Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Lots of Critical, Remote Code Execution patches coming on Tuesday

    Posted on February 9th, 2018 at 15:05 woody Comment on the AskWoody Lounge

    Brian Krebs tweeted an early look at next Tuesday’s patches. Wowza.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Lots of Critical, Remote Code Execution patches coming on Tuesday

    This topic contains 26 replies, has 14 voices, and was last updated by  PKCano 5 months, 4 weeks ago.

    • Author
      Posts
    • #166357 Reply

      woody
      Da Boss

      Brian Krebs tweeted an early look at next Tuesday’s patches. Wowza.
      [See the full post at: Lots of Critical, Remote Code Execution patches coming on Tuesday]

      6 users thanked author for this post.
    • #166361 Reply

      anonymous

      For those who don’t want to mess with preview stuff like the January security patches to ‘mitigate’ Spectre/Meltdown, disallow ‘AllowBuildPreview’ via group policy settings or add ‘AllowBuildPreview’ (REG_DWORD 0) to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds.

      1 user thanked author for this post.
    • #166372 Reply

      abbodi86
      AskWoody MVP

      For those who don’t want to mess with preview stuff like the January security patches to ‘mitigate’ Spectre/Meltdown, disallow ‘AllowBuildPreview’ via group policy settings or add ‘AllowBuildPreview’ (REG_DWORD 0) to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds.

      You think February patches will differ? they won’t
      and they will require AllowBuildPreview allowed or not configured

      BTW, ver 1507 and 1511 don’t support this policy, so they will get the patches, likewise Win7 7/8.1
      that policy has nothing to do with Spectre/Meltdown patches being “previews”, it’s just the usual MS policy confiction mess in Windows 10 (hint defer and telemetry 0.. etc)

      5 users thanked author for this post.
    • #166380 Reply

      WildBill
      AskWoody Lounger

      Does this have anything to do with Meltdown/Spectre?! Or is this a different kettle of fish that we’re just finding out about? Looks like it covers every flavor of Windows, Edge/IE, even Office & SharePoint.

      Windows 8.1, 64-bit, Group A.
      Wild Bill Rides Again...

      • This reply was modified 6 months ago by  WildBill.
      • #166557 Reply

        GoneToPlaid
        AskWoody Lounger

        These updates don’t appear to be related to Meltdown/Spectre.

    • #166394 Reply

      anonymous

      Based on nothing but that, it may just mean that there’s one RCE vulnerability for browsers (since the separate IE and Edge ones also have the RCE tag), which rather seems to be the case most of the time, doesn’t it?

    • #166422 Reply

      krzemien
      AskWoody Lounger

      https://www.youtube.com/watch?v=Gf1WT8VEZxk

      (sorry folks, I really could not resist! I’ll get me coat etc.)

      2 users thanked author for this post.
      • #166573 Reply

        Ascaris
        AskWoody MVP

        Wow… the memories.  Still remember when that was new!

    • #166436 Reply

      anonymous

      I don’t see Edge any different then I did with IE. Both tied too closely to each other so I avoid both like the plague. But then you got Chrome attacked with fake support freeze ups? Looks like another messy year coming up. Still not over the whole Meltdown/Spectre thing.

    • #166440 Reply

      Noel Carboni
      AskWoody MVP

      For anyone who’s been tracking such things…

      Do the updates labeled “Preview” that we typically see before the main update Tuesday extravaganza hits usually work out to be the same ones offered on the following big day?

      I’m wondering about the big picture most of all. I know the updates evolve some (and get re-released, etc.) as the world stumbles on problems, but asked another way are the “Preview” updates working out to be substantially what comes out a bit later? Are they just a first try at the monthly patches for the bravest early adopters?

      For me life’s just been too busy lately to try to track the individual update contents, especially since the KB numbers Windows Update initially shows usually don’t seem to match the numbers of what’s shown installed afterward.

