Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Do you run a DNS server?

    Posted on December 13th, 2018 at 10:21 woody Comment on the AskWoody Lounge

    If you aren’t sure, believe me, you aren’t running a DNS server.

    If you are running a DNS server, @SimonZerafa wrote to me and suggested I nudge you about CVE-2018-8626. It’s a bug that lets bad programs bring DNS servers to a crawl.

  • How to disable Win10 driver updates

    Posted on December 13th, 2018 at 05:04 woody Comment on the AskWoody Lounge

    I’m seeing even more reports of zapped drivers — people who install the latest cumulative updates, and end up with new driver versions that mess with their video, audio and/or peripherals.

    There’s an interesting post on Reddit, from thesereneknight:

    /u/webdeveler suggested these steps to me:

    If you have Windows 10 Pro, it’s easy.

    1. Open Local Group Policy Editor

    2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update

    3. Set “Do not include drivers with Windows Updates” to Enabled

    If you have Windows 10 Home, you have to create a registry key.

    1. Open Registry Editor (regedit)

    2. Navigate to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows

    3. Add a new Key named “WindowsUpdate”

    4. Inside WindowsUpdate, add a new DWORD “ExcludeWUDriversInQualityUpdate” with a value of “1”

    Can any of you vouch for the Home/regedit solution?

  • All I want for Christmas is a patching process that works

    Posted on December 12th, 2018 at 11:36 woody Comment on the AskWoody Lounge

    Instead, I figure it’ll be a lump of cumulative coal.

    Details on this month’s patches and their early foibles in Computerworld Woody on Windows.

  • December 2018 Patch Tuesday is under way

    Posted on December 11th, 2018 at 12:52 PKCano Comment on the AskWoody Lounge

    December Updates are rolling out. There are 194 updates listed in the Update Catalog.

    Martin Brinkman at ghacks.com has his usual thorough summary.

    Operating System Distribution

    • Windows 7: 9 vulnerabilities of which 9 are rated important.
    • Windows 8.1: 8 vulnerabilities of which 8 are rated important.
    • Windows 10 version 1607:  12 vulnerabilities of which 2 are critical and 10 are important
    • Windows 10 version 1703:  11 vulnerabilities of which 1 is critical and 10 are important
    • Windows 10 version 1709: 12 vulnerabilities of which 2 are critical and 10 are important
    • Windows 10 version 1803: 12 vulnerabilities of which 2 are critical and 10 are important
    • Windows 10 version 1809: 19 vulnerabilities of which 2 are critical and 17 are important

    Windows Server products

    • Windows Server 2008 R2: 9 vulnerabilities of which 9 are important.
    • Windows Server 2012 R2: 9 vulnerabilities of which 1 is critical and 8 are important.
    • Windows Server 2016: 11 vulnerabilities of which 2 are critical and 9 are important.
    • Windows Server 2019: 13 vulnerabilities of which 2 are critical and 11 are important.

    Other Microsoft Products

    • Internet Explorer 11: 4 vulnerability, 1 critical, 3 important
    • Microsoft Edge: 5 vulnerabilities, 5 critical

    Microsoft Office Security Updates are available. There are updates for Office 2016, Office 2013, Office 2010, the Office Viewers and the SharePoint Servers.

    The .NET updates include Security-only updates this month, as well as the usual .NET Rollups.

    For those of you with Windows 10, there are new Servicing Stack updates:
    Win10 1709 Build 16229.846 KB 4477136
    Win10 1803 Build 17134.471 KB 4477137

    Interesting note from Senior Solutions Architect Allan Liska at Recorded Future:

    Microsoft Edge has multiple critical vulnerabilities in its Chakra Core scripting engine. This is the now the 15th straight month that Microsoft has disclosed a vulnerability in the Chakra scripting engine, the last Patch Tuesday without a Chakra disclosure was September of 2017. This month’s vulnerability (CVE-2018-8583 and CVE-2018-8629) is a memory corruption vulnerability that, if exploited, would allow an attacker to execute arbitrary code on the victim’s machine.

    Note Microsoftie liminzhu’s post on GitHub:

    We’ve seen your questions for ChakraCore and we want to be transparent and honest with the open-source community that has given us so much support. To be compatible with the rest of the platform and reduce interoperability risks, Microsoft Edge will use the V8 engine as part of this change. There is much to build and learn, but we’re excited to take part in the V8 community and start contributing to the project.

    ChakraCore is currently being used in various projects outside the browser. So, despite the change of direction for Microsoft Edge, our team will continue supporting ChakraCore.

    You have to wonder if ChakraCore’s holiness is a contributing factor in Microsoft’s switch to the Chromium rendering engine.

    Dustin Childs has his usual report up on the Zero Day Initiative site. He lists one vulnerability as exploited, but not publicly known, and one as known but not yet actively exploited. All the rest are less serious.

