News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

ISSUE 17.41.0 • 2020-10-19

Logo
The AskWoody PLUS Newsletter

In this issue

LANGALIST: Activation issues after a Win10 reinstall

BEST OF THE LOUNGE: Windows 10 20H2 is in the chute

WINDOWS 10: The inevitable OS: Windows 10 at five years

PATCH WATCH: It’s the end of the line for Office 2010

WINDOWS 10 2004: Taking another look at Sandbox


LANGALIST

Activation issues after a Win10 reinstall

Fred Langa

By Fred Langa

Uh-oh: My PC failed activation after a fresh, from-scratch Windows reinstall. What now?

Don’t panic! There are a number of easy-to-use solutions and workarounds, including the little-known Software Licensing User Interface that’s built into every copy of Windows 10.

Worried about OS activation after a reinstall

AskWoody subscriber Joe LaPointe wanted to scrub the OEM bloatware off his new PC using the techniques he’d read about in “Updated: A textbook-perfect Win10 reinstall” (AskWoody Plus newsletter 2020-10-5) and “A post-reinstall checklist for Windows 10” (2020-10-12).

But Joe had a serious concern: he worried that he might invalidate his OEM-provided Windows license.

  • “Hi Fred! I read your articles in the AskWoody newsletter with great interest. I just purchased a Dell XPS 13 laptop, and I’m planning to perform a Win10 reinstall to get rid of any crapware and the McAfee security software.

    “You mentioned that I probably would not need to have a Win10 activation number to perform the reinstall. However, if I download the latest version of Win10 Pro 64bit, I will most likely need to have an activation number, because I didn’t purchase Win10 separately.

    “The only activation number I have is the one that came with the laptop — and it’s for an OEM version of Win10.

    “Will an OEM activation number work for a downloaded version of Win10?”

Yes! Almost surely. Win10 activation/reactivation is designed to be — and is, in my experience — extremely reliable.

OEM PC setups usually activate via a digital license, more formally called the “System Locked Pre-installation” (SLP) key. In most OEM-configured PCs sold today, that key is baked into the system’s UEFI firmware, beyond normal user alteration or control. During installation or reinstallation, Windows knows to look for an SLP key and, if one is found, use it for activation.

Separately purchased retail versions of Windows ship with a Certificate of Authenticity Product Key (probably familiar to you as five groups of five alphanumeric characters). This key is used when there’s no SLP key present — say, in a home-built PC assembled with parts from various sources.

A formal product key might also be called for when you upgrade to a different edition of Windows — say, from Win10 Home to Pro. (In which case, the original SLP key was tied to the Home edition.)

A new, brand-name Windows PC such as Joe’s will have an OEM SLP embedded in the firmware. If you wipe out the original Windows setup and install a fresh, from-scratch copy of the same version/edition of Win10, the original SLP key will still be there, untouched and valid. And the Windows reinstallation routine should automatically look for the key and use it.

Of course, that’s not to say that problems can’t happen. Ha!

Microsoft’s licensing is aimed at thwarting large-scale piracy, not at preventing individuals from legitimately upgrading or reinstalling their operating systems. If you do run into an activation problem, Microsoft provides several readily available workarounds.

For example, Win10 has a built-in activation troubleshooter. Click through Start/Settings/Update & Security/Activation and then select Troubleshoot, as shown in Figure 1. (Note: If your PC is already activated, the Troubleshoot option should not appear.)

Activation troubleshooter
Figure 1. Win10’s built-in activation Troubleshooter can resolve many common license-related problems.

Win10 also offers hybrid local/online textual and chatbot help. Simply type get help into the search box, select the Get Help app when it’s offered, and then type “activate” into the Find solutions … box. (See Figure 2.)

The Get Help app
Figure 2. Win10’s built-in Get Help app can assist with troubleshooting.

In addition to offering articles and links, Get Help also has a Contact us button that connects you to a chatbot — a virtual Microsoft agent — that can guide you through various troubleshooting decision trees.

In pre-COVID times, human agents were also available. They’re not now (see Figure 3), but they might return at some future point.

