News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • MS-DEFCON 3: There are some oddities, but it’s time to install the July 2020 patches

    Posted on July 31st, 2020 at 10:23 woody Comment on the AskWoody Lounge

    Looks like Microsoft’s fixed the bugs that it introduced this month. It’s time to get the July patches installed.

    There’s one potential oddity — you may get the .NET Framework Preview installed on Windows 10 version 1903 or 1909 — but I don’t see any reported bugs in that (unwanted!) patch.

    Step-by-step details in Computerworld Woody on Windows.

  • Where we stand with the July 2020 patches

    Posted on July 30th, 2020 at 13:23 woody Comment on the AskWoody Lounge

    Patching bugs this month ran quite the gamut, from a buggy patch for paying Win7 customers to a “move fast and break things” server bug in Outlook.

    The situation with the “optional, non-security, C/D Week” patches seems murky as ever.

    Details in Computerworld Woody on Windows.

  • Patch Lady – Windows 7 ESU and the .NET patch problem

    Posted on July 24th, 2020 at 11:19 Susan Bradley Comment on the AskWoody Lounge

    For those of you with Windows 7 ESUs that could not install the July .NET KB4565636 patch it looks like the issue has been resolved.

    A new version of KB4565636 has been released. After a WU rescan, the update was installed successfully on the previously problematic machine.

    (According to the log, the machine still gets detected as having a “FES” license, but at least the installer recognizes the ESU license now.)

    See the Microsoft Answers forum.

  • Windows Update’s bifurcated mess

    Posted on July 24th, 2020 at 10:27 woody Comment on the AskWoody Lounge

    Now we know why this week’s Preview patches behave so strangely.

    Details in Computerworld Woody on Windows. Thx, @abbodi86!

  • Patch Lady – so why did I get that?

    Posted on July 22nd, 2020 at 15:58 Susan Bradley Comment on the AskWoody Lounge

    So two interesting things about recent patching related topics:

    Thing one:  Why is .NET installing differently than Windows 10.  So we started to get the optional non security preview patches again.  If you “check for updates” (and remember that isn’t really check for updates it’s more like sure, shove them down whether I really wanted them or not) you will get KB456900 if you have Windows 10 1903 or 1909.  The documentation states that ” Go to SettingsUpdate & SecurityWindows Update. In the Optional updates available area, you’ll find the link to download and install the update.”

    Which is exactly the same wording as the Windows 10 patch.  But that isn’t what’s happening.  I’m seeing KB4569000 pushed to me.  Furthermore because my Lenovo (and my Surface, and my other Surface and my home built machine) have 2004 pending (meaning that I get the screen that my machine isn’t quite ready for 2004, I don’t get this optional update section they are talking about.

    What optional section?

    Shouldn’t the optional patches of Windows 10 – which also have exactly the same wording and do not get pushed out if I hit “check for updates”, act the same as the optional .NET updates?  Why the difference in patching behavior?  May we have a bit of consistency please?  And note this has nothing to do with opting into the insider channel.  I am not on insider channel on this computer.

    Thing two:  Several folks have indicated that their 1809’s have recently been pushed to install 1903.  Given that servicing doesn’t end right now in July, the only thing I can think of is that a whole bunch of folks did a 365 deferral right about now this time last year.  If you are in this same boat where your plans are to jump over a version or two or three and get to 2009 (20H2) the best way to do this these days it so go into group policy or local group policy on that Windows 10 pro machine, go down to Windows update for business section, go into Select the target feature Update version, click on enabled and put in the target version value of 2009.

    For local group policy, click in the search box of Windows 10 on the bar and type in group policy.  Edit group policy will be offered up.  Click on Local Computer policy, then on Computer configuration, then on Administrative Templates, then on windows components.  Scroll down to the bottom and find Windows update.  Click on the folder called Windows Update for Business.  Now find Select the Target Feature Update version and choose the feature update you want it to hold off until.

    This works on 1803 versions or later and looks to be the better way to hold off on feature updates until you are ready for them.

  • Microsoft releases some “optional, non-security C/D Week” patches. Avoid them.

    Posted on July 22nd, 2020 at 08:14 woody Comment on the AskWoody Lounge

    The folks at MS have decided that we’re no longer in a “public health situation” that’s worthy of a moratorium on useless, error-prone patches. Late yesterday they pushed out a bunch of them.

