News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

ISSUE 16.35.0 • 2019-09-30

Logo
The AskWoody Plus Newsletter

In this issue

PATCH WATCH: Here’s why we’re not patching Internet Explorer

BEST OF THE LOUNGE: Stumped by erratic download speed

BEST UTILITIES: Freeware Spotlight — Win7 Games for Windows 10 and 8


EDITOR’S NOTE

AskWoody newsletter special edition

Long-time Windows Secrets readers might recall our tradition of skipping any fifth publishing day in a month. (Among other things, it gives us some time to catch up on some newsletter housekeeping.) However, there was no way we were going to delay September’s all-important second Patch Tuesday, which includes important information on Internet Explorer.

Thanks for your support!

The AskWoody Plus Newsletter crew


Here’s why we’re not patching Internet Explorer

Susan BradleyBy Susan Bradley

There’s no way to sugar-coat this: The current Windows updating situation is a disaster.

No, I’m not talking about the usual round of side effects in the second–Patch Tuesday updates, the lack of overall patch quality, or the known issues that impact only a small set of Windows users but that we’re still forced to track.

This time, it’s the out-of-band Internet Explorer security update that Microsoft released on September 23. Normally, any patch that arrives outside the usual update-release schedule signals a pressing security threat that’s in active use by attackers. In most cases, out-of-band updates are pushed out broadly — they’re released via Windows Update and Windows Software Update Services, ensuring that all Windows users get protected quickly.

Microsoft released IE patches on September 23 to fix a zero-day threat (more info), but it was made available only through the Microsoft Update Catalog — a cumbersome website at best. It means that the patches would be useful only to those who went hunting for them.

To make things more confusing, Microsoft also included the IE fix in the optional cumulative updates released on September 24. On Microsoft’s patch-health dashboard, the company stated: “(Note: Because this update requires a reboot, we are making it optional to give customers and administrators a choice to install/deploy the update now.)”

I’m not buying it. I can recall many other instances in which Microsoft pushed out an out-of-band security update that required a reboot. I still remember the video where former MS senior security program manager (now zero-day initiative communications director) Dustin Childs talked about the decision process to “reboot Russia” — meaning that Microsoft takes the need to force reboots seriously. In short: In order to protect customers, Microsoft has always pushed out critical fixes to most Windows users, regardless of whether a Windows reboot was needed.

This time, Microsoft effectively posted patches on Monday and then told us to go get them ourselves.

Bottom line: Microsoft handled these updates poorly. At this time, the IE exploits appear to be highly targeted and narrowly applied. But the company hasn’t clearly spelled out the extent of the threat — except indirectly by making the fix relatively difficult to get.

So in what might be a first — and with some concern — I’m recommending skipping the still-optional zero-day IE patches, both the standalone updates and in the preview cumulative updates. I believe it’s safer to wait and ensure that the possible side effects are fully investigated. For example, there are already reports that some users can’t install .NET Framework 3.5 after applying the IE fix. I was able to reproduce the flaw. There are also posts noting printer problems, but Microsoft claims the problem is with HP drivers — not with the update.

What is fixed: The regular September cumulative updates, along with other patches, have resolved a number of issues that cropped up in early September. For example, an MS update released August 30 for Win10 1903 did not play well with the Lenovo Vantage app on some systems. But the problem of red- or orange-tinted screens (more info) was apparently solved with a fix to the Vantage app. (Vantage is, among other things, Lenovo’s driver-updating utility.)

On Win10 1903, gamers who experienced lower-than-expected audio can install the optional patch KB 4517211. But because I never install updates within a few days of release, I’d just crank up the volume and wait until the update is included in next month’s rollup.

I’ve listed the optional (i.e., installation not recommended) “D” week (aka preview) updates on the AskWoody Master Patch List page. Note that the MPL page now includes a single list of September-only updates in Excel, PDF, and HTML formats. I produce these lists to make patch information as clear as possible for AskWoody Plus members. Please look them over and suggest ways to make them even more helpful, using this AskWoody forum link.

- What to do: September’s regular cumulative and security updates aren’t perfect, but it’s time to get them installed. As always, keep an eye on askwoody.com for new developments.

