-
I am Win 7 x64 and use Google Chrome as my browser, with Flash disabled. Therefore, I assume I donโt need to do an update for Flash to overcome this exploit? appreciate advice on this. GeoffB
Google Chrome auto updates the flash player – see my blog post below how to check the version.
Adobe Flash Player version 30.0.0.113 available
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
0patch is long in business and provided a couple of useful patches in the past (I’ve blogged several times about their solutions). If you are facing the situation that you can leave your machine vulnerable or closing the vulnerability but haven’t a network, then 0patch can be a solution – imho.
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
For those having issues with a new logical drive (OEM or restore partition) after upgrade, I’ve published an article with workarounds
Windows 10 V1803 update creates a new OEM Partition
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
5 users thanked author for this post.
-
AFAIK the updates itself hasn’t changed. But MS has changed the KB descriptions. Some details here:
https://borncity.com/win/2018/04/05/windows-kb4090450-kb4088875-kb4088878-kb4088881/
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
Just for your information. There ist aย Critical flaw in MS Malware Protection Engine (CVE-2018-0986)ย that allows a remote code execution. Updates will be delivered within the next 24 hours to all affected products (Defender, MSE, Forefront, Exchange Server).
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
Guess users of Windows 7 and Sever 2008 R2 are now sacked – the ne patches has nasty ‘known issues’ – and the old January 7 February (Meltdown) patches comes with a nasty surprise.
It seems, something went terribly wrong: January/February 2018 Meltdown patches from Microsoft opens even a bigger hole. No more exploit is necessary to access the memory from user processes (and even write it).
Seeย Windows 7 Jan./Feb. 2018 patches opens Total Meltdown vulnerability
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
1 user thanked author for this post.
-
It seems, something went terribly wrong: January/February 2018 Meltdown patches from Microsoft opens even a bigger hole. No more exploit is necessary to access the memory from user processes (and even write it).
Seeย Windows 7 Jan./Feb. 2018 patches opens Total Meltdown vulnerability
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
It seems, something went terribly wrong: January/February 2018 Meltdown patches from Microsoft opens even a bigger hole. No more exploit is necessary to access the memory from user processes (and even write it).
See Windows 7 Jan./Feb. 2018 patches opens Total Meltdown vulnerability
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
Patch for IE 11 fixes crash on Win 7
Internet Explorer Update KB4096040 (March 23, 2018)Preview Rollup Update for Windows 7 with many issues
Windows 7: Preview Rollup Update KB4088881 (03/23/2018)
To me, it seems that Windows 7 and Windows Server 2008 R2 users /admins are guinea pigs for Microsoft.
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
1 user thanked author for this post.
-
Since posting the first edition of my blog article, I added some text (we have a discussion on German Facebook). Microsoftโs articleย Configure Windows diagnostic data in your organizationย from October 2017 contains contradictionary statements. What I read, was:
The Security level gathers only the diagnostic data info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
-
Welcome at askwoody
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
3 users thanked author for this post.
-
Microsoft Update Catalog is not broken catalog.update.microsoft.com is the IE-activex front-end http://www.catalog.update.microsoft.com is the non-activex front-end (for IE and other browsers)
That’s what also some German users told me, but …
I mentioned it within my German commentย – just try the two tests below.
http://www.catalog.update.microsoft.com
catalog.update.microsoft.comThe last link shows โServer negotiated HTTP/2 with blacklisted suiteโ (btw also for IE 11 and Edge under Windows 10). I would say, it’s some misconfigured servers, probably.
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
I guess, the risk for private user is minimal. But it’s probably an attack vector, that should be discussed at least.
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
1 user thanked author for this post.
-
See my addendum one post above. It seeems that you altered a cab file.
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
4 users thanked author for this post.
Author
