News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: May 17, 2019

  • If you’re dealing with UK government websites, bend waaaaaaaay over and kiss your keester

    Posted on May 17th, 2019 at 14:36 woody Comment on the AskWoody Lounge

    Actually, the best solution is to use Chrome or Firefox, but….

    Every single Windows patch this month has broken a protocol known as HSTS for domains that end in gov.uk.

    From Wikipedia:

    HSTS allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections, and never via the insecure HTTP protocol.

    Poster @magic describes it this way:

    “gov.uk” is the main site for the UK government. It’s used for online applications for car tax, passports, driving licenses. That sort of very important stuff which requires a secure connection, and has been HTTPS for years.

    Then you get a level down to local government, where there’s 400+ local councils. They have placename.gov.uk domains, which this just broke as we got no warning that HSTS was being enforced. I’m an infrastructure tech for for a local council with 250,000 residents. A bunch of internal systems (that don’t require HTTPS) stopped working after I got the patches to test on Wednesday morning.

    For us it prevents access to the publicly accessible democracy data and the planning system among others. Both of these are maintained by external systems providers so it’s not a five minute job to add a certificate. The main website is fine for us, other councils don’t even have HTTPS enabled on those. I got a tweet before from someone advising that reading.gov.uk and doncaster.gov.uk are inaccessible.

    Like I said, bend waaaaaaaay over.

    The culprit? Microsoft has just fessed up:

    Unable to access some gov.uk websites

    After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.
    Affected platforms:
    • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1
    • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
    Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.

    Tell me again who tests this stuff. Certainly nobody running Win10 1809, 1803, 1709, 1703, 1607, 1507, Win 8.1, Win 7, Server 1809, Server 2019, Server 1803, Server 1709, Server 2016, Server 2012 R2, Server 2012, or Server 2008 R2 who’s using IE or Edge to access UK government sites.

    Did I leave anybody out?

    UPDATE: Do you use Avast? See this anonymous post:

    Here’s the link directly to the Avast site, but be warned: I can no longer see it with any browser ever since installing the May MS updates as recommended by @woody. The cause is probably due to a lack of full support for HSTS on their site, as it’s based in the UK.

    And now you know why I hated SO much to recommend that Win7 users install this month’s update.

  • There’s a new KB 4023057 making the rounds

    Posted on May 17th, 2019 at 08:09 woody Comment on the AskWoody Lounge

    Let’s see. It’s Friday. There must be a new version of KB 4023057, the “Update to Windows 10, versions 1507, 1511, 1607, 1703, 1709, and 1803 for update reliability reliability” patch.

    Reliably.

    Short version: We don’t really know what it does, except to blast away anything you or your machine has done to block upgrading to version 1903. Oddly, it still isn’t being released to Win10 1809.

    Günter Born has all the details. We’ve been covering it here forever.

  • New report from Forescout says 71% of medical industry PCs will still be running Win7 in January

    Posted on May 17th, 2019 at 07:48 woody Comment on the AskWoody Lounge

    Interesting report from the people at Forescout:

    Within our data sample… 71% of devices will be running unsupported Windows operating systems by January 14, 2020.

    “Unsupported operating systems” includes Windows 7, Server 2008, and earlier.

    The study revealed that 40% of deployments had more than 20 different operating systems on their medical VLANs.

    They were looking at a very large sample of very large installations:

    Source data for this report came from the Forescout Device Cloud, a repository of host and network information for more than 8 million devices, making it one of the largest crowdsourced device repositories. For this study, researchers limited Device Cloud analysis to 75 healthcare deployments with over 10,000 virtual local area networks (VLANs) and 1.5 million devices. Since the primary focus of the report is the status of medical devices, many of the results are based on analysis of more than 1,500 medical VLANs with 430,000 devices.

    No, Windows 7 is not going away any time soon. The medical industry has an enormous problem. As do many of us.