News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • December 2019 Patch Tuesday foibles and quibbles

    Posted on December 11th, 2019 at 07:45 woody Comment on the AskWoody Lounge

    Microsoft has officially yanked the bogus Autopilot patch, KB 4532441, that some of you saw yesterday. Reminds me a lot of the same stupid thing in October.

    The new MSRT appeared several hours after the rest of this month’s patches.

    And that new end-of-life nag for Win7 has a bypass – if you’d rather change a registry key, instead of clicking to dismiss it permanently. (Or if you don’t trust Microsoft to do what they say.)

    Screenshot of the nag, thx @Microfix

    Full details coming in Computerworld Woody on Windows

  • December 2019 Patch Tuesday running commentary

    Posted on December 10th, 2019 at 12:12 woody Comment on the AskWoody Lounge

    I’m looking at 133 downloadable patches on the Update Catalog.

    Dustin Childs reports on the Zero Day Initiative blog:

    Microsoft released security patches for a mere 36 CVEs [separately identified security holes]. While this is a much lower quantity of CVEs compared to other months, it is quite common for Microsoft to have a light December release. None of the patches released this month are listed as publicly known, but one is listed as being actively exploited at the time of release.

    That exploited security hole, CVE-2019-1458, is described as:

    To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

    I’m not going to lose any sleep over it.

    Martin Brinkmann has his usual thorough report on ghacks.

    Remarkably, according to the Update History page, the 1903 and 1909 patches have not diverged just yet. It’ll be interesting to see if MS fixed the File Explorer Search bugs in 1909 that have been widely reported.

    Mary Jo Foley reports that the Win7 Monthly Rollup includes a nag screen  about upgrading to Win10. (The Security-only Update also includes the nag screen.) Sure enough, the Monthly Rollup KB article says:

    IMPORTANT Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1:

    Note The notification will not appear on domain-joined machines or machines in kiosk mode.

    Looks like an uncharacteristically drama-free bunch of patches. (Although it’s typical for December.) We’ll keep you posted on any identified bugs, of course.

    UPDATE: AutoPilot’s back – Win10 1909 Pro users are being offered an AutoPilot fix — even if they don’t have AutoPilot. The KB article has been updated to say it’s been re-issued. Back in October, MS admitted that the AutoPilot patch had been pushed to Pro users incorrectly – and that it was offered repeatedly, even after it was installed. Wonder if we’ll see it pulled again?

    And the 1909 cumulative update doesn’t fix the File Explorer Search bug. See this Reddit thread.

  • Running a SharePoint server? Better make sure it’s patched.

    Posted on December 10th, 2019 at 09:55 woody Comment on the AskWoody Lounge

    Kevin Beaumont reports that CVE-2019-0604 — a SharePoint Server vulnerability first patched in February, then re-patched in March — is under active attack.

    A reminder that all organisations should be patching SharePoint vulnerability CVE-2019-0604 (from February) as significant numbers of assets remain exposed, and the vulnerability is actively exploited in the wild.

    If you have a SharePoint Server — any version — that hasn’t been patched since March, get on the stick.

  • MS-DEFCON 2: Make sure automatic update is blocked

    Posted on December 9th, 2019 at 08:36 woody Comment on the AskWoody Lounge

    Tomorrow’s Patch Tuesday. Now’s a good time to double-check and make sure the patches won’t hit you the minute they roll out the Windows Update chute.

    Step by step instructions in Computerworld Woody on Windows.

  • Chasing the elusive upgrade for Win10 Pro v1803

    Posted on December 8th, 2019 at 14:45 PKCano Comment on the AskWoody Lounge

    I have been doing some testing on my Win10 Pro v1803 machine. I wanted to see if the pulldown deferral settings in the Windows Update GUI under Advanced Settings really work.

    My Win10 Pro v1803 Windows Update Settings are as follows:
    + In the GUI, Semi Annual Channel, Feature Update deferral=365, Quality Update deferral=0, NO Pause.
    + In Group Policy under Windows Update\Configure Automatic Updates=Enabled, value=2 (notify download/install)
    + Fully up-to-date 2019-11 CU KB4525237 Build 17134,1130
    + wushowhide shows NO available updates.
    + There are no pending updates in the queue and it is reported “Up to date”.
    + There is NO “Download and install now” section/link because the updates are deferred thus not available.

    Testing:
    1. Set deferral=230 days, rebooted, wushowhide shows Feature Update 1809 (2019-1113)
    2. Set deferral=200 days, rebooted, wushowhide shows Feature Update 1809
    3. Set deferral=180 days, rebooted, wushowhide shows Feature Update 1809
    4. Set deferral=150 days, rebooted, wushowhide shows Feature Update 1809
    5. Set deferral=120 days, rebooted, wushowhide shows Feature Update 1903
    6. Returning to deferral=365 days, rebooted, wushowhide shows NO available updates.

    Observations:
    + Perhaps the 180 deferral for v1903 is too large by the 60-day one-time extension MS allowed for the change in updating (eliminating SAC (Targeted).
    + Settings between 230 days and 150 days deferral make v1809 available in wushowhide
    + A setting of 120 days deferral make v1903 available in wushowhide.
    + Returning to 365 days deferral eliminated the availability of the upgrades.
    + I did not run “Check for updates” because I did not want to do the upgrade at this time and that would have initiated the download/install.
    + Because I did not wait for the system to check for updates on its own, there were no available Feature Updates, so I did not see the “Download and install now” section.

    Conclusion: The deferrals seem to be working as expected.

  • Cimpanu: Most significant security events of the 2010s

    Posted on December 6th, 2019 at 05:33 woody Comment on the AskWoody Lounge

    Catalin Cimpanu on ZDNet has a fascinating article detailing the “most important data breaches, cyber-attacks, and malware strains of the last decade” — a lengthy list of malware milestones.

    Something struck me as I was reading the list. I couldn’t find one, single piece of Windows-based malware that appeared soon after Microsoft posted a related cumulative update. Not one.

    I know — and a Microsoft study backs me up — that, in recent years, the chances of getting infected shortly after a security patch appears is very tiny. But I didn’t realize that the pattern has held true for a decade.

    Can you prove me wrong? Is there any significant piece of malware in the past decade that appeared shortly after the related cumulative update? For sake of argument, let’s say “shortly” = 3 weeks or so. If you can find one, I’d sure like to hear about it.

  • MS-DEFCON 4: Time to get the November patches installed

    Posted on December 5th, 2019 at 08:52 woody Comment on the AskWoody Lounge

    A few quick notes:

    • I’m recommending that Win10 Home users move to version 1903 (or 1909). The ability to Pause updates outweighs the potential hassles and problems with changing versions. That said, I still recommend that Win10 Pro users stay on 1809 (awaiting results of the December patches).
    • There’s a bug in the Office patches that throws bogus “Query … is corrupt” errors. If you hit that error, you need to manually install a fix.
    • The manually installed “Group B” security-only patches for Win7 and 8.1 do not include telemetry this month. But you will need the SHA-2 patch to get the Win7 patch to install.

    Full details and step-by-step instructions in Computerworld. Woody on Windows

  • Where we stand with the November 2019 patches

    Posted on December 3rd, 2019 at 10:28 woody Comment on the AskWoody Lounge

    Sifting through the list of patches and patches-of-patches, we’re in pretty good shape.

    Susan has full patch-by-patch details in her latest AskWoody Plus Newsletter Patch Watch column. If you’re in charge of installing individual patches, that’s the list to watch.

    If you’re looking at the big picture, or working on an individual machine, I have an overview in Computerworld Woody on Windows.