Here’s what you should be looking for.

September patch summary
Windows 10

Expect to see four patches for every version of Windows 10: a servicing-stack update, a cumulative update, a .NET Framework security patch, and an Adobe Flash Player fix. None of the systems I manage has shown significant side effects from these updates. The following were released on September 10:

Cumulative Windows updates

  • 4515384 for Version 1903
  • 4512578 for Version 1809 and Server 2019
  • 4516058 for Version 1803
  • 4516066 for Version 1709 (Enterprise and Education editions only)
  • 4516068 for Version 1703 (Enterprise and Education editions only)
  • 4516044 for Version 1607 (Long-Term Servicing Channels; LTSC) and Server 2016

Servicing-stack updates

(Note: If you use Windows Update, servicing-stack patches will be installed automatically.)

  • 4515383 for Version 1903
  • 4512577 for Version 1809 and Server 2019
  • 4512576 for Version 1803
  • 4512575 for Version 1709 (Ent./Edu. editions only)
  • 4511839 for Version 1703 (Ent./Edu. editions only)
  • 4512574 for Version 1607 (LTSC) and Server 2016

.NET Framework updates

(These patches fix various security issues.)

  • 4514359 for Version 1903 (and Version 1909) – .NET 3.5 and 4.8
  • 4514601 for Version 1809 and Server 2019 – .NET 3.5, 4.7.2 and 4.8
  • 4514357 for Version 1803 – .NET 4.8
  • 4514356 for Version 1709 (Ent./Edu. only) – .NET 4.8
  • 4514355 for Version 1703 (Ent./Edu. only) – .NET 4.8
  • 4514354 for Version 1607 (LTSC) and Server 2016 – .NET 4.8

A reminder: If you also receive KB 4480730, a “Reliability improvement to Windows 10 update components” patch, it’s probably because your system isn’t on a current version of Win10. The update’s information page states, “This update will be downloaded and installed automatically to Windows 10 devices [that] haven’t installed the most recent cumulative update in a timely manner.”

Before installing KB 4480730, I recommend you investigate why your machine isn’t installing the latest Win10 feature (version) release. If there’s no obvious explanation, I suggest going to Microsoft’s Software Download page and clicking the Update now button. Be aware, however, that it’ll probably bump you straight to Win10 Version 1903.

Adobe Flash Player: This problematic media app might be on its way out, but we still need to keep it updated. September’s patch for Win10 is KB 4516115.

Windows 8.1/Server 2012 R2

Windows 8.1 has two official “known issues” — the persistent bug with file renaming on cluster-shared volumes, and possible Internet Explorer failures. The first problem isn’t going to impact the vast majority of Win8.1 users.

The second bug affects Surface RT devices. If you install September rollup KB 4516064, then launch IE and receive the error message “C:\Program Files\Internet Explorer\iexplore.exe: A certificate was explicitly revoked by its issuer,” you’ll need to install KB 4516041, too.

Win8.1 users should install the following:

  • 4516067 – Monthly rollup
  • 4516064 – Security-only
  • 4516046 – Internet Explorer 11 (install with the security-only update)
  • 4512938 – Servicing-stack update
  • 4516115 – Adobe Flash Player
  • 4514604 – .NET Framework monthly rollup
  • 4514599 – .NET Framework security-only
Windows 7/Server 2008

The September update for Win7 SP1 and Server 2008 R2 SP1 includes a required servicing-stack patch — with a bug. As noted on its description page, some systems might reboot during the patch installation process and then get stuck at “Stage 2 of 2″ or Stage 3 of 3.” At that point, press Ctrl/Alt/Delete to move on to the sign-in page.

With one exception, install the following:

  • 4516065 – Monthly rollup
  • 4516033 – Security-only
  • 4516046 – Internet Explorer 11 (install with the security-only update)
  • 4516655 – Servicing-stack update
  • 4493132 – Win7 end-of-life reminders (Don’t install.)
  • 4514602 – .NET monthly rollup

Reminder: Microsoft has re-released the SHA-2 code-signing support update, KB 4474419. It includes boot-manager files needed to avoid start-up failures. If you installed the patch previously, you might see it again.

