Newsletter Archives

• Win7 and 8.1 to get cumulative updates – you no longer control your Win7 or 8.1 machine

  Posted on August 15, 2016 at 14:55 CDT by woody • Comment in the Forums

  InfoWorld Woody on Windows: Microsoft ‘simplifying’ Win 7 and 8.1 updates pushes even harder toward Windows 10. End of Windows as we know it?

  Hard to believe, but starting in October, we won’t have the luxury of vetting patches before they’re dumped.

  Nathan Mercer on TechNet:

  Based on your feedback, today we’re announcing some new changes for servicing Windows 7 SP1 and Windows 8.1. These changes also apply to Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2…

  From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update. The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on. Devices that have this rollup installed from Windows Update or WSUS will utilize express packages, keeping the monthly download size small.

  Over time, Windows will also proactively add patches to the Monthly Rollup that have been released in the past. Our goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date. We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.

  We are planning to add these previously shipped patches over the next year and will document each addition so IT admins know which KBs have been included each month.

  Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available.

  Devil’s advocate: If you can no longer control what Microsoft puts on your Win7 or 8.1 machine, is there any reason to avoid Windows 10?

  Devil’s second advocate: How can companies cede this kind of control to MS?

  Windows Patches/Security Windows 7 8.1 monthly rollup

• Even more reasons why you don’t want the Windows 10 Anniversary Update

  Posted on August 15, 2016 at 07:45 CDT by woody • Comment in the Forums

  It ain’t ready yet, folks.

  InfoWorld Woody on Windows

  Windows Patches/Security Windows 10 Anniversary Update

• Acknowledged printing bugs in KB 3177725, Win7 security patch, and KB 3176493, Win10 10586.545 update

  Posted on August 15, 2016 at 07:18 CDT by woody • Comment in the Forums

  The “magic” Win7 Update speedup patch has a flaw.

  InfWorld Woody on Windows

  Windows Patches/Security KB 3176493, KB 3177725

• New Win10 beta 14901 is out

  Posted on August 12, 2016 at 07:14 CDT by woody • Comment in the Forums

  I was going to write up the new Windows 10 beta branch – Redstone 2, build 14901 – but Microsoft somehow forgot to send me a copy. I’m sitting here, early Friday morning, with my long-time trusty beta testing machine and it’s still stuck on 14393.67.

  Oh well. I hope I’ll get a chance to look at it over the weekend and let you know how File Explorer looks with its new “suggestions” and step through the new Network status settings page.

  Sigh.

   

  Uncategorized, Windows Patches/Security Windows 10 14901

• Excel bug fixed: Renamed HTML files now open properly.

  Posted on August 11, 2016 at 13:01 CDT by woody • Comment in the Forums

  Reversing a bug that was intentionally introduced last month. It isn’t a complete solution, but it is a decent compromise.

  InfoWorld Woody on Windows

  Windows Patches/Security Excel, HTML renamed as XLS

• What you need to know about Win10 builds 14393.67, 14393.51, 10586.545, 10240.17071

  Posted on August 10, 2016 at 12:24 CDT by woody • Comment in the Forums

  It’s like documenting a reorganization of the Byzantine Army.

  InfoWorld Woody on Windows

  Also, Microsoft delivers an epitaph for Windows Journal….

  Windows Patches/Security 10240.17071, 10586.545, 14393.51, 14393.67

• Quick overview of Windows 10 updating strategy

  Posted on August 10, 2016 at 11:22 CDT by woody • Comment in the Forums

  Good, short recap of the way Windows 10 is getting updates — cumulative updates, “Current Branch for Business” (which is basically a setting in Group Policy), and how you can control updates if you have Windows 10 Pro.

  Ed Bott in Tech Pro Research.

  Windows Patches/Security Windows 10 patches

• Patch Tuesday patches are out

  Posted on August 9, 2016 at 13:01 CDT by woody • Comment in the Forums

  It’s a strange mixture.

  MS16-095, the usual IE cumulative update

  Three different flavors of MS16-095, all cumulative updates for Win10 (presumably covering IE, possibly covering Edge – the KB articles aren’t up yet). One is marked “for Windows 10,” one is for build 1511 (the Fall Update), and one is for build 1607 (Anniversary Update).

