Newsletter Archives

  • MS-DEFCON 3: Get the October patches installed

    Posted on October 29, 2020 at 23:49 CDT by Comment in the Forums

    We’re seeing some funny business with the ancillary patches this month, but the mainstream Windows cumulative updates and Office patches look good to go.

    Big question is whether you want to upgrade from Win10 version 1909 to version 2004. I have a few observations. Bottom line: Susan Bradley has upgraded her 1909 machines to 2004. I’m still sitting on a fence. Really, there’s exactly nothing in 2004 that most people will want.

    Step-by-step details in Computerworld Woody on Windows.

    Windows Patches/Security ,

  • About that Flash-zapping patch, KB 4577586? One leeetle problem. It doesn’t remove Flash.

    Posted on October 27, 2020 at 21:08 CDT by Comment in the Forums

    Earlier today Microsoft released KB 4577586, the “Update for the removal of Adobe Flash Player: October 27, 2020.” As Susan notes in the entry below, it’s only available if you manually download and install it from the Microsoft Catalog.

    Now comes word from Lawrence Abrams at BleepingComputer that the patch doesn’t do anything of the sort:

    In our tests, though, Adobe Flash Player remained installed after installing the update… When we checked the Adobe Flash Player component in Microsoft Edge, it was still installed after installing the update.

    Let’s hear it for Microsoft’s testers – the unpaid ones, at least.

     

    Windows Patches/Security ,

  • Where we stand with the October patches

    Posted on October 22, 2020 at 00:26 CDT by Comment in the Forums

    The run-of-the-mill cumulative updates had all the usual problems. But the other patches were a bit odd.

    I’m still amazed that the cumulative updates went out with a hard bug in an HP app, but HP has fixed its wayward ways.

    And we still don’t have the announced security fix for Microsoft Dynamics 365 Commerce.

    Winter – and version 20H2 – are coming.

    Details in Computerworld Woody on Windows.

    Windows Patches/Security

  • Is KB 4580980, the .NET update preview for 1903 and 1909, being installed even if you don’t “seek” for it?

    Posted on October 20, 2020 at 21:12 CDT by Comment in the Forums

    A distressing post from @Brockton:

    I’m running Win10 Home 1909 which was current with the October updates and currently updates are NOT paused.  I still have v2004 sitting in my update screen as an optional ‘download and install’.

    I just had a notification pop-up to restart my computer.  It turns out KB4580980 downloaded and installed without me checking for updates.  I figured with this being a preview it would be optional.  Note that when I system did it’s usual auto-check for updates it pushed the .NET preview without my permission.

    I know the thought was that if you un-pause updates it may perform a check and pull down the .NET preview … BUT my updates were not paused and it still auto-installed the .NET preview.  It was not optional like it used to be…

    it seemed to act like a standard ‘Patch Tuesday’ update that you’d typically pause and prepare for.  But I’m used to the preview patches showing as optional so I kept my updates un-paused not expecting this unless I manuall check for updates.  It seemed to get pushed through like the monthly standard updates that you get even if you don’t ‘seek’.

    Can you confirm? I’m not seeing it – but I’m paused.

    Windows Patches/Security ,

  • A compatibility problem between Office 2010 and the Win10 version 2004 update?

    Posted on October 20, 2020 at 18:47 CDT by Comment in the Forums

    Just got this report from BM:

    Just thought I would let you know that the 2004 update was a complete mess for me. It was pushed, I didn’t choose it. I run a Legion Y920-17IKB laptop with a licensed version of office 2010 (because I prefer it to 365). The update completely removed every office file I have created since October 2019. No files were saved in the update restore folder and restoring back to the previous version of windows didn’t recover the files. It also changed all the recents in those applications to files that were again, back from 2019.
    This is by far the worst update experience I’ve had, sharing it with you incase you can use it as a cautionary tale for your readers. Microsoft advice is to always back-up to the cloud. God I hate their updates so much! Just when you thought 2020 had thrown all it could at you…
    Anybody else seeing that?
    Office, Windows 10 Releases ,

  • SwiftOnSecurity on Patch Tuesday

    Posted on October 17, 2020 at 20:41 CDT by Comment in the Forums

    Man, ain’t that the truth….

