News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: September 23, 2019

  • More on the unexpected manual-install-only Win10 cumulative updates and IE patch

    Posted on September 23rd, 2019 at 14:41 woody Comment on the AskWoody Lounge

    As Susan Bradley details (see next post), in the past few hours Microsoft released a bunch of new Win10 cumulative updates:

    In addition there’s a single standalone patch, KB 4522007, that applies to IE in Win7, 8.1, Server 2012 and Server 2012 R2. It’s a plain-vanilla IE patch (which means it’s a rollup), arriving at a weird time. It’s NOT a Windows patch.

    Microsoft has released very little info about the security hole, identified as CVE-2019-1367, but apparently it’s been found in the wild, and it can be very nasty.

    If you don’t use Internet Explorer, you can safely ignore all of the hoopla. If you do use IE, rap yourself on the knuckles, click on those links and go diving for the update: You’ll only get it if you manually download and install it.

    At the same time, Microsoft released a notification of another security hole, CVE-2019-1255, that can conceivably be used to block Windows Defender updates. There’s no separate patch. You don’t need to worry about installing the fix, because Defender will patch itself.

    Perhaps this is why we didn’t see any Win10 cumulative updates last week – the “Week C” that usually brings at least a handful of them.

  • Patch Lady – we have an “out of band” release

    Posted on September 23rd, 2019 at 14:03 Susan Bradley Comment on the AskWoody Lounge

    https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/

    We get them so rarely these days it probably needs a bit of explanation:

    For those of you that use Windows update, you will get a security patch pushed out to your machine and it will demand a reboot.

    Susan update:  The KBs state that these will not be pushed out via Windows update, but instead come down only if you go to the catalog.  Thus totally BREAKING the definition of “out of band update”.  Geeze Microsoft.

    For those on Windows 10 it will be a cumulative update:

    4522016 for 1903

    4522015 for 1809

    4522014 for 1803

    4522012 for 1709

    4522011 for 1703

    4522009 for RTM of Windows 10

    4522010 for Windows Server 2016

    4522015 for Windows Server 2019

    4522007 for Windows 8.1, Windows 7, Server 2012, Server 2012 R2 it’s a patch JUST for Internet explorer – so both A and B patchers can install it.

    For those of you with WSUS updating rules or quality update deferrals, this will respect those settings.

    Bottom line, there’s a security issue for which Microsoft sees active targeted attacks to their customers and thus they’ve determined it should be pushed out now rather than waiting for the second week of next month to fix it. 

    Bottom line, there’s a security issue for which Microsoft has apparently deemed it an “out of band” but not enough of an “out of band” to be pushed out to automatically update.  Confused?  I am.  Should you install it?  Obviously not given how they are handling this update.

    Updated note:  Per Nick from the patchmanagement.org list, Microsoft has told Enterprise customers that this will be on Windows update and WSUS on Tuesday, September 24 Redmond time (aka the D week release).  So unless you have deferrals in place you will be getting it tomorrow on your Windows 10 machines.  I’ve always been informed that attackers can call a specific program so even though you aren’t using IE, that doesn’t mean it’s not embedded into the software.

     

  • Is “Sets” coming back in Win10 version 2003 (er, 20H1)?

    Posted on September 23rd, 2019 at 07:47 woody Comment on the AskWoody Lounge

    Apparently the “Sets” feature (which adds mixed-use tabs to every Windows window) appears in parts of the latest beta test version of the early-2020 version of Win10, build 19481.

    It now appears that the reappearance of “Sets” is a bug, not a feature:

    Or at least that’s the official party line.

    I see why some folks like Sets, but I’d be happy with a simple tabbed File Explorer.  And anything that makes Win10 less stable is a most definitely not welcome here!

  • Possibly inaccurate, but watch out: iOS 13 (?) may be leaking credit card numbers

    Posted on September 23rd, 2019 at 07:39 woody Comment on the AskWoody Lounge

    Here’s the original post:

    Went to update payment info, showed me some random persons full credit card info and billing address

    As the title says. I went to update my payment info in iOS13 and while doing so, it showed me info for a Discover card (no one I know even has one of these) and the woman’s full billing address.

    I took screen shots of everything and am going to report this to Apple ASAP however, I just read a post here on Reddit, not sure if it was this sub or another sub related to iOS/iPhone who posted the exact same issue.

    Although the poster pins the problem on iOS 13, the circumstances are nebulous enough that it could be a problem with the new iPhone 11, Apple Pay/Apple Card, or something else entirely. Be careful.

    Thx, Rafael Rivera @WithinRafael

  • Has MS cleaned up its Win10-update mess? (Spoiler: No!)

    Posted on September 23rd, 2019 at 01:15 Tracey Capen Comment on the AskWoody Lounge

    WOODY’S WINDOWS WATCH

    By Woody Leonhard

    Give Microsoft some credit: it keeps trying to improve patch quality.

    But in spite of two significant improvements to the patching infrastructure, it looks to me as though the process is getting worse, not better.

    Read the full story in AskWoody Plus Newsletter 16.34.0 (2019-09-23).

  • How to stop two Windows Defender annoyances

    Posted on September 23rd, 2019 at 01:10 Tracey Capen Comment on the AskWoody Lounge

    LANGALIST

    By Fred Langa

    Win10’s built-in Windows Defender has matured into a top-ranked anti-malware tool. But several of its default behaviors can be downright irritating.

    Here’s how to tweak Windows Defender with a few buried settings and a Task Scheduler change.

    Plus: Does Adobe Flash Player really need as many updates as it claims?

    Read the full story in AskWoody Plus Newsletter 16.34.0 (2019-09-23).

  • How to fill out a PDF form with Adobe Acrobat Reader

    Posted on September 23rd, 2019 at 01:05 Tracey Capen Comment on the AskWoody Lounge

    PRODUCTIVITY

    By Lance Whitney

    Entering information into PDF-based forms can be an exercise in frustration — especially if it’s something you don’t do often.

    Let’s say, for example, that you have a PDF tax form that needs to be filled out. You could use Adobe Acrobat to complete the task (and also do lots of other tricks with PDF files), but that’s a pricey proposition — around U.S. $180 per year — especially if you rarely need to edit or annotate PDFs.

    Read the full story in AskWoody Plus Newsletter 16.34.0 (2019-09-23).

  • Changing my mind about Facebook

    Posted on September 23rd, 2019 at 01:00 Tracey Capen Comment on the AskWoody Lounge

    SECURITY

    Amy Babinchak

    Undoubtedly, you’ve seen the invitation to sign in to a website with your Facebook account. And you ask yourself: “How can that be safe?”

    Using one account sign-in for everything goes against a basic tenet of password security. And you’re trusting Facebook to keep your credentials secure — and not share them. (Sharing is core to Facebook.) And yet you watch as all your friends get hacked and cloned while using conventional sign-ins.

    Read the full story in AskWoody Plus Newsletter 16.34.0 (2019-09-23).