No phone-support message
Figure 3. Microsoft has temporarily dropped phone support.

If your problem is beyond what the simpler tools can remedy, there’s plenty of in-depth information available online. For example, the “Activate Windows 10” support page offers four different ways to activate, depending on initial conditions:

  • Reactivation after reinstalling Windows 10;
  • Reactivating Windows 10 after a major hardware change;
  • First-time installation and activation on a new device or mainboard;
  • Activating a refurbished Win10 device.

You’ll also find many other online resources listed at the end of this article.

And if none of those applies, or if they don’t help, there’s still the little-known but extremely reliable by-telephone activation process.

Using the Software Licensing User Interface (SLUI)

By-phone activation involves an ordinary voice call (toll-free in much of the world) and usually takes less than 10 minutes. (Note: This method works everywhere — it covers the entire planet — and works in both Win10 and Win8.1.)

Phone activation via SLUI is easy, but because it’s intended as a manual, last-resort option, it’s somewhat hidden.

There are several ways to get started, but I prefer the most direct route: simply type this command into the Windows search box.

slui.exe 4

A Windows activate-by-phone dialog window will open (see Figure 4).

SLUI
Figure 4. Windows’ built-in Software Licensing User Interface works from anywhere on the planet — as long as you have a working phone.

Select your country or region and click Next.

Another dialog window will open with a list of the best-available Microsoft licensing-by-phone numbers for your region. You’ll also see a 63-digit Installation ID — a series of nine groups of seven numbers that combine to uniquely identify your exact PC and configuration. (See Figure 5. For obvious reasons, I’ve blurred my PC’s unique identifiers.)

Installation ID
Figure 5. The SLUI window displays a phone number to call and a long numeric identifier (here blurred).

Keeping that window up on your screen, simply dial the indicated phone number, listen to the automated instructions, and follow the given series of steps.

You’ll first be asked whether the version of Windows you’re trying to activate is already installed elsewhere. Windows licenses are usually one-per-installation, so the correct answer is “No.” (It’s on the honor system, so please don’t cheat.)

Next, the system will ask you to speak or tap into the phone keypad the seven digits in the first Installation ID group. The automated voice will then read back what you’ve entered, and you’ll have multiple chances to re-input any missed digits. When all seven digits of the first group have been correctly sent and confirmed, you’ll be instructed to do the same with the second group of digits — and then the third, and so on for all nine groups.

Because you’re dealing only with seven digits at any one time, with plenty of feedback and multiple chances to correct errors along the way, it’s surprisingly easy to work through the entire long string of numbers.

When you’ve successfully entered the last digit of the installation ID, click the Enter confirmation ID button at the bottom of the SLUI window and a new dialog window will open. Follow the spoken instructions to enter the new string of confirmation ID numbers that will be slowly read to you, one group of digits at a time.

Take your time and don’t worry if you make a mistake; the voice system will offer to repeat things as many times as you may require. You’ll also have a final go/no-go check at the end of the process. And, if there’s a problem then, you can loop back and re-enter the key anew. So relax! This isn’t a high-stress event.

Stay connected to the voice system, following its instructions until your PC reports a successful activation. If there’s still a problem, follow the voice prompts for additional options.

But the odds are good that you won’t need to go that far. One of the built-in tools and troubleshooters, support articles, or the manual SLUI method, will surely get your PC activated again!

More Windows-activation help:
  • “Activate Windows 10” – Microsoft support article
  • “Using the Activation troubleshooter” – MS support article
  • “Get help with Windows activation errors” – MS support article
  • “How to troubleshoot Product Activation in Windows 10” – MS Community article
  • “New hardware + Win10 upgrade = license trouble?” – Windows Secrets 2016-04-12
  • “Removing bloatware and OEM mods from new machines” – AskWoody Plus 2019-12-09
  • “Microsoft Licensing Activation Centers worldwide telephone numbers” – MS support article

So don’t fear reactivation! It’s rarely a problem with Win10 on today’s hardware, and there’s plenty of help available in those oddball instances where things don’t work quite as they should.

