to those who manually clicked on “check for updates” in Windows settings. At just two days into the rollout when we paused, the number of customers taking the October 2018 Update was limited. While the reports of actual data loss are few (one one-hundredth of one percent of version 1809 installs), any data loss is serious.

    So I guess if you’re among the 1%, you’re among the 0.01%. Or something like that.

    As best I can tell, there are three builds of Win10 1809 floating around —

    • 17763.1 = the original release. Not available any more. Upgrading to this build can zap all of the files in the indicated folders.
    • 17763.17 = the version you get if you’re in the Slow or Release Preview rings.
    • 17763.55 = the version you hit if you install today’s Cumulative Update, KB 4464630

    Just as an admittedly snarky side note… read the description of the problem in the official post, and think to yourself, “If I didn’t have a doctorate in Computerstuff, could I understand this?”

  • Patch Tuesday: The good, the bad, the ugly and the hopeless

    Posted on October 9th, 2018 at 12:47 woody Comment on the AskWoody Lounge

    Patch Tuesday patches are rolling out right now and there’s a bunch of them.

    Quick glance on the Microsoft Update Catalog shows 104 individual patches, dated Oct. 5 to 8 (none for Oct. 9 that I can see).

    Microsoft’s master list is here.

    I’m perplexed by the first cumulative update for Win10 version 1809, KB 4464330:

    Addresses an issue affecting group policy expiration where an incorrect timing calculation may prematurely remove profiles on devices subject to the “Delete user profiles older than a specified number of day.”

    There’s no indication if that fixes all of the disappearing Documents, Photos, etc., files that some encountered. Although it may well explain the “Delete user profiles” GPO problem. If it makes any difference, there’s been no change in the “Known issues” section of the original Win10 1809 release, KB 4464619. If Microsoft fixed the file deletion problem, they didn’t change the KB article to reflect the fix.

    There’s also no indication if this means the forced upgrades from 1803 to 1809 are poised to begin.

    Martin Brinkman at ghacks.net has his usual comprehensive list:

    • Windows 7: 13 vulnerabilities of which 2 are critical and 11 are important.
    • Windows 8.1: 14 vulnerabilities of which 2 are critical and 12 are important.
    • Windows 10 version 1607: 19 vulnerabilities of which 3 are critical and 16 are important.
    • Windows 10 version 1703: 18 vulnerabilities of which 3 are critical and 15 are important.
    • Windows 10 version 1709: 20 vulnerabilities of which 3 are critical and 17 are important.
    • Windows 10 version 1803: 20 vulnerabilities of which 2 are critical and 18 are important.
    • Windows 10 version 1809: 19 vulnerabilities of which 3 are critical and 16 are important.

    Dustin Childs on the Zero Day Initiative page weighs in:

    Microsoft released 49 security patches and two advisories covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office and Office Services. Of the 49 CVEs, 12 are listed as Critical, 35 are rated Important, one is rated as Moderate, and one is rated Low in severity. A total of eight of these CVEs came through the ZDI program. Three of these bugs are listed as publicly known at the time of release and one of these is reported as being actively exploited.

    We also got a Servicing Stack Update for Win10 1809, KB 4465477. If you’re manually installing the cumulative update for 1809 (sanity alert), be sure to get the SSU installed first. Thx @KPRP42.

    The only hole known to be actively exploited is a privilege escalation bug, which means the attacker has to be running on your machine already before they can take advantage of the bug.

    There’s a bumper crop of Office security patches, for Office 2010, 2013, 2016, several viewers, SharePoint Server 2010, 2013 and 2016.

    The SANS Internet Storm Center posted its usual overview, confirming that only one bug is currently known to be in use, and it’s a privilege elevation bug.

  • Keizer: Lab rats, Windows 10 and the importance of being last

    Posted on October 9th, 2018 at 07:33 woody Comment on the AskWoody Lounge

    Gregg Keizer just nailed it again:

    The file-deletion flaw that plagued last week’s rollout of the Windows 10 October 2018 Update shows how Microsoft uses consumers to test out the OS so its important customers – businesses – are protected.

    For Microsoft, a mistake and resulting upgrade retraction like this is a feature, not a bug, of its Windows 10 release strategy.

    Keizer explains how consumers are used as lab rats.  I tend to think of them (which is to say, us) as cannon fodder, but the simple fact is that Microsoft can and will push its bad updates on you, unless you’re connected to an update server, or you have Win10 Pro or Education set properly. Even if you have Win10 Pro set properly, Microsoft may still “forget” to honor its own settings.

    Right on. Check it out.

    (Yes, for those who ask, I do forgive Gregg for mis-spelling my name. Again. It’s the copyeditors I wonder about.)