News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • August 2019 Office non-Security updates have been released

    Posted on August 6th, 2019 at 16:37 PKCano Comment on the AskWoody Lounge

    The August 2019 non-Security Office updates have been released Tuesday, August 6, 2019. They are not included in the DEFCON4 approval for the July 2019 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and  recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2013
    Update for Microsoft Office 2013 (KB4475556)
    Update for Skype for Business 2015 (KB4475564)

    Office 2016
    Update for Microsoft Excel 2016 (KB4475550)
    Update for Microsoft Office 2016 (KB4475516)
    Update for Microsoft Office 2016 (KB3114528)
    Update for Microsoft Office 2016 (KB4475542)
    Update for Microsoft Office 2016 (KB3141456)
    Update for Microsoft Office 2016 (KB4464588)
    Update for Microsoft Office 2016 (KB4032254)
    Update for Microsoft Office 2016 (KB4475551)
    Update for Microsoft Office 2016 (KB4464535)
    Update for Microsoft Office 2016 Language Interface Pack (KB4475541)
    Update for Microsoft OneNote 2016 (KB4092450)
    Update for Microsoft PowerPoint 2016 (KB4464577)
    Update for Microsoft Project 2016 (KB4475544)
    Update for Skype for Business 2016 (KB4475548)

    UPDATE: Microsoft Support pages now have links to the download center 8/8/2019.

    There were no non-security listings for Office 2007 (which is out of support) or Office 2010.

    Updates are for the .msi version (persistent). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

  • Warning: Some July Office patches make it impossible to save DOC, XLS files on network shares

    Posted on July 17th, 2019 at 12:53 woody Comment on the AskWoody Lounge

    An emergency report:

    It appears that Microsoft closed off write access to the older file extensions when they are located on a network share when some of the July Office patches are installed.

    We’ve positively identified two patches that when removed we know fixes this issue:

    · KB4475513 (for Excel 2016)

    · KB4475514 (for Word 2016)

    By also analyzing their associated CVE’s and also hearing of issues with and Office 2013 as well, we’ve broadened the list to include some of their neighbors:

    · KB4464565 (for Excel 2013)

    · KB4464572 (for Office 2016)

    · KB4464558 (for Office 2013)

    Will keep you posted.

    UPDATE: Many of you have reported that you can’t reproduce this bug. Which is great! But when you post a report, could you include the version of the Server that you’re using? That may be a key difference.

  • Office non-security patches for July 2019 are out

    Posted on July 3rd, 2019 at 08:04 woody Comment on the AskWoody Lounge

    The July 2019 non-Security Office updates have been released Tuesday, July 2, 2019. They are not included in the DEFCON 4 approval for the June 2019 patches (see the preceding post). Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and  recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2010
    Update for Microsoft Filter Pack 2.0 (KB3114879)
    Update for Microsoft Office 2010 (KB3114397)

    Office 2013
    Update for Microsoft Word 2013 (KB4475525)

    Office 2016
    Update for Microsoft Access 2016 (KB4462237)
    Update for Microsoft Office 2016 (KB4032236)
    Update for Microsoft Office 2016 (KB4464582)
    Update for Microsoft Office 2016 (KB4464595)
    Update for Microsoft Office 2016 Language Interface Pack (KB4475515)
    Update for Microsoft Project 2016 (KB4475518)
    Update for Microsoft Word 2016 (KB4475521)

    There were no non-security listings for Office 2007, which is out of support. The Office 2010 patch is for, you guessed it, the Japanese date change frolic.

    Updates are for the .msi version (persistent). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

  • Mimecast shows yet another way to zap systems using Excel’s Power Query feature

    Posted on June 27th, 2019 at 09:56 woody Comment on the AskWoody Lounge

    Early this morning, email security company Mimecast released a report detailing how malicious folks can attack by abusing the Excel feature called Power Query:

    Mimecast Threat Center found and developed a technique that uses a feature in Microsoft Excel called Power Query to dynamically launch a remote Dynamic Data Exchange (DDE) attack into an Excel spreadsheet and actively control the payload Power Query.