  MS16-096, the concomitant Edge cumulative update. I got a big kick out of the post from Dr. Ullrich on the SANS Internet Storm Center:

  Microsoft addresses nine vulnerabilities for Internet Explorer, and 8 for Edge. Note that there is a lot of overlap. Kind of makes you wonder how much Edge differs from Internet Explorer.

  That should sound familiar to those of you who have been reading my Edge coverage.

  The official list of security bulletins is up on the TechNet site. SANS ISC says there are no known exploits for any of the patches.

  Non-security patches:

  A non-security update for “Windows 10” (I assume that means RTM) and version 1511.

  A non-security Win10 dynamic update for version 1607.

  A non-security Win10 dynamic update for version 1511.

  The new MSRT

  In addition, KB 3172614 – the July update rollup for Win8.1 — and KB3172615 have gone from “Optional” to “Recommended”. I think.

   

  Windows Patches/Security August 2016 Black Tuesday

• How to temporarily block the upgrade from Win10 Fall Update (v 1511) to the Anniversary Update (v 1607)

  Posted on August 9, 2016 at 12:37 CDT by woody • Comment in the Forums

  Using wushowhide it’s easy. Here are the detailed steps.

  InfoWorld Woody on Windows

  Windows Patches/Security 1511, 1607, Anniversary Update, fall update, Windows 10 upgrade

• So THAT’s why the out-of-the-box Win10 patches are called zero-days

  Posted on August 9, 2016 at 11:08 CDT by woody • Comment in the Forums

  Remember my post about Win10 build 14393.5 – and my head-scratching about the term “zero day” in reference to the patch?

  Raymond Chen — who’s one of my favorite writers of all time – has provided a fascinating history lesson on the Microsoft Developer blog.

  ZDP stands for “Zero Day Package”, sometimes redundantly called a “ZDP Package”. However, this is not using the term Zero Day in the security vulnerability sense. Rather, it’s referring to day number zero: The first day the product is available to the public. The Zero Day Package is a Windows Update package that is made available on launch day. These patches are reserved for addressing serious functionality issues in important scenarios. For example, if there’s a fix for a crash in a commonly-used scenario, that’s a candidate for a Zero Day Package.

  Note, however, that even though the package is available on Day Zero, it won’t be installed on Day Zero. Windows Update will download the package and stage it for installation, but it won’t install it right away. It’ll wait a few days (I forget exactly how many) before starting to encourage you to update.

  OIC. Thanks, Raymond!

  Windows Patches/Security 14393.5, ZDP, Zero day package

• 2 simple steps to speeding up Windows 7 update scans

  Posted on August 9, 2016 at 08:54 CDT by woody • Comment in the Forums

  OK, they’re tedious, but they’re simple and easy to follow.

  Go from many hours to just a few minutes.

  InfoWorld Woody on Windows

  My thanks — and deep admiration — to Dalai, ch100, and EP.

  IMPORTANT: I forgot to mention one patch, KB 3020369, that also needs to be installed. Chances are very good you already have it, but if not, check the KB article to download and install it.

  UPDATE: I’m seeing reports that the July “magic” patch, KB 3168965, works for August, too. My current best guess is that it works for those who haven’t already installed the July patches.

  UPDATE 2: Dalai has updated the wu.krelay.de page to feature KB 3177725, the new “magic” August patch.

  UPDATE 3: Ends up that this month’s “magic” August patch, KB 3177725, has a bug in it that screws up printing multiple pages. Details coming in InfoWorld. For now, just relax. There’s nothing in August’s patches (or even July’s!) that’s super-critical.

  Windows Patches/Security Windows 7, Windows 7 update slowdown, Windows Update

• MS-DEFCON 2: Lock down Windows updates

  Posted on August 8, 2016 at 09:35 CDT by woody • Comment in the Forums

  With the August Patch Tuesday coming up tomorrow, now’s a good time to make sure you have automatic updating turned off. Follow the instructions on the Automatic Updates tab above for details.

  Before you ask… I’ll take the Windows 10 Anniversary Update down to MS-DEFCON 2, just like all the other versions of Windows (and Office, too, for that matter). Functionally, that won’t change anything, eh?

  I’m moving to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  For those of you running Windows 7… I promise I’ll have a simplified guide to speeding the Windows Update scan, in InfoWorld tomorrow.

  Windows Patches/Security August 2016 Black Tuesday
• « Older Entries

  Newer Entries »