News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: December 20, 2019

  • Microsoft says it’ll sell Win7 Extended Security Updates to Ultimate users

    Posted on December 20th, 2019 at 09:27 woody Comment on the AskWoody Lounge

    Sort of.

    Microsoft’s Joe Lurie posted on the Tech Community forum yesterday:

    • We have been communicating ESU since last May with constant blogs, announcements at events, tweets, etc. The media has been reporting on them as well; I apologize if it seems last minute. The EOL date of Windows 7 was announced long before the ESU announcements, so even without ESU the EOL of Windows 7 has been looming. That said, Microsoft announced ESU in early 2019 and have been making changes to the program as necessary ever since. One change was allowing for CSP which was not in the original plans. This is why this was announced in October – it was an add-on program based on customer request;
    • Most of us at Microsoft, and specifically in the ESU PG, are not at home over the holidays, we are still working to provide ESU for the customers that need it. As I mentioned in the above point, we only announced CSP recently, and have CSP partners ready to help;
    • ESU is available for Windows 7 Ultimate edition, and has been since ESU was first being sold. We may have failed in that communication, and I apologize for that. Most of our enterprise customers aren’t using Ultimate edition, so we didn’t have Ultimate documented. Once we started selling ESU via CSP channel, the CSP partners were made aware of which versions are eligible for ESU.

    Wading through the alphabet soup, Lurie’s saying that normal people (and small companies) will have to get Extended Security updates through the recently-announced Cloud Service Provider companies. It appears that Microsoft forgot that there are Win7 users who want security updates, but aren’t tied to volume licenses. Those unwashed masses (like, oh, me) have to go through a CSP.

    The announcement about Extended Security Update availability for Win7 Ultimate is brand new, at least to me. There’s been a lot of speculation in recent months (much of it here on AskWoody) as to whether Ultimate customers will be able to buy the patches.

    Patch Lady Susan Bradley is spearheading the drive to bring Win7 Extended Security Updates to the masses. Stay tuned – much more to come.

  • Born, BleepingComputer: Malwarebytes fixes AdwCleaner, removing a DLL hijacking vulnerability

    Posted on December 20th, 2019 at 08:42 woody Comment on the AskWoody Lounge

    Günter Born is at it again. This time he found a DLL hijacking vulnerability in Malwarebytes’ AdwCleaner 8.

    If Windows shows unwanted programs or displaying unwanted ads after installing software possible adware has been involved. In order to clean the system of this unwanted programs, the tool Malwarebytes AdwCleaner may be used (its free for private use)…

    When AdwCleaner runs with administrative permissions, the code from the loaded DLL files is also executed as a process with administrative permissions. Normally this works well, because Windows does not find the DLL files in the folder of the program and then searches in the Windows folders. But if a malware knows that a tool has a DLL hijacking vulnerability for certain DLLs, it only needs to store a file with the same name in the folder containing the application.

    Born notified Malwarebytes on Dec. 10 and they sent him a beta copy of a new version. That version also had a major DLL hijacking problem. Ultimately, Malwarebytes released a smarter version 8.0.1 without the security hole on Wednesday.

    There’s a detailed explanation of the vulnerability and its resolution in this Lawrence Abrams post on BleepingComputer.