Send your questions and topic suggestions to Fred at fred@askwoody.com. Feedback on this article is always welcome in the AskWoody Lounge!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all of Fred’s current projects.


Best of the Lounge

Windows 10 20H2 is in the chute

The release of a new Win10 version is always a time of angst — and caution. Da Boss woody notes that we should all know how to block 20H2. To that end, Patch Lady Susan Bradley and Woody have posted instructions for keeping the latest Win10 at bay.

In the related forum post, fellow Loungers provide additional information on this important task.


CATEGORY

Troubleshooting file rights and ownership problems in Windows can be really daunting. After moving files from an old PC to a new system, Plus member WSIHipschman could no longer copy or delete them. Responding to the call for help, Lounge members provided tips on registry hacks, inheritance settings, PowerShell commands, and other techniques for taking back file ownership.


UPDATING

Better late than never? Forum members note that the patch in question replaces a buggy update designed just for Win8.1 and Win7 — and available only from the Microsoft Update Catalog. If you get your .NET Framework fixes via Windows Update, you’re good.


NETWORKING

The first thought you might have with this question is … why? All mobile devices come with Wi-Fi support — otherwise they wouldn’t be all that mobile. But Lounger Zaphyrus is planning for the future. Fellow Loungers discuss the pros and cons of replacing the wireless card in a laptop versus using an external adapter.


APPLE

Resident Apple guru Nathan Parker offers up a tip on using macOS’s built-in Preview app to combine multiple PDFs into one document. He also recommends a third-party app for PDF power users.


SECURITY

Plus member skeptamistic ran into a problem with an update that blocked Outlook and other Microsoft apps. Reviewing Windows’ Firewall settings proved fruitless. Various cures were suggested by other forum members, but the problem was solved by resetting the firewall. Simple fixes are always best.


Windows 10

One has to wonder how much unneeded baggage Windows 10 still carries. Case in point: Plus member FL Jack is annoyed to have three different Microsoft browsers installed — all unused. Fellow Loungers offer tips on removing, hiding, and/or disabling the unwanted browsers.


If you’re not already a Lounge member, use the quick registration form to sign up for free.


WINDOWS 10

The inevitable OS: Windows 10 at five years

Richard Hay

By Richard Hay

This past July, Microsoft’s flagship operating system, Windows 10, reached its fifth anniversary.

Over the past half-decade, Microsoft has put a lot of work into Win10, aggregated into the current Version 2004, released this past May. (The next release, Version 20H2, is due out this month. But we haven’t gotten a good look at it, and it’s reportedly a minor upgrade.)

To get an idea of how much has changed, check out the following two slides from the “Windows 10 innovations for enhanced productivity and resiliency” session at this year’s Microsoft Ignite 2020 conference. (Yes, Figures 1 and 2 are essentially eye charts. Click the images to enlarge them.)

Windows evolution slide 1
Figure 1. Windows 10 Feature Update Progress, Slide 1 — Versions 1803 through 2004. Source: Microsoft IGNITE Session DB-139

Windows evolution slide 2
Figure 2. Windows 10 Feature Update Progress, Slide 2 — Versions 1507 through 1709. Source: Microsoft Ignite Session DB-139

Arguably, Win10’s evolution has made it a better OS. But it still gets a mixed reception from users. Some people love it, others hate it — and then there’s the mass of users who have simply learned to live with it. Yes, there were diehard Windows XP users who griped about Windows 7. But it’s unlikely Windows 10 will ever engender the dogged loyalty of many Win7 users.

Microsoft often describes Win10 as a service rather than a product, as a way to explain the rounds of new releases. If so, the “service” has been spotty at best. It’s been a constant cycle of problematic “quality” (monthly) updates, delayed and confusing “feature” releases, compatibility issues, lost data, and more — all regularly detailed on AskWoody.

Despite these ongoing issues, Windows 10 is, like Marvel’s Thanos, “inevitable.” For businesses, Windows 7 is on life support, via Microsoft’s fee-based Extended Security Updates service. (Win7 users can still get some free security fixes through the 0patch site.) Win8.1 is in its extended support phase until January 2023, giving the small number of remaining users a way to stave off Win10 for a bit over two years.

