News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: April 25, 2019

  • There they are… Second April patches are out and they look lame

    Posted on April 25th, 2019 at 17:56 woody Comment on the AskWoody Lounge

    UPDATE: All the latest in Computerworld Woody on Windows.

    We waited an extra week and a half for this?

    Around 2:30 pm (Redmond time) on Thursday, Microsoft released a small bunch of patches:

    Win10 1803 patch KB 4493437 has a bunch of little “quality” (non-security) fixes, including lots of Japanese date bug fixes. The IE “Customer URI Schemes” bug introduced earlier has apparently been fixed. Both of the other acknowledged bugs are still there, including a Rename on a Cluster Shared Volume crashing the system.

    Win10 1709 patch KB 4493440 has a similarly lengthy list of little fixes, similar gaggle of Japanese bug fixes. 1709 is at end of service for Home and Pro (but not for Enterprise).

    Win 8.1 Monthly Rollup Preview KB 4493443 appears to consist entirely of Japanese date bug fixes. Notably, there’s no change in status for these patches and the previously identified antivirus bugs.

    Similarly, Win 7 Monthly Rollup Preview KB 4493453 only has Japanese date bug fixes. It, too, still has the old conflicts with the antivirus products.

    Nothing for 1809 – and I don’t see anything new coming out for 1903.

    Let’s see how they fare overnight.

    Thx, @EP, @PKCano, @LaidBackTokyo

  • Microsoft: Forced password changes don’t work

    Posted on April 25th, 2019 at 15:30 woody Comment on the AskWoody Lounge

    Yesterday, Sergiu Gatlan at BleepingComputer wrote about Microsoft’s newfound antipathy to forced frequent password changes.

    You know the problem: Every 30 or 60 or 90 days, you’re forced to change your password – and the new one can’t match the last 12 of them. Your solution is probably the same as mine:

    Pass1
    Pass2
    Pass3
    Pass4

    and so on. With the way technology has changed (I hesitate to use the term “improved”), frequently changed short passwords don’t hold a candle to LongPasswordsThatYouCanEasilyRemember. Even old LongPasswordsThatYouCanEasilyRemember work better than Shorter1, Shorter2, Shorter3. Forcing you to change them every 30 days only pushes you toward less secure passwords.

    Of course, you use a password manager such as LastPass or OnePass or KeePass. In that case, changing your password every 30 days is just a pain in the neck. No security improvement at all.

    The topic has come up because Microsoft just released its newly revised “Security baseline” for Win10 version 1903. It’s still marked Draft, but should be solidified before too long. Here’s what MS says:

    When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use.

    Bravo and huzzah!