    You may see Cumulative Update Previews offered for Win10 versions 1909, 1903, 1809, or Server 2019. (They don’t appear on my machines just yet, and there is no Preview so far for 2004.)

    You will see a Cumulative Update Preview for .NET, various versions.

    Don’t click to Download and install for any of them. You don’t want them.

    Full story in Computerworld Woody on Windows.

  • FAQ: The Windows DNS Server security hole, CVE-2020-1350, from a “normal” user’s perspective

    Posted on July 15th, 2020 at 05:41 woody Comment on the AskWoody Lounge

    You’re going to see a lot of sand flying about a Windows security hole that was plugged yesterday. Here’s what most people need to know about CVE-2020-1350, also known as SIGRed:

    Q: Do I need to be worried about it?

    A: Unless you’re in charge of a Windows DNS Server, no.

    Q: How do I know if I’m in charge of a Windows DNS Server?

    A: If you had to ask the question, you aren’t.

    Q: If I am in charge of a Windows DNS Server, should I be concerned?

    A: Yes. You need to get the latest Server cumulative update installed.

    Q: What if all of my Windows DNS Servers are internal only?

    A: You need to get patched anyway. It’s likely easier to exploit the hole on a publicly-facing Windows DNS Server, but internal servers aren’t immune. Marcus Hutchins says:

    Can affect Windows Servers that expose DNS externally, or can be triggered by getting a user to visit a malicious website using IE or pre-Chromium Edge… While technically wormable, it seems unlikely. A more likely scenario would be ransomware actors using it to gain a access to the Domain Controller, then pushing ransomware to all network clients.

    Q: Is it really that serious?

    A: Yep, it’s a significant security hole that’s been around for at least 17 years. Several people have remarked that variations on the exploit have existed for a decade. Good advice from @SwiftOnSecurity:

    Microsoft has issued an unusual private push alert to Premier customers under NDA about CVE-2020-1350. Patch or apply workaround now. Note workaround requires DNS service restart do not just hand this to admins. I do NOT trust the registry key workaround. Its effect is not auditable and provable. Apply the patch. Something this big with no signs of current exploit means Microsoft went through in-depth testing to prove it out before telling the world. Apply patch and validate and deploy it now.

    Q: Should we bend over and kiss our cumulative keesters goodbye?

    A. Depends on your keester, I guess. We’ll see an active exploit soon, but not right away. Per Kevin Beaumont:

    I don’t expect a quick turnaround to RCE in public, the discoverers didn’t reach it, it requires time and skill… after every big RCE vulnerability announcement, Twitter becomes ‘this would take 5 minutes to write an exploit for!’ Then rarely anybody writes a public RCE exploit quickly, unless it’s a GET web request. If there’s some degree of skill required, a barrier.

    For 99.9% of you, there’s nothing to be concerned about. For the other 0.1%, it’s showtime.

    There’s a technical description from Sagi Tzadik on the Check Point Research web site.

  • July 2020 Patch Tuesday

    Posted on July 14th, 2020 at 12:09 woody Comment on the AskWoody Lounge

    Here’s what we know about this month’s Patch Tuesday crop.

    Big news: There’s a bug in Windows DNS Server that’s a “wormable” Remote Code Execution vulnerability, with a CVSS score of 10.0 – as high as it gets. If you’re running a Windows DNS Server, you need to install CVE-2020-1350, even if it’s buggy. There’s a registry change that’ll subvert the bug.

    Win10 Patch Tuesday cumulative updates –

    • Version 1903 and 1909 – KB 4565483 – Fixes the long-standing LSASS bug
    • Version 2004 – KB 4565503 – Fixes the OneDrive app bug, in addition to the LSASS bug.

    Dustin Childs’ analysis on the Zero Day Initiative blog is up:

    • Fixes for 123 individually identified security holes (CVEs), “That makes five straight months of 110+ CVEs released and brings the total for 2020 up to 742. “
    • “None of these bugs are listed as being under attack at the time of release, while one CVE is listed as publicly known.”

    In addition, Childs has a reinforcement of the DNS Server bug, “The attack vector requires very large DNS packets, so attacks cannot be conducted over UDP. Considering Windows DNS servers are usually also Domain Controllers, definitely get this patched as soon as you can.” The bug is known as SigRed, and apparently has been around for 17 years, according to Hackernews.

    New Servicing Stack Updates for Win10:

    Martin Brinkmann has his usual thorough list on ghacks.net.