For most consumers and businesses, Windows 10 is the only choice for the long haul — especially as older PCs are retired and new systems come online. (A common theme in the AskWoody forums is: “I bought a new PC, and it came with Windows 10. I need help!”)

Coping with shorter life cycles: In the past, the typical lifespan of a Windows version was ten years, which would now put Windows 10 at midlife. However, the OS’s semi-annual feature updates have far shorter lives.

For example, the first version of Win10, released in July 2015, reached its “end of service” (EoS) in May 2017. Likewise, versions of 1511, 1607, and 1703 are also obsolete, as are consumer editions of 1709 and 1803. Consumer support for Version 1809 ends in November 2020, and Version 1903 reaches EoS a month later. (For more info, see Microsoft’s “Windows lifecycle fact sheet” page.)

The newest releases of Windows 10 have a life cycle of just 18 months. This constant churn may be what’s causing much of the enmity toward the OS. But for the foreseeable future, it’s our reality.

The alternative is to migrate to Apple’s macOS or Linux — which a tiny fraction of Windows users opts to do. But most personal-computer users will have to stick with Win10, whether they want to or not. The one redeeming fact of Win10’s churn is a fairly consistent user interface, which has minimized the required “learning curve” with each feature update.

In short, living with Windows 10 is, again, inevitable for most computer users. So the more we know about it, the better. Here are some helpful resources to keep in mind.

The Windows Insider Program

This service from Microsoft, just celebrating its sixth anniversary, is effectively a public beta-test system. Windows users who opt in may install and try out pre-release versions of the OS. Because these early versions might be buggy or somewhat unstable, they’re not intended for production systems.

Windows 10 “builds” are distributed across three different development channels, each with its own level of risk (more info).

Dev Channel: Targeted at advanced users, these builds contain new features that are under development but not tied to a specific Win10 release. Some might never appear in a “final” version of the OS. Also, builds in the Dev Channel don’t receive official support.

Beta Channel: Designed for early adopters, these builds are tied to specific releases such as 20H2. IT pros might test these builds to check future compatibility with business systems. Win10 updates in this channel are validated by Microsoft but also do not receive official support.

Release Preview Channel: Development on these builds is effectively finished, but the OS has not been released to all customers. IT managers will use these builds for in-depth testing of feature, cumulative, and security updates prior to general deployment. Builds in this channel are fully supported by Microsoft.

Microsoft refers to the installation and testing of builds via the Insider Program as “Flights.” The results of flightings are tracked in the Insider Program’s Flight Hub.

Another resource for tracking potential future updates to Win10, whether you are in the Windows Insider Program or not, is the Changelog. Win10 features and enhancements currently under development are listed by build release.

Windows 10 production-level resources

Feature comparison chart: This is a good starting point for learning about the differences between Win10 Home and Pro editions. The “Compare Windows 10 editions” page lists major features for Home, Pro, Pro for Workstations, and Enterprise — side by side, across these areas:

  • Intelligent security
  • Simplified updates
  • Flexible management
  • Enhanced productivity

(Note that AskWoody has always recommended Win10 Pro over the Home edition. It provides more flexibility and capabilities — especially for updating Windows.)

What’s new in Windows 10: Wading through development builds can be time-consuming. A quicker but less-detailed resource for new features is the What’s new in Windows 10 page, organized by release number — currently, Versions 1709 through 2004.

Windows 10 Release Health Dashboard: After its formal release, Microsoft reports on the “health” of each version via the “Windows 10 release information” page. (Select the specific release from the list on the left side of the page.) “Known issues” include a description, when the issue was identified/documented, its current status, and when the information was last updated.

If you’re not offered an update for Win10, check this source first to see whether some issue is blocking it.

Windows 10 update history: This page is the master list of all the updates released for each version of the OS. Monthly Win10 builds and previews are listed and summarized.

Deprecated/removed features: Win10 features come and go, and Microsoft lists them on the “Features and functionality removed in Windows 10” page.