More on Win7 servicing-stack update KB 4516655: As I noted in the previous Patch Watch, Microsoft states that this update makes “quality” improvements to the servicing stack — the component that installs Windows updates. But the info page doesn’t specify what exactly is improved. I’m still thinking that one of these servicing-stack patches for Win7 will add the ability to receive the extended security updates — for those that purchase them.

Windows Server 2012

Note to admins: September’s updates for Server 2012 still include the aforementioned file-renaming issue on cluster-shared volumes. Install the following:

  • 4516055 – Monthly rollup
  • 4516062 – Security-only
  • 4516046 – Internet Explorer 11 (install with the security-only update)
  • 4514603 – .NET monthly rollup
  • 4514598 – .NET security-only
Windows Server 2008 SP2

September’s updates for this OS appear to be bug-free. Install these patches:

  • 4516026 – Monthly rollup
  • 4516051 – Security-only
  • 4516046 – Internet Explorer 11 (install with the security-only update)
  • 4507423 – .NET monthly rollup
Office security and non-security updates

The following Office security updates may also include feature fixes. Most important, however, they close potentially dangerous vulnerabilities — so let them install.

Office 2016

Office 2013 SP1

Office 2010 SP2

September’s Office non-security enhancements and fixes were released on September 3.

Office 2016

  • 3114852 – Office; wrong calendar displayed with Project Web App

    (August update KB 4475544 also required)

  • 4011629 – Office; PowerPivot formulas, such as STDEV.P, incorrectly calculated
  • 4464531 – Office; metafile issues
  • 4475577 – Skype for Business; tones for incoming calls
  • 4475580 – Office; Setting API failure in Office JavaScript library
  • 4464584 – Office; various issues
  • 4475592 – Word; crashes on Word or Outlook shutdown and other issues
  • 4475593 – Outlook; incorrect time and date with add-ins

Office 2013 SP1

  • 4475562 – Office; Setting API failure in Office JavaScript library
Exchange Server updates

Exchange 2019 and 2016

  • 4515832 – Security updates (check known issues)
SharePoint Server updates

Unless noted, these updates fix one or more vulnerabilities.

  • 4464557 – SharePoint Server 2019 Language Pack
  • 4475590 – SharePoint Enterprise Server 2016
  • 4484093 – Project Server 2013; cumulative fixes
  • 4475594 – SharePoint Enterprise Server 2016
  • 4475596 – SharePoint Server 2019
  • 4475610 – SharePoint Foundation 2013; cumulative fixes
  • 4484095 – SharePoint Enterprise Server 2013; cumulative fixes
  • 4484098 – SharePoint Foundation 2013
  • 4484099 – SharePoint Foundation 2013
  • 4475600 – Project Server 2010; cumulative fixes
  • 4475603 – SharePoint Server 2010; cumulative fixes
  • 4475605 – SharePoint Foundation 2010

Stay safe out there.

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.


Best of the Lounge

Stumped by erratic download speed

AskWoody Plus member Exfso is having speed issues with one of four computers sharing the same Ethernet connection on a home network. Three computers have consistent download speeds, but on the fourth system download speeds fluctuate dramatically. Is something obvious being overlooked? Suggestions welcome.


TROUBLESHOOTING

Plus member JoeP’s Win7 system boots properly in safe mode, but standard startups end up with a blue screen of death after about 10 minutes. Joe shares a crash report from “WhoCrashed,” and the consensus among fellow Loungers is a possible hard-drive problem. BSoDs can be relatively benign — or an omen of something fatal. JoeP’s first task is to back up important data.


DUAL-BOOT ISSUES

Plus member Slowpoke47 is seeking help with startup speed on a desktop system that boots to Win7 and Linux Mint Mate 19.2. Mint still loads quickly, but startup for Win7 is getting slower over time. Fellow Loungers discuss possible causes and solutions. But the answer proves elusive.


HOME NETWORKING

Upgrades can cause all sorts of puzzling problems. After a move from Win8.1 to Win10, one of Plus member rogertrigg’s two systems will no longer see a network-attached storage device. Loungers recommend Windows’ IP Configuration tool as a good initial diagnostic tool.