    The exploited vulnerability — the 0day — has a familiar pedigree:

    For the third month in a row, December has a Win32K (kernel-mode drivers) elevation of privilege vulnerability listed as currently under active attack. And, as was the case in previous months, this bug was reported by researchers at Kaspersky Labs, indicating this bug is being used in malware. Again, this is likely being used in targeted attacks in combination with other bugs.

    Translation: Unless you’re protecting enormous state secrets (probably in a language other than English), you’re undoubtedly in the clear. Expect an explanation from Kaspersky shortly.

    Chris Hoffman at How-To Geek has a seeker warning:

    Microsoft hasn’t learned its lesson. If you click the “Check for Updates” button in the Settings app, Microsoft still considers you a “seeker” and will give you “preview” updates that haven’t gone through the normal testing process.

    Of course, to be completely clear, I don’t recommend that you install ANY updates. It’s much too early to know what evil lurks in the hearts of man…

  • Here’s how to hide KB 4023057 – and any other Win10 updates you don’t want

    Posted on December 10th, 2018 at 07:03 woody Comment on the AskWoody Lounge

    From @PKCano –

    I hid the updates using wushowhide, but they installed anyway.

    If you have ever experienced this, here is an explanation and a way to avoid it in the future.

    My method for hiding/avoiding KB 4023057 (and any other updates you do not want):

    Be sure your Network connections are set to metered connections each time before shutting down the computer. That way, you are on Metered connections when you boot up.

    + Boot computer with metered connections on.
    Immediately run wushowhide. (Advanced\uncheck auto fix)
    Hide KB 4023057 (and whatever other updates you do not want).
    + Open Services – highlight Windows Update Service, Disable, Apply, Stop the service (upper left)
    Restart the computer (not shutdown/bootup)
    + Open Services – highlight Windows Update Service, set to Manual, Apply, DO NOT start the service. Close Services.
    Immediately run wushowhide and verify the update(s) are hidden, then verify they are not available to be hidden.
    Disconnect from the Internet (Use one of these methods and be SURE you have no connection: remove the Ethernet cable, disable wifi, or  disable the NIC(s))
    + Go to Settings\Update & Security\Windows Update and click  “Check for Updates.”This should give you an error or “Retry.” Close Settings.
    Reconnect the Internet.
    +Restart the computer. This should allow Windows Update to search for updates without clicking on “Check for Updates” again and refresh the Windows Update queue.
    + Now you should be able to open Settings\Updates and Security and update without getting the hidden updates. Once you see that only the ones you want are there, turn off Metered connections and allow download.
    + Reset connections to Metered BEFORE the Restart.

    If you do not follow the above procedure, the updates you have supposedly hidden may not be cleared from the Settings\Updates and Security\Windows update queue and will thus be downloaded and installed in spite of the fact you THINK you have hidden them.

  • MS-DEFCON 2: December Patch Tuesday arrives tomorrow; get your machine locked down

    Posted on December 10th, 2018 at 06:45 woody Comment on the AskWoody Lounge

    My usual monthly admonition applies: Make sure your computer is locked down, to avoid surprises on Patch Tuesday.

    I don’t expect a very big Patch Tuesday, frankly, except for those of you on Win10 1809 (who will get to absorb the contents of last week’s non-security cumulative update). Still, even if it’s a rather uneventful Patch Tuesday, you’d be well advised to turn auto updates off.

    Computerworld Woody on Windows.

  • MS-DEFCON 4: A perfect calm before the next patching storm

    Posted on December 7th, 2018 at 11:44 woody Comment on the AskWoody Lounge

    Well, not literally perfect, but pretty close. Get your patches installed.

    There’s a new Flash update, KB 4471331, that you need (if it appears in your Windows Update list) and a new KB 4023057 that you don’t want.

    Last month’s tactic of setting Win10 Pro “quality update” (cumulative update) deferrals to 15 days seems to be working well. If you followed my advice last month, you already have your patches, and everything should be fine. You don’t need to lift a finger.

    Details in Computerworld. Woody on Windows

    We’re at MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  • Microsoft pushes yet another version of KB 4023057

    Posted on December 7th, 2018 at 10:42 woody Comment on the AskWoody Lounge

    In the perennial bad news department:

    Yesterday Microsoft released yet another version of KB 4023057, the Update to Windows 10, versions 1507, 1511, 1607, 1703, 1709, and 1803 for update reliability. This is the 20th or 30th version of the patch.

    As I said on Nov 19, the last time it was updated:

    @ch100 has offered the only explanation that makes sense to me:

    KB4023057 was and still is one of the most weird and unexplained updates in the recent times. This update has never been offered to WSUS, but only to Windows Update. This would indicate that it meant for unmanaged end-users and unmanaged small business users…

    This patch may be harmless, but why it was released and where it actually applies, it is still a mystery.

    It’s most likely associated with the 1809 rollout, although why it didn’t appear in early October when 1809 first raised its ugly head leaves me baffled.