There are two stages in the feature-removal process. First, the feature is “deprecated,” which means it’s no longer in active development. Next, it might be removed from the OS in a future update — it’s then added to the aforementioned list.

Windows 10 Tips: This app is installed by default on both Home and Pro editions. It’s regularly updated as new features and enhancements are added to Windows.

Tips app
Figure 3. To open the Tips app, enter “tips” into the Windows search box.

This extensive resource provides both text and video tutorials designed to introduce users to Win10 features. There are currently 20 categories and 180 tips.

Windows 10: To know it is to … live with it more comfortably

Fan or not, the inevitability of Windows 10 is our reality, and that means expanding your knowledge of its quirks, failures, and features.

The above resources should get you well down the road to effectively working with what might be the last named version of Windows.

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

Richard Hay is the owner and operator of windowsobserver.com and WinObs.com. He is also a senior content producer at ITPro Today. Richard served for 29 years in the U.S. Navy, specializing in telecommunications, and retired as a Master Chief Petty Officer.


PATCH WATCH

It’s the end of the line for Office 2010

Susan Bradley

By Susan Bradley

Microsoft is closing the book on two business workhorses: Office 2010 and Exchange 2010.

From a productivity-app perspective, 2010 was an excellent vintage for all Windows users — from individuals to small businesses to the Enterprise. Whether it was managing email, building massive spreadsheets, or creating complex documents, Office and Exchange gave us an excellent foundation.

But as of October 13, Microsoft dropped all support for both platforms. What does that mean? According to an MS Support page:

  • Microsoft will no longer provide technical support, bug fixes, or security fixes for Office 2010 vulnerabilities which may be subsequently reported or discovered. This includes security updates that can help protect your PC from harmful viruses, spyware, and other malicious software.
  • You’ll no longer receive Office 2010 software updates from Microsoft Update.
  • You’ll no longer receive phone or chat technical support.
  • No further updates to support content will be provided, and most online help content will be retired.
  • You’ll no longer be able to download Office 2010 from the Microsoft website.

Sadly, and unlike Windows 7, Microsoft isn’t offering an Extended Security Updates option for Office 2010. And an unpatched Office makes an especially tempting target for malicious attacks. So just as with Win7, it’s past time to move on to a newer Office.

For many years, I used Small Business Server 2011 in my firm. It included Windows Server 2008 R2 (no longer supported) and Exchange 2010. If you’re a small-business owner still relying on SBS 2011, you really need to reconsider staying on that platform. You’re running your business with two expired, and thus vulnerable, systems.

For example, you’re no longer protected for the critical Zerologon bug. Using this exploit, attackers can enter systems and take over entire domains via the domain controller. An October 5, 2020, Microsoft tweet reports “active campaigns over the last two weeks.”

As with Office 2010, Microsoft isn’t offering small businesses Extended Security Updates (ESUs; tweet) for SBS 2011 or Server 2008 R2. (MS does offer Server 2008 R2 ESUs to Enterprise accounts.) And, again, your Exchange 2010–based email system will become increasingly vulnerable.

Small businesses that still want on-premises email servers have options, but they won’t be as inexpensive as with SBS 2011. There is one ray of sunshine: this month’s Exchange vulnerability CVE-2020-16969 doesn’t impact Exchange 2010; it impacts Versions 2013, 2016, and 2019. However, it’s unlikely Exchange 2010 owners will be so lucky in the future. Plan accordingly!

Re-releases of .NET Framework updates

Microsoft caught a bit of extra attention when it “republished” July’s security-only .NET Framework patches to fix an issue with XML-serialized data. (Note: If you’ve installed the quality/security .NET updates, you can ignore all of this.)

Mind you, I don’t recall any issues with these patches, but clearly someone, somewhere, is having an issue with them — and thus the re-release.

If you install security-only .NET updates on Win7 systems, AskWoody’s Da Boss PKCano did a superb job of listing all re-released patches.

