News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: March 8, 2019

  • Yes, Microsoft says Win10 has hit 800 million devices

    Posted on March 8th, 2019 at 15:38 woody Comment on the AskWoody Lounge

    Gregg Keizer has a solid – and suitably skeptical – summary in Computerworld:

    Microsoft on Thursday said that 800 million devices are now running Windows 10, a 100 million increase in less than six months.

    Microsoft has regularly touted numbers for Windows 10, most of the time, although not always, by citing the active monthly devices, or those personal computers, tablets and other systems used within the last month.

    The 800 million number is sufficiently fuzzy that it’s hard to say if that’s monthly active devices, or just installs and/or activations, or some other metric. Microsoft’s number page says, simply, “There are more than 800 million devices running Windows 10,” dodging the definition quagmire. Says Keizer:

    Using the 12-month average change in user share, Computerworld recently forecast that nearly 41% of all Windows PCs will be running Windows 7 at the moment it falls off Microsoft’s support list.

    That’s an astonishing number.

  • They’ll have to pry Win7 from my cold, clutched claws – Seven Semper Fi

    Posted on March 8th, 2019 at 08:28 woody Comment on the AskWoody Lounge

    I think it’s kismet.

    On the day that Microsoft announced it had installed Win10 on 800 million devices (yep, even refrigerators!), I went the other way.

    I’ve kept several Windows 7 virtual machines running for many years. But I finally decided to plunk down some hard cash ($125, to be precise) and bought a refurbished Lenovo ThinkCentre M82 small form factor PC, with a genuine, crisp copy of Windows 7 Pro. I figured it’d be better experiencing the demise of my old friend first-hand, rather than vicariously through a virtual machine.

    So I’m busy setting up the new/old/off-lease Seven Semper Fi.

    A couple of things struck me during the from-scratch installation…. aside from having to clear away the junk (why would they install AVG Free and Adobe Reader on a refurb? no, don’t answer, I know, I know) the install brought back fond memories — remember how you had to actually CHOOSE to activate automatic update, and how the “Check for updates” button actually, you know, checked for updates, instead of installing everything in the swamp?

    Anyway, I’m forging ahead with a minimalist machine, to commiserate with you folks as the inevitable approaches. I got it updated (took about 30 minutes, starting with the updates installed by the refurb company). Restarted three times to finish the process. Installed Firefox (still debating about Chrome). Got rid of AVG Free and installed Microsoft Security Essentials (knowing that it’ll die early next year, too). Added VLC Media Player, 7 Zip, speccy (all from oldergeeks.com, of course) and I’ll install Office 2013 shortly.

    What else would you like me to try?

    The machine works great, by the way. Intel i5-3470, onboard graphics card, 4 GB memory, 250 GB hard drive. It can be leisurely at times, but I don’t mind. Five years ago it would’ve been a contendah.

  • Google comes clean on that “emergency” security patch – and shows how it was used to trigger a Windows 7 0day

    Posted on March 8th, 2019 at 07:03 woody Comment on the AskWoody Lounge

    Now I understand.

    Google releases patches for its Chrome browser all the time. As @b explained about 36 hours ago, Google sent out a special alert to get Chrome updated specifically to head off a 0day attack.

    I didn’t get too excited about it because Chrome automatically updates itself quite reliably, and because the threat didn’t seem to be all that great.

    A few hours ago, Clement Lecigne of the Google Threat Analysis Group added some key details:

    On Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together.

    To remediate the Chrome vulnerability (CVE-2019-5786), Google released an update for all Chrome platforms on March 1; this update was pushed through Chrome auto-update. We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.

    The second vulnerability was in Microsoft Windows. It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape. The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndexwhen NtUserMNDragOver() system call is called under specific circumstances.

    We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.

    Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes. Microsoft have told us they are working on a fix.

    As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available.

    Google’s vulnerability disclosure policy says, to a first approximation, that it gives software manufacturers 90 days to fix a security hole, and if no fix appears, they disclose the details.

    It’ll be interesting to see how Microsoft reacts.

    UPDATE: Catalin Cimpanu has a thorough timeline on ZDNet.

  • Fred Langa: “My 500 GB hard drive has one bad sector; what does that really mean?”

    Posted on March 8th, 2019 at 06:31 woody Comment on the AskWoody Lounge

    Short answer: Not a heckuvalot.

    Yet another insightful piece from the master.

    On Langa.com.

  • The highest customer satisfaction in the history of Windows

    Posted on March 8th, 2019 at 06:15 woody Comment on the AskWoody Lounge

    I’m just going to drop this here, gently, and tip-toe away without comment.