    The threat they describe isn’t unique — if you’ve been working with Excel for any time at all, you know there are features that just beg to be abused — but it is quite clever.

    The folks at Mimecast gave Microsoft a chance to respond, but

    Mimecast worked with Microsoft as part of the Coordinated Vulnerability Disclosure (CVD) process to determine if this is an intended behavior for Power Query, or if it was an issue to be addressed. Microsoft declined to release a fix at this time and instead offered a workaround to help mitigate the issue.

    Thus, we’re getting a full exposure. For more details, look at Mimecast’s report.

  • Why I recommend pausing Windows updates every month

    Posted on June 24th, 2019 at 01:15 Tracey Capen Comment on the AskWoody Lounge

    WOODY’S WINDOWS WATCH

    By Woody Leonhard

    Yeah, I know I sound like a broken record. But the simple fact is that you have much to lose and little to gain by opening your system up to Windows’ automatic updating system.

    Rather than installing Microsoft’s patches as soon as they’re released, I believe it’s much safer to hold off, let the screams of pain die down, wait for MS to fix its problems, and patch a few weeks later.

    Read the full story in the AskWoody Plus Newsletter 16.23.0 (2019-06-24).

  • The case against knee-jerk installation of Windows patches

    Posted on June 16th, 2019 at 21:12 woody Comment on the AskWoody Lounge

    I finally had a chance to put together a manifesto for a heretical position I’ve taken publicly for more than a decade:

    Windows Automatic update is for chumps

    Yes, you have to get patched sooner or later (although Group W holdouts will disagree), your Sainted Aunt Martha should be on auto updates, and a tiny number of patches have to go in right away. But in the vast majority cases, for the vast majority of people, installing patches as soon as they roll out just doesn’t make sense.

    Unless you have a staff charged with vetting patches, it’s much smarter to crowdsource patch beta testing. Don’t get pushed into blindly taking what comes out the auto update chute.

    Details in Computerworld Woody on Windows.

  • June 2019 non-Security Office updates are available

    Posted on June 4th, 2019 at 12:44 PKCano Comment on the AskWoody Lounge

    The June 2019 non-Security Office updates have been released Tuesday, June 4, 2019. They are not included in the DEFCON4 approval for the May 2019 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and  recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2013

    Update for Skype for Business 2015 KB4464593

    Office 2016

    Update for Microsoft Excel 2016 KB4464578
    Update for Microsoft Office 2016 KB4464539
    Update for Microsoft Office 2016 KB4464579
    Update for Microsoft Office 2016 Language Interface Pack KB4464581
    Update for Microsoft Outlook 2016 KB4464585
    Update for Microsoft Project 2016  KB4464589
    Update for Skype for Business 2016 KB4464576

    There were no non-security listings for Office 2007 (which is out of support) or Office 2010.
    Updates are for the .msi version (persistent). Office 365 and C2R are not included.
    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

  • Patch Lady – seeing Outlook authentication issues

    Posted on May 11th, 2019 at 23:24 Susan Bradley Comment on the AskWoody Lounge

    On a private facebook group and on this thread in a Microsoft forum I’ve been seeing issues where Outlook via Office 365 is having issues authenticating.  I’m not quite sure of the trigger.  I don’t think it’s due to updates.  But the symptoms are that suddenly Outlook can’t authenticate and an error message that references a trusted platform module

    “”something went wrong” error that Trusted Platform Module has malfunctioned, error code 80090016.  The server message is “Keyset does not exist Keyset does not exist”

    There are a couple of ways around the issue.

    1. Build a new profile.  Icky but it works.
    2.  Enable multi factor authentication (which is wise to do anyway)
    3. Clear out the TPM chip cache (it appears some corruption is occurring which messes up the authentication)
    4. Or use this registry setting:

    Shut down Outlook and set the following registry key. (Disables modern authentication)
    HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\
    REG_DWORD
    EnableADAL
    0