      Thanks in advance for any insight.

      -Noel

      2 users thanked author for this post.
    • #166441 Reply

      PKCano
      AskWoody MVP

      Do the updates labeled “Preview” that we typically see before the main update Tuesday extravaganza hits usually work out to be the same ones offered on the following big day? I’m wondering about the big picture most of all. I know the updates evolve some (and get re-released, etc.) as the world stumbles on problems, but asked another way are the “Preview” updates working out to be substantially what comes out a bit later? Are they just a first try at the monthly patches for the bravest early adopters?

      The Previews are “supposed” to be the next month’s Rollup minus the security patches (ie the non-security + IE11). They are “supposed” to be finished products (according to MS). They are put out there for test (mostly Enterprise/managed machines) to evaluate (on a limited basis) for any conflicts.

      That’s what MS says. I do not do Previews, so I have not pursued the actual case. @mrbrian or @abbodii86 would be more likely to know how much the content changes between Preview and Rollup (disregarding the addition of the security component).

      7 users thanked author for this post.
    • #166445 Reply

      abbodi86
      AskWoody MVP

      The Previews are “supposed” to be the next month’s Rollup minus the security patches (ie the non-security + IE11). They are “supposed” to be finished products (according to MS). They are put out there for test (mostly Enterprise/managed machines) to evaluate (on a limited basis) for any conflicts.

      That’s what MS says. I do not do Previews, so I have not pursued the actual case. @mrbrian or @abbodii86 would be more likely to know how much the content changes between Preview and Rollup (disregarding the addition of the security component).

      Almost none
      i remember only once or twice were non-security fixes in Preview rollup changed in the next Security rollup
      it was related to the CPU block in WU

      10 users thanked author for this post.
    • #166457 Reply

      WildBill
      AskWoody Lounger

      Interesting question, Noel; that flitted through my mind once or twice. Thanks for asking it, & thanks to PKCano & abbodi86 for shining light on the situation. I’m like PKCano; I avoid “Previews” like the plague. I assume they can be useful in spooking out future features or problems. However, I’d only bother if I was that curious… & had at least 1 backup machine that I could restore & didn’t care if something bricked it.

      Windows 8.1, 64-bit, Group A.
      Wild Bill Rides Again...

    • #166509 Reply

      MrBrian
      AskWoody MVP

      Do the updates labeled “Preview” that we typically see before the main update Tuesday extravaganza hits usually work out to be the same ones offered on the following big day?

      I posted tweets from Microsoft’s Michael Niehaus regarding Windows preview rollups in the comments at https://www.askwoody.com/forums/topic/no-you-dont-want-the-rollup-preview-patches/.

      4 users thanked author for this post.
    • #166547 Reply

      anonymous

      I have a question, since they are critical patches, do we truly need to install them right away?
      or like always, we can wait to see people destroy their own computers?

      I ask since I don’t want to install them until they are safe.

    • #166568 Reply

      Rick59
      AskWoody Lounger

      Still waiting to see if and when my Win 7 32 machine will get a patch to guard against the Meltdown vulnerability. The way Microsoft is pushing Win 10 adoption I am not going to hold my breath. Ordered a pixelbook for my daughter to take the place oh her Win 10 64 laptop. Looks like a great product from all the reviews I have read.

    • #166575 Reply

      woody
      Da Boss

      Ordered a pixelbook for my daughter to take the place oh her Win 10 64 laptop.

      How does she like the Pixelbook?

      Seems pricey to me, but very capable…

    • #166583 Reply

      Rick59
      AskWoody Lounger

      Pixelbook is coming Tuesday but she does mostly web centric stuff so should work well for her. She will keep the Win laptop for offline tasks like playing Nancy Drew games….lol.

      The pixelbook would probably meet most of my needs as well but I am not sure if I could live with a small screen as my present all in one desktop has a 24 inch display.

      There are “chromebase” desktops but the selection is paltry compared to chrome books.