Microsoft has the entire list of July do-overs in a blog post, but here’s the recap:

Windows 8.1 and Server 2012 R2

  • 4566468 – .NET Framework security-only (parent KB)
  • 4565580 – .NET Framework security-only for 3.5
  • 4565581 – .NET Framework security-only for 4.5.2
  • 4565585 – .NET Framework security-only for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
  • 4565588 – .NET Framework security-only for 4.8

Windows Server 2012

  • 4566467 – .NET Framework security-only (parent KB)
  • 4565582 – .NET Framework security-only for 3.5
  • 4565581 – .NET Framework security-only for 4.5.2
  • 4565584 – .NET Framework security-only for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
  • 4565587 – .NET Framework security-only for 4.8

Windows 7 and Server 2008 R2 (ESU only)

  • 4566466 – .NET Framework security-only (parent KB)
  • 4565579 – .NET Framework security-only for 3.5.1
  • 4565583 – .NET Framework security-only for 4.5.2
  • 4565586 – .NET Framework security-only for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
  • 4565589 – .NET Framework security-only for 4.8

Windows Server 2008 (ESU only)

  • 4566469 – .NET Framework security-only (parent KB)
  • 4565578 – .NET Framework security-only for 2.0, 3.0
  • 4565583 – .NET Framework security-only for 4.5.2
  • 4565586 – .NET Framework security-only for 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
Fixing your network neighborhood

October has relatively fewer security issues/fixes than most months. The security updates tackle 87 CVEs in Windows, Office, Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.

The most notable threats soon acquire a “common name.” For example, this month’s CVE-2020-16898 has been dubbed “Bad Neighbor.” It’s a remote code-execution vulnerability that’s exposed when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. It’s common to every computer equipped with an IPv4 and/or IPv6 address. (Use the command-line option “ipconfig /all” to see yours.)

As noted in the vulnerability assessment from third-party website AttackerKB (a new site that provides threat analysis), malicious hackers can exploit the vulnerability by sending bad packets to your networking stack. Currently, there are no reports of active, in-the-wild attacks. But given the potential severity of the threat, that’s likely to change.

Most researchers currently believe that Bad Neighbor attacks are more likely to trigger BSoDs than full system takeovers. But it’s early in the game and cyber criminals can be quite clever. AskWoody will keep an eye on developments and report any significant changes.

Outlook preview pane exploit

If you’re using a Click-to-Run edition of Office, you probably rarely think about security fixes. But CtR Office can receive the same patches as those we point out each month for standalone Office editions. For example, this month all supported versions of Outlook need an update for CVE-2020-16947, a remote code-execution vulnerability that’s connected to the preview pane. A successful attack doesn’t require opening an email.

Reports of this flaw came through the Zero Day Initiative’s “responsible disclosure” program, and ZDI stated that it has a working proof-of-concept copy of the exploit. This is just another reminder of why you should disable Outlook’s preview pane.

The fix is included in the following CtR updates:

  • Microsoft 365 Apps — 13231.20390 — 10/13/2020 — Current channel/Monthly 2009
  • Microsoft 365 Apps — 13127.20638 — 10/13/2020 — Monthly Enterprise — 2008
  • Microsoft 365 Apps — 13029.20708 — 10/13/2020 — Monthly Enterprise — 2007
  • Microsoft 365 Apps — 13127.20638 — 10/13/2020 — Semi-Annual Preview — 2008
  • Microsoft 365 Apps — 12527.21236 — 10/13/2020 — Semi-Annual — 2002
  • Microsoft 365 Apps — 11929.20966 — 10/13/2020 — Semi-Annual — 1908
  • Microsoft 365 Apps on Win7 — 12527.21236 — 10/13/2020
  • Office 2019 Retail — 13231.20390 — 10/13/2020 — 2009
  • Office 2016 Retail — 13231.20390 — 10/13/2020 — 2009
  • Office 2019 Volume License — 10367.20048 — 10/13/2020 —1808

Some CtR Office users defer updates by temporarily disabling the updating process. But I recommend checking your preview-pane settings before you defer this month’s patches.

