News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: September 10, 2019

  • September Patch Tuesday rolling out

    Posted on September 10th, 2019 at 13:12 woody Comment on the AskWoody Lounge

    The September 2019 patches are out, and there’s a bumper crop:

    • 216 separate patches in the Catalog – for all versions of Windows
    • 80 identified security holes (CVEs)
    • Two listed as “known” and two listed as “under active attack” – but all four of those are listed as “Important,” not “Critical.” Three of the four are “Elevation of Privilege” which means you have to be infected first before these security holes can be leveraged. The fourth requires that the miscreant have physical control over your machine.
    • Apparent fix for the SearchUI.exe redlining bug introduced last month in Win10 1903

    Martin Brinkmann has his usual extensive discussion on ghacks.net.

    As Dustin Childs says on the Zero Day Initiative blog:

    You’ll notice there are Remote Desktop bugs being patched in this release as well, but unlike BlueKeep and DejaBlue, these members of the Blue Bug Group are all client-side. An attacker would need to convince someone to connect to their malicious RDP server or otherwise intercept (MITM) the traffic. It’s good to see these issues patched, but they don’t carry the urgency of the recent wormable bugs.

    Short version: No big problems just yet, but stay tuned.

    Interesting. The SANS Storm Center says there are five “disclosed” or “exploited” security holes, not four. SANS ISC says — and Microsoft confirms — that CVE-2019-1253 is publicly known. It’s also an “Elevation of Privilege” attack.

  • Any suggestions for our new FAQ?

    Posted on September 10th, 2019 at 07:44 woody Comment on the AskWoody Lounge

    Several of you have, uh, gently reminded me that the Welcome! page on this site has become rather dated. It was written specifically to help Windows Secrets refugees get acclimated to AskWoody – and I think we’re largely over that initial whale hump now.

    I just posted a draft of a new site FAQ and I’d appreciate your comments. Keep a couple of things in mind:

    • The list isn’t definitive. Just the highlights. Shorter is better.
    • It has to be accessible to people who aren’t familiar with forums — and should be relatively easy for non-English-speakers.
    • Reassure people that the site is free, but that their donations are welcome (and needed!)

    Comments, corrections, additions?