    Windows Patches/Security

  • Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem

    Posted on October 15, 2020 at 22:58 CDT by Comment in the Forums

    Back in July I wrote about two weird Microsoft Store patches for a couple of security holes in the HEVC codecs, which are programs that Microsoft created to let you play Apple HEVC files. (Protip: You probably don’t have them, unless you’ve installed codecs from the Store.)

    Now comes word that we have another identified security hole in that same HEVC codecs,

    CVE-2020-17022

    This warning isn’t for everybody. Per MS,

    Only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.

    So unless you’ve specifically downloaded the Microsoft codec, you don’t need to worry about it – but be aware that this one is also coming through Windows Update the Microsoft Store. There’s a lengthy discussion of versions in the KB article.

    The announcement also says that CVE-2020-17022 is a security hole in Remote Desktop Services, but it isn’t. Be calm, grasshopper.

    There’s also a bug for Visual Studio programmers, CVE-2020-17023, which involves opening a nasty package.json file. If you’re using Visual Studio, watch out.

    Finally, we have CVE-2020-16943, which was just updated (the original notice was released on Patch Tuesday). The problem? This security hole is in Microsoft Dynamics 365 Commerce. Microsoft posted about the fix on Patch Tuesday and then decided, two days later, to tell people that it doesn’t yet have a fix:

    The security update for Dynamics 365 Commerce is not immediately available. The update will be released as soon as possible, and when it becomes available, customers will be notified via a revision to this CVE information.

    Golly.

    Windows Patches/Security

  • Win10 version 2004 systemwide password “amnesia” – a fix?

    Posted on October 15, 2020 at 18:12 CDT by Comment in the Forums

    I wrote about this unusual – but very frustrating – bug a month ago:

    The upgrade to 2004 applies fine but I keep getting prompted for passwords to sign into applications, google, facebook, outlook, and others. It seems the credential manager is not remembering passwords with a local admin account. It will for a while but the password is getting wiped out.

    @WarningU2 has found a workaround that involves running a specific (and formidable) PowerShell command.

    The bug’s still there. But it looks like this one command makes things work again.

    Windows 10 Releases ,

  • October patched security holes are getting hit hard

    Posted on October 15, 2020 at 07:25 CDT by Comment in the Forums

    Here’s where the threats stand as of early Thursday morning:

    CVE-2020-16898: “Bad Neighbor” or “Ping of Death” has a proof of concept available, but it just triggers a bluescreen. US Cyber Command tweets “CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely.” But Kevin Beaumont says, “I wouldn’t panic about the IPv6 thing personally, just keep calm and patch as usual.” Kevin reports that he’s seen a fake exploit.

    CVE-2020-16951 and CVE-2020-16952 SharePoint Server security holes have a new proof of concept, but the holes only occur on SharePoint Server 2016 and 2019. If you’re running either of those Server versions, get patched, but everybody else is immune.

    CVE-2020-16947 Outlook 2016/Office 2019/Microsoft 365 vulnerability – which can crawl in via Outlook if you simply preview an infected email – doesn’t have any outstanding proof of concepts, as best I can tell.

    Bottom line: I don’t see any reason to install this month’s patches just yet, unless you’re running SharePoint Server 2016 or 2019.

    Windows Patches/Security

  • Microsoft experiments with pushing Office progressive web apps onto Win10 machines – without your permission

    Posted on October 14, 2020 at 19:12 CDT by Comment in the Forums

    I like PWAs, but this is no way to get the ball rolling. (There’s a good discussion of Progressive Web Apps on Wikipedia.)

    Microsoft has PWA versions of five apps: Word, Excel, PowerPoint, Outlook and OneNote. You can manually install the PWA versions of those apps on your Win10 machine by using Edge (navigate to the app in the Windows Store, click Settings, Apps, Install this site as an app). You end up with Start menu entries for each. Click on one of the Start entries, and the web-based version of the app appears, inside a minimal browser shell.

    Mayank Parmar over on Windows Latest noticed:

    Microsoft now appears to be experimenting with a new feature that will add [the PWA version of] Office apps to your Windows 10 device without your permission.

    The rollout isn’t happening on all machines. Says Parmar:

    Over the weekend, Microsoft updated the Chromium Edge (Stable) for Windows 10 to quietly install four Office web apps on some devices. This ‘feature’ appears to be rolling out to select testers in the Windows Insider program, but it could also show up on non-Insider machines.

    Günter Born calls them “Windows 10 behavior as a malware?” He’s got a good point – although, to be fair, it looks like the only machines being targeted right now are actively in the Insider Program.

    Lawrence Abrams at BleepingComputer says:

    Those who do not wish to have these PWAs installed can uninstall them directly in Microsoft Edge through the edge://apps URL or via the Programs and Features Settings page [in Windows 10].

    Surprise!

    Windows News ,

  • Microsoft re-releases buggy July .NET Security Only patches

    Posted on October 13, 2020 at 21:17 CDT by Comment in the Forums

    Microsoft just announced that it has re-issued the buggy July .NET Security Only patches identified as CVE–2020-1147, and covering a gazillion different KBs. Okay, I overspoke. Maybe half a gazillion.

    The bug? Ahem:

    After you apply this update, some applications experience a TypeInitializationException exception when they try to deserialize System.Data.DataSet or System.Data.DataTable instances from the XML within a SQL CLR stored procedure.

    You had to ask.

    Anyway, if you see a .NET patch from July suddenly appear in October, you need to install it, and now you know why.

    UPDATE: @PKCano has the gory details – including KB numbers for the re-released Security Only patches for Win7 and Server 2008 R2 – posted here.

    Windows Patches/Security , , ,

  • What you need to know about today’s Apple event

    Posted on October 13, 2020 at 20:50 CDT by Comment in the Forums

    From Nathan Parker:

    Apple hosted a virtual event on October 13. This was one of the most exciting Apple events I have watched. Here is the bottom line of the major product announcements:

    HomePod mini: Smaller circular design, 360 degree audio, S5 chip (Apple Watch chip, not an A Series chip), Computational Audio optimizes each audio when played, new Intercom support arriving to all Apple devices, stronger emphasis on being a home assistant, Emphasis on privacy, $99 (versus $299 for the larger HomePod).

    iPhone 12: Now includes 5G, New design similar to iPhone 4 and 5, iPhone mini option (6.1” vs 6.4” display on the larger iPhone 12), Ceramic Shield offers better protection (including better spill and splash resistance), New colors, A14 Bionic chip, OLED comes to iPhone 12, Dual Cameras with Night Mode, Night Mode Selfies, Deep Fusion, Smart HDR 3 and Portrait Mode, , Night Mode Time Lapse, Record and Edit Video in Dolby Vision, Support for MagSafe Accessories (magnetic chargers, cases, wallets, etc), Faster Wireless Charging

    iPhone 12 Pro: Includes everything on the iPhone 12 with 6.1” and 6.7” Display options, Smaller bezels, Four colors including Pacific Blue (stainless steel bands instead of aluminum), LiDAR sensors, Four Cameras with expanded Night Mode, ProRAW Support (the ability to shoot RAW on a phone camera), HDR Video Recording

    A few additional things to know:

    • iPhone 12 mmWave support is limited to the US
    • Apple is including three months of Apple Arcade in addition to a free year of Apple TV+
    • iPhone 12 models no longer come with EarPods and Power Adapter, do include USB C Cable (this extends to future iPhone 11, XR, and SE purchases)
    • iOS 14.1 and iPadOS 14.1 was also released today, watchOS 7.0.2 was released recently as well
    Apple
  • « Older Entries
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    June 2023
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    252627282930  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.