New Windows 7 threats

Here’s my monthly list of newly revealed and — if you have an ESU subscription — patched Win7 vulnerabilities. It’s just my usual friendly reminder that any unpatched Win7 system (personal or business) that’s connected to the Internet is becoming increasingly dangerous to use. And keep in mind that the ESU program is only a temporary fix.

This list reflects the growing number of vulnerabilities revealed in Windows 10 as well. (See my cumulative account of patches on the AskWoody Master Patch List page.)

Reminder: Anyone with Win7 Pro can still buy an ESU subscription from Amy Babinchak by filling in the Harbor Computer Services form. (Note: ESUs are not available for Home editions.)

Here are the latest threats patched in October:

Denial of Service: These exploits are used by attackers to tie up PCs, making them effectively nonfunctional.

Elevation of privilege: These exploits could let malicious hackers acquire admin rights on targeted machines, often with the unwitting help of users.

Information disclosure: Used by attackers to steal information stored in a computer’s memory:

Spoofing: This form of attack tricks a system into bypassing security features.

Remote code execution: The most dangerous form of Windows exploits, it lets an attacker take complete control of a system, typically with the assistance of social engineering.

Remember: Don’t put your personal information and/or business at risk. If you must use Win7, get an ESU subscription (more info). Or at the very least, use the 0patch service.

Patching summary

Here’s the recap of October’s patches.

- What to do: New month, same rules: Defer Windows, .NET Framework, and Office updates for at least two weeks. By then, either Microsoft will have fixed errant updates or we’ll know what to avoid. For a rundown of past patches, see our online Master Patch List.

Adobe Flash
  • 4580325 for Adobe Flash (all supported versions of Win10, Win8.1, and related versions of Windows Server)
Windows 10

Servicing-stack updates

Note: There are no servicing-stack updates for Versions 2004, 1709, 1703, or 1607 this month.

Cumulative updates

  • 4579311 for Version 2004
  • 4577671 for Version 1903 and 1909
  • 4577668 for Version 1809 and Server 2019
  • 4580330 for Version 1803 (Enterprise and Education editions only)
  • 4580328 for Version 1709 (Enterprise and Education editions only)
  • 4580370 for Version 1703 (Surface Hub devices)
  • 4580346 for Version 1607 (Long-Term Servicing Channels) and Server 2016

.NET Framework cumulative updates for Windows 10

  • 4578968 for Versions 2004 (and 20H2, too)
  • 4578974 for Versions 1903 and 1909
  • 4579976 for Version 1809 and Server 2019
  • 4578972 for Version 1803 (Enterprise and Education editions only)
  • 4578971 for Version 1709 (Enterprise and Education editions only)
  • 4578970 for Version 1703 (Long-Term Servicing Channels)
  • 4578969 for Version 1607 (Long-Term Servicing Channels) and Server 2016
Windows 8.1/Server 2012 R2

(There are no October servicing-stack or IE 11 updates.)

Windows 7/Server 2008 R2 SP1

(There’s no October IE 11 update.)

Server 2012

(There’s no October IE 11 update.)

Windows Server 2008 SP2

(There’s no October IE 11 update.)

Office security and non-security updates

October’s security updates patch one or more remote code-execution vulnerabilities and a denial-of-service threat.

Office 2016

Office 2013 SP1

Office 2010 SP2

Office non-security enhancements and fixes:

Office 2016

  • 4475584 – Office; Microsoft Endpoint DLP fails to classify and protect Office documents
  • 4484333 – Visio; crashes when launched from Take a Look
  • 4484502 – Project; faulty percent-complete indication
  • 4486669 – Skype; various issues

Office 2013 SP1

  • None for October

Office 2010 SP1

  • None for October

As always, be safe.

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.


Windows 10 2004

Taking another look at Sandbox

Tracey Capen

By TB Capen

Back in June of last year, we published a first look at Windows 10’s then-new Sandbox feature.

Simply put, Sandbox creates a virtual version of Windows 10 that you can use for software and configuration testing. Whatever happens in Sandbox mostly stays in Sandbox.

Sandbox debuted in Windows 10 1903 to great interest … until reports of issues with the tool started rolling in. A BleepingComputer article from this past July described a conflict between Sandbox and a Win10 cumulative update.