TROUBLESHOOTING

Plus member Slowpoke47 is having a tough week. A Dell Inspiron desktop running Win7 seems to have developed a broken “sleep” function. Slowpoke47 wonders whether the recent addition of Linux Mint has anything to do with the problem.


WINDOWS UPDATING

Lounger Sparky is puzzled by update KB 450720 — it shows up in both Restore hidden updates and Review your update history.


VIRTUAL MACHINES

Plus Member LHiggins is investigating the pros and cons of running Windows and Linux Mint in a virtual machine or as a dual-boot. Lounge members respond with how-to suggestions and caveats.


If you’re not already a Lounge member, use the quick registration form to sign up for free.


Best Utilities

Freeware Spotlight — Win7 Games for Windows 10 and 8

Deanna McElveenBy Deanna McElveen

Moving from Win7 to Win10 is somewhat like moving to a new town. Sure, many of the big stores are in both places, but what about that favorite coffee shop?

For Windows 7 users, migrating up can mean leaving behind some familiar versions of treasured games — good ol’ FreeCell, Hearts, Solitaire, Spider Solitaire, Mahjong, Minesweeper, and others — and wandering through the MS Store maze or the silliness of Win10’s “Solitaire Collection.”

It’s one reason many Win7 users are dragging themselves to Win10, kicking and screaming. Fortunately, ace developer Sergey Tachenko is offering help — in the form of Windows 7 Games for Windows 10 and 8. Sergey is well known in the Windows-utilities world. Back in 2011, he created the wildly popular winaero.com site, which still offers a variety of utilities for tinkering with Windows 7, 8.1, and 10. (He’s now bundled the tools into the single Winaero Tweaker package. His site is also a good resource for Winamp skins and plugins.)

If you’ve been pining for one or more of those classic Win7 games on your Win8.1 or Win10 system, download Sergey’s collection (ZIP file) from our OlderGeeks site. Unzip the download and click the Windows 7 Games for Windows 10 and 8.exe file to start the fast-and-easy installation process (see Figure 1).

Install wizard welcome screen
Figure 1. The installation Wizard’s opening screen recommends closing other apps during the setup process.

In the next screen (Figure 2), uncheck any games you don’t want. You can relaunch the wizard to add other games at some later time.

Game-selection screen
Figure 2. The installation wizard lets you select just the games you’re ready to play.

In the final installation window (Figure 3), you’ll see the pre-checked box for “Discover Winaero Tweaker to tune up Windows 10/8.1/8.” It’s not some bundleware scam; it’s simply a suggestion to use Sergey’s excellent Winaero Tweaker tool (also hosted on OlderGeeks). If you don’t want it, just uncheck the box and click Finish.

Final setup screen
Figure 3. The installation Wizard’s final screen has a pre-checked box; it simply opens a webpage for more information on Sergey’s Winaero Tweaker suite.

All done? Now open your Windows Start menu and look in the Games folder (Figure 4). Your favorite games are back — right where they should have been all along!

Games folder in Start
Figure 4. Look for the new Games folder in the start menu’s app list.

Moving to a new Windows version is often stressful. We’ve found that “Windows 7 Games for Windows 10 and 8” has done wonders for relaxing both us and our customers who are trying to cope with Windows 10. Technology changes fast: we sometimes forget that for some people a glass of juice, some toast, and a laptop with Solitaire is the perfect start to the day. Just because Microsoft is ending support for Windows 7 doesn’t mean we have to lose some of the OS’s smaller charms.

Here are reminders of two classics: Solitaire (Figure 5) and Minesweeper (Figure 6) — and one of our editor’s favorites, 3D Pinball (Figure 7). Sadly, no Tetris.

Classic Solitaire
Figure 5. Who can resist a game or six of the classic Solitaire!

Minesweeper screen
Figure 6. The much-loved Minesweeper

3D Pinball
Figure 7. 3D Pinball is a great way to take the edge off daily stress.

Happy computing — and playing!

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com, and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.


Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:


Copyright © 2019 AskWoody LLC, All rights reserved.