News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: August 6, 2019

  • Patch Lady – we have another Spectre/Meltdown

    Posted on August 6th, 2019 at 21:52 Susan Bradley Comment on the AskWoody Lounge

    So included in the July patches was another Spectre/Meltdown patch that the information about it is just coming out today.  I’m still not convinced that we’ve seen actual attacks using Spectre/Meltdown nor am I convinced that we will see it in the wild.  Rather it’s my opinion that it will be used in targeted attacks but not in widespread ones.  Nevertheless, once again there’s another variant that got patched in the July updates:

     

    08/06/2019 08:21 PM EDT

     

    Original release date: August 6, 2019
    The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems’ memory.

    Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from “speculative execution”—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers.

    CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available:

  • August 2019 Office non-Security updates have been released

    Posted on August 6th, 2019 at 16:37 PKCano Comment on the AskWoody Lounge

    The August 2019 non-Security Office updates have been released Tuesday, August 6, 2019. They are not included in the DEFCON4 approval for the July 2019 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and  recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2013
    Update for Microsoft Office 2013 (KB4475556)
    Update for Skype for Business 2015 (KB4475564)

    Office 2016
    Update for Microsoft Excel 2016 (KB4475550)
    Update for Microsoft Office 2016 (KB4475516)
    Update for Microsoft Office 2016 (KB3114528)
    Update for Microsoft Office 2016 (KB4475542)
    Update for Microsoft Office 2016 (KB3141456)
    Update for Microsoft Office 2016 (KB4464588)
    Update for Microsoft Office 2016 (KB4032254)
    Update for Microsoft Office 2016 (KB4475551)
    Update for Microsoft Office 2016 (KB4464535)
    Update for Microsoft Office 2016 Language Interface Pack (KB4475541)
    Update for Microsoft OneNote 2016 (KB4092450)
    Update for Microsoft PowerPoint 2016 (KB4464577)
    Update for Microsoft Project 2016 (KB4475544)
    Update for Skype for Business 2016 (KB4475548)

    UPDATE: Microsoft Support pages now have links to the download center 8/8/2019.

    There were no non-security listings for Office 2007 (which is out of support) or Office 2010.

    Updates are for the .msi version (persistent). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).