In any case, many Windows users simply chalked up Sandbox to another Microsoft gaffe.

Now with Win10 2004, Microsoft has enhanced its virtual machine — and hopefully won’t break it again.

A “temporary” virtual system

How does Sandbox differ from, say, VirtualBox, VMware, or other virtual-machine software? To start, Sandbox is built into current versions of Windows 10.

But more important, it’s designed to be temporary … fleeting, ephemeral. In other words, there’s no way to save a Sandbox session once you close the app. VirtualBox machines can be saved and reopened as fully configured systems.

Here’s how Microsoft describes Sandbox:

  • Part of Windows: Everything required for this feature is included in Windows 10 Pro and Enterprise. There’s no need to download a VHD.
  • Pristine: Every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows.
  • Disposable: Nothing persists on the device. Everything is discarded when the user closes the application.
  • Secure: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
  • Efficient: Uses the integrated kernel scheduler, smart memory management, and virtual GPU.

So Sandbox is best for relatively short sessions for testing one or two apps. That said, you’re testing in a simple but complete Win10 environment.

Note: System requirements for Sandbox include Win10 Pro, Enterprise, or Education; BIOS virtualization support; 4GB of RAM (8GB recommended); 1GB of free disk space; and at least two CPU cores. A solid-state drive is also recommended.

What’s new?

According to the Microsoft Docs article “What’s new in Windows 10, Version 2004 for IT Pros,” the new Sandbox adds the following features:

  • MappedFolders now supports a destination folder. Previously no destination could be specified — it was always mapped to the Sandbox desktop.
  • AudioInput/VideoInput settings now enable you to share their host microphone or webcam with the Sandbox.
  • ProtectedClient, a new security setting, runs the connection to the Sandbox with extra security settings enabled. This is disabled by default due to issues with Copy & Paste.
  • PrinterRedirection: You can now enable and disable host printer sharing with the Sandbox.
  • ClipboardRedirection: You can now enable and disable host clipboard sharing with the Sandbox.
  • MemoryInMB adds the ability to specify the maximum memory usage of the Sandbox.
  • Windows Media Player is also added back.
  • Microphone support is available.
  • Added functionality to configure the audio input device via the Windows Sandbox config file.
  • A Shift + Alt + PrintScreen key sequence activates the ease-of-access dialog for enabling high-contrast mode.
  • A Ctrl + Alt + Break key sequence allows entering/exiting fullscreen mode.
A quick test drive

Sandbox isn’t enabled by default. Our previous AskWoody Plus newsletter story “How to work and play in Win10’s new Sandbox,” 2019-06-10, goes into detail on setting up Sandbox and a virtual machine. Here’s the short version.

Start by confirming that your system supports virtualization, as shown in Figure 1.

Checking virtualization
Figure 1. Look for virtualization support in Task Manager/Performance/CPU.

Next, enable Sandbox by entering “Turn Windows features on or off” into the Windows search box and check-marking Sandbox (See Figure 2). You should now be asked to reboot your system.

Windows Features
Figure 2. Enabling Sandbox in Windows Features

Once your system is back up and running, look in the Start menu apps list for Windows Sandbox.

Again, when you launch a Sandbox session, you’re given a pristine copy of Windows 10 (in this case, Version 2004). There was one oddity when I first opened a session: a notification to “Activate Windows.” But it disappeared in the following sessions.

Sandbox session
Figure 3. A Sandbox copy of Win10 is basically a blank slate.

I also noted that Sandbox loads an Enterprise version of Win10. That’s probably neither here nor there.

I’ll leave using Sandbox to your experimentation. Keep in mind that you’re starting with a fresh setup with every new session. If you want a virtual test platform that’s closer to a real, in-use system, you’ll have to go the VirtualBox or VMware route.

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

TB Capen is editor in chief of the AskWoody Plus Newsletter.


Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your subscription:


Copyright © 2020 AskWoody LLC, All rights reserved.

?
This website collects data via Google Analytics. Click here to opt in. Click here to opt out.
×