      The few chromebase machines are almost all made by Acer and they have not brought any news models since 2016 and I have always perceived their products to be mid tier when it came to quality.

      I guess iMac is also an option for me, but as even Apple fans have noted, they seem to be following the Microsoft template where there is a great urgency to push out new features and quality control is taking a bit of a back seat.

       

    • #166662 Reply

      SkipH
      AskWoody Lounger

      Most Chromebooks (even my little Samsung 12″ model) have an HDMI port on them, should work with any newer monitor or even a 1080p TV set.

      I’ve seen posts on the net of office setups like this: 24″ monitor, a “real” keyboard and a real mouse.

    • #166687 Reply

      PerthMike
      AskWoody Lounger

      I assume these will come as part of the big monthly all-or-nothing rollup? <sigh>

      We haven’t installed the January one yet because of all the reports of blue-screens, and we’re not likely to be hit by the Meltdown/Spectre c***.

      I trust there will be some details about how this RCE works, so we can take other precautions?

      No matter where you go, there you are.

    • #166692 Reply

      WildBill
      AskWoody Lounger

      It is MS-DEFCON 3, but that won’t last long. I understand your nervousness & it’s your choice to wait. IMO, patch while you can. Woody recommends to do it as well: https://www.computerworld.com/article/3253293/microsoft-windows/hold-your-breath-avoid-the-snake-oil-and-get-windows-updated.html. Notice ProTip #3:
      Make a full system image backup before you install the January patches.
      No matter what product you use, that’s very good advice. Even if you don’t, MrBrian has a way to get out of no-boot situations: https://www.askwoody.com/forums/topic/2000009-getting-out-of-a-no-boot-situation-after-installing-windows-updates/?view=all.

      Windows 8.1, 64-bit, Group A.
      Wild Bill Rides Again...

      • This reply was modified 6 months ago by  WildBill.
      1 user thanked author for this post.
    • #166698 Reply

      anonymous

      I was one of the few clueless ones that installed the January updates, fortunately in my case, nothing truly bad happened. However it’s highly possible I am one of the fewest lucky ones that survived with this patch…

      However its the last time I blindly update, from now on, I will check the MS-Defcon seriously.

    • #166738 Reply

      woody
      Da Boss

      I’ve seen posts on the net of office setups like this: 24″ monitor, a “real” keyboard and a real mouse.

      That’s exactly the configuration I would use. Daskeyboard, Logitech mouse, big curved screen.

      When I’m done with the book, that’ll be my next project.

      • #166786 Reply

        anonymous

        What do you plan to use to drive all of that?

        • #167952 Reply

          SkipH
          AskWoody Lounger

          @”anonymous” in post # 166786:

          Not sure what you mean by “What do you plan to use to drive all of that?”

          The Chromebook has it’s own 110V power supply, so does a regular HDMI monitor of what ever size might be used. The Chromebook has an HDMI port to connect to a monitor.

          Even my small Samsung 12″ Chromebook, model # XE500C13-K02US has 2 USB ports (1 a 2.0, 1 a 3.0), so those should support a keyboard and a mouse. I’d probably use a USB port extender so there’d be some free USB connections, or a combo mouse+keyboard that only needs 1 port using a receiver for both the mouse and keyboard.

          • #167954 Reply

            PKCano
            AskWoody MVP

            When the USB ports get used up, there’s always bluetooth. I had to do that on one of my laptops connected to printer, external monitor, Daktronics Diving Console, ethernet wired network…… no more room for the mouse.

    • #166923 Reply

      Cascadian
      AskWoody Lounger

      SkipH and Woody, that sounds like a wonderful setup that satisfies all of my wishes as well. I have such a habit of finding the other side of an argument, that my very next thought was ‘my laptop will look like a phablet in less than a week.’

      Probably worth it though.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Lots of Critical, Remote Code Execution patches coming on Tuesday

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: