News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • MS-DEFCON 3: Get the October patches installed

    Posted on October 29th, 2020 at 23:49 Comment on the AskWoody Lounge

    We’re seeing some funny business with the ancillary patches this month, but the mainstream Windows cumulative updates and Office patches look good to go.

    Big question is whether you want to upgrade from Win10 version 1909 to version 2004. I have a few observations. Bottom line: Susan Bradley has upgraded her 1909 machines to 2004. I’m still sitting on a fence. Really, there’s exactly nothing in 2004 that most people will want.

    Step-by-step details in Computerworld Woody on Windows.

  • About that Flash-zapping patch, KB 4577586? One leeetle problem. It doesn’t remove Flash.

    Posted on October 27th, 2020 at 21:08 Comment on the AskWoody Lounge

    Earlier today Microsoft released KB 4577586, the “Update for the removal of Adobe Flash Player: October 27, 2020.” As Susan notes in the entry below, it’s only available if you manually download and install it from the Microsoft Catalog.

    Now comes word from Lawrence Abrams at BleepingComputer that the patch doesn’t do anything of the sort:

    In our tests, though, Adobe Flash Player remained installed after installing the update… When we checked the Adobe Flash Player component in Microsoft Edge, it was still installed after installing the update.

    Let’s hear it for Microsoft’s testers – the unpaid ones, at least.

     

  • Where we stand with the October patches

    Posted on October 22nd, 2020 at 00:26 Comment on the AskWoody Lounge

    The run-of-the-mill cumulative updates had all the usual problems. But the other patches were a bit odd.

    I’m still amazed that the cumulative updates went out with a hard bug in an HP app, but HP has fixed its wayward ways.

    And we still don’t have the announced security fix for Microsoft Dynamics 365 Commerce.

    Winter – and version 20H2 – are coming.

    Details in Computerworld Woody on Windows.

  • Is KB 4580980, the .NET update preview for 1903 and 1909, being installed even if you don’t “seek” for it?

    Posted on October 20th, 2020 at 21:12 Comment on the AskWoody Lounge

    A distressing post from @Brockton:

    I’m running Win10 Home 1909 which was current with the October updates and currently updates are NOT paused.  I still have v2004 sitting in my update screen as an optional ‘download and install’.

    I just had a notification pop-up to restart my computer.  It turns out KB4580980 downloaded and installed without me checking for updates.  I figured with this being a preview it would be optional.  Note that when I system did it’s usual auto-check for updates it pushed the .NET preview without my permission.

    I know the thought was that if you un-pause updates it may perform a check and pull down the .NET preview … BUT my updates were not paused and it still auto-installed the .NET preview.  It was not optional like it used to be…

    it seemed to act like a standard ‘Patch Tuesday’ update that you’d typically pause and prepare for.  But I’m used to the preview patches showing as optional so I kept my updates un-paused not expecting this unless I manuall check for updates.  It seemed to get pushed through like the monthly standard updates that you get even if you don’t ‘seek’.

    Can you confirm? I’m not seeing it – but I’m paused.

  • A compatibility problem between Office 2010 and the Win10 version 2004 update?

    Posted on October 20th, 2020 at 18:47 Comment on the AskWoody Lounge

    Just got this report from BM:

    Just thought I would let you know that the 2004 update was a complete mess for me. It was pushed, I didn’t choose it. I run a Legion Y920-17IKB laptop with a licensed version of office 2010 (because I prefer it to 365). The update completely removed every office file I have created since October 2019. No files were saved in the update restore folder and restoring back to the previous version of windows didn’t recover the files. It also changed all the recents in those applications to files that were again, back from 2019.
    This is by far the worst update experience I’ve had, sharing it with you incase you can use it as a cautionary tale for your readers. Microsoft advice is to always back-up to the cloud. God I hate their updates so much! Just when you thought 2020 had thrown all it could at you…
    Anybody else seeing that?
  • SwiftOnSecurity on Patch Tuesday

    Posted on October 17th, 2020 at 20:41 Comment on the AskWoody Lounge

    Man, ain’t that the truth….

  • Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem

    Posted on October 15th, 2020 at 22:58 Comment on the AskWoody Lounge

    Back in July I wrote about two weird Microsoft Store patches for a couple of security holes in the HEVC codecs, which are programs that Microsoft created to let you play Apple HEVC files. (Protip: You probably don’t have them, unless you’ve installed codecs from the Store.)

    Now comes word that we have another identified security hole in that same HEVC codecs,

    CVE-2020-17022

    This warning isn’t for everybody. Per MS,

    Only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.

    So unless you’ve specifically downloaded the Microsoft codec, you don’t need to worry about it – but be aware that this one is also coming through Windows Update the Microsoft Store. There’s a lengthy discussion of versions in the KB article.

    The announcement also says that CVE-2020-17022 is a security hole in Remote Desktop Services, but it isn’t. Be calm, grasshopper.

    There’s also a bug for Visual Studio programmers, CVE-2020-17023, which involves opening a nasty package.json file. If you’re using Visual Studio, watch out.

    Finally, we have CVE-2020-16943, which was just updated (the original notice was released on Patch Tuesday). The problem? This security hole is in Microsoft Dynamics 365 Commerce. Microsoft posted about the fix on Patch Tuesday and then decided, two days later, to tell people that it doesn’t yet have a fix:

    The security update for Dynamics 365 Commerce is not immediately available. The update will be released as soon as possible, and when it becomes available, customers will be notified via a revision to this CVE information.

    Golly.

  • Win10 version 2004 systemwide password “amnesia” – a fix?

    Posted on October 15th, 2020 at 18:12 Comment on the AskWoody Lounge

    I wrote about this unusual – but very frustrating – bug a month ago:

    The upgrade to 2004 applies fine but I keep getting prompted for passwords to sign into applications, google, facebook, outlook, and others. It seems the credential manager is not remembering passwords with a local admin account. It will for a while but the password is getting wiped out.

    @WarningU2 has found a workaround that involves running a specific (and formidable) PowerShell command.

    The bug’s still there. But it looks like this one command makes things work again.

  • October patched security holes are getting hit hard

    Posted on October 15th, 2020 at 07:25 Comment on the AskWoody Lounge

    Here’s where the threats stand as of early Thursday morning:

    CVE-2020-16898: “Bad Neighbor” or “Ping of Death” has a proof of concept available, but it just triggers a bluescreen. US Cyber Command tweets “CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely.” But Kevin Beaumont says, “I wouldn’t panic about the IPv6 thing personally, just keep calm and patch as usual.” Kevin reports that he’s seen a fake exploit.

    CVE-2020-16951 and CVE-2020-16952 SharePoint Server security holes have a new proof of concept, but the holes only occur on SharePoint Server 2016 and 2019. If you’re running either of those Server versions, get patched, but everybody else is immune.

    CVE-2020-16947 Outlook 2016/Office 2019/Microsoft 365 vulnerability – which can crawl in via Outlook if you simply preview an infected email – doesn’t have any outstanding proof of concepts, as best I can tell.

    Bottom line: I don’t see any reason to install this month’s patches just yet, unless you’re running SharePoint Server 2016 or 2019.

  • Microsoft experiments with pushing Office progressive web apps onto Win10 machines – without your permission

    Posted on October 14th, 2020 at 19:12 Comment on the AskWoody Lounge

    I like PWAs, but this is no way to get the ball rolling. (There’s a good discussion of Progressive Web Apps on Wikipedia.)

    Microsoft has PWA versions of five apps: Word, Excel, PowerPoint, Outlook and OneNote. You can manually install the PWA versions of those apps on your Win10 machine by using Edge (navigate to the app in the Windows Store, click Settings, Apps, Install this site as an app). You end up with Start menu entries for each. Click on one of the Start entries, and the web-based version of the app appears, inside a minimal browser shell.

    Mayank Parmar over on Windows Latest noticed:

    Microsoft now appears to be experimenting with a new feature that will add [the PWA version of] Office apps to your Windows 10 device without your permission.

    The rollout isn’t happening on all machines. Says Parmar:

    Over the weekend, Microsoft updated the Chromium Edge (Stable) for Windows 10 to quietly install four Office web apps on some devices. This ‘feature’ appears to be rolling out to select testers in the Windows Insider program, but it could also show up on non-Insider machines.

    Günter Born calls them “Windows 10 behavior as a malware?” He’s got a good point – although, to be fair, it looks like the only machines being targeted right now are actively in the Insider Program.

    Lawrence Abrams at BleepingComputer says:

    Those who do not wish to have these PWAs installed can uninstall them directly in Microsoft Edge through the edge://apps URL or via the Programs and Features Settings page [in Windows 10].

    Surprise!

  • Microsoft re-releases buggy July .NET Security Only patches

    Posted on October 13th, 2020 at 21:17 Comment on the AskWoody Lounge

    Microsoft just announced that it has re-issued the buggy July .NET Security Only patches identified as CVE–2020-1147, and covering a gazillion different KBs. Okay, I overspoke. Maybe half a gazillion.

    The bug? Ahem:

    After you apply this update, some applications experience a TypeInitializationException exception when they try to deserialize System.Data.DataSet or System.Data.DataTable instances from the XML within a SQL CLR stored procedure.

    You had to ask.

    Anyway, if you see a .NET patch from July suddenly appear in October, you need to install it, and now you know why.

    UPDATE: @PKCano has the gory details – including KB numbers for the re-released Security Only patches for Win7 and Server 2008 R2 – posted here.

  • What you need to know about today’s Apple event

    Posted on October 13th, 2020 at 20:50 Comment on the AskWoody Lounge

    From Nathan Parker:

    Apple hosted a virtual event on October 13. This was one of the most exciting Apple events I have watched. Here is the bottom line of the major product announcements:

    HomePod mini: Smaller circular design, 360 degree audio, S5 chip (Apple Watch chip, not an A Series chip), Computational Audio optimizes each audio when played, new Intercom support arriving to all Apple devices, stronger emphasis on being a home assistant, Emphasis on privacy, $99 (versus $299 for the larger HomePod).

    iPhone 12: Now includes 5G, New design similar to iPhone 4 and 5, iPhone mini option (6.1” vs 6.4” display on the larger iPhone 12), Ceramic Shield offers better protection (including better spill and splash resistance), New colors, A14 Bionic chip, OLED comes to iPhone 12, Dual Cameras with Night Mode, Night Mode Selfies, Deep Fusion, Smart HDR 3 and Portrait Mode, , Night Mode Time Lapse, Record and Edit Video in Dolby Vision, Support for MagSafe Accessories (magnetic chargers, cases, wallets, etc), Faster Wireless Charging

    iPhone 12 Pro: Includes everything on the iPhone 12 with 6.1” and 6.7” Display options, Smaller bezels, Four colors including Pacific Blue (stainless steel bands instead of aluminum), LiDAR sensors, Four Cameras with expanded Night Mode, ProRAW Support (the ability to shoot RAW on a phone camera), HDR Video Recording

    A few additional things to know:

    • iPhone 12 mmWave support is limited to the US
    • Apple is including three months of Apple Arcade in addition to a free year of Apple TV+
    • iPhone 12 models no longer come with EarPods and Power Adapter, do include USB C Cable (this extends to future iPhone 11, XR, and SE purchases)
    • iOS 14.1 and iPadOS 14.1 was also released today, watchOS 